Page 27 - Cyber Defense eMagazine - October 2017
P. 27

So, Inky developed Phish Fence as a unique new solution that protects Outlook users
               against  spear  phishing  and  other  email-based  attacks.   It’s  the  first  anti-phishing
               solution  that  works  as  an  add-in  right  within  Outlook.  It  gives  your  users  detailed
               information about email-based threats, providing both protection and training.


















               Figure 2: Screenshot of Inky’s Phish Fence plugin running inside Outlook


               Inky  Phish  Fence  can  be  deployed  either  as  an  email  plugin  for  Outlook  or  Gmail  or
               through  an  inline  gateway  model  with  rules  for  mail  delivery  and  warnings.   Thus,
               instead of a side pane plugin, warning users about a spear phishing attack, Inky Phish
               Fence  can  redirect  emails  away  from  users  or  add  a  warning  to  the  body  of  the
               suspicious email so users know, from inside the email, that it’s suspicious and risky.

               Inky Phish Fence analyzes the full HTML contents of each mail live when the user views
               the  mail  in  Outlook.  Machine  learning  algorithms  spot  misleading  links,  attempts  to
               impersonate major brands, suspicious uses of typo and Unicode domain name variants,
               and sources of questionable content like gambling, malware/adware and trackers. Inky
               also flags external emails that claim to be from internal senders.


               Everyone’s talking about how hot the future of Cybersecurity will be when vendors start
               adding ‘artificial intelligence’ and machine learning.  Inky has already done it.  They are
               light years ahead of competition.


               For example, if you haven’t checked it out yet, there’s a standard for email you should
               be  looking  at  called DomainKeys  Identified  Mail  (DKIM), which  allows  senders  to
               associate a domain name with an email message, thus vouching for its authenticity.  The
               mail server signs the email with a digital signature in a field that’s added to the message
               header.   What’s really cool is that when the signature is generated, the public key used
               to generate it is stored at the listed domain. After receiving the email, the recipient Mail
               Transfer Agent (MTA) can verify the DKIM signature by recovering the signer’s public
               key through the Domain Name Service (DNS). It then uses that key to decrypt the hash
               value in the email’s header and simultaneously recalculate the hash value for the mail
               message it received. If both match, then the email has not been altered. This gives users

                    27   Cyber Defense eMagazine – October 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   22   23   24   25   26   27   28   29   30   31   32