- 24th July 2015
- Posted by: Binoy
- Category: Managed Security, Services
Phishing, Pharming, Malware & Trojan – Monitoring and Detection, Incident Response Phishing Site Take Down service
Phishing is always an unpleasant reality, for all organizations offering services through the Internet, that endangers not only the organizations’ data but also their clients’ data. In every phishing incident, at least 10-15 users end up divulging their authentication credentials as well as personal / financial data on the spoofed site.
Thus, it is important that the potential impacts are identified and responded in a pro-active, aggressive and time-bound manner providing protection to both your organization’s and its client’s data.
ValueMentor provides continuous monitoring of the phishing attacks on our client’s websites. .Upon detection, clients are notified via e-mail and shall proceed with confirmation for the relevant site take down. After confirmation of a phishing incident, our Security Operations Centers (SOC) will rapidly respond to phishing incidents to have the phishing site taken down in the fastest possible time.
Our advanced technology identifies targeted identity theft activity such as malicious domain registration, phishing lures, spoof sites, malware distribution points and the post-attack gathering and exchange of compromised credentials. ValueMentor uses a combination of heuristics, exploit detection, signature matching, and analyst review to provide the industry’s most comprehensive anti-phishing services.
ValueMentor’s Anti-Phishing Approach
Why ValueMentor ?
We manage phishing attacks for one of the largest banks in Middle East. Our SOC team members hold certifications such as CISSP, CISA, CEH etc. The techniques and tools we use are optimized to address the specific issues of phishing attacks and deliver the services without errors. When we work for you, we deploy the best skills in the industry.
Scope of Anti-Phishing Services
Our Anti‐Phishing Service model will enable the client to quickly identify new phishing sites and take down them in a short span of time. Its scope range from monitoring of domains /sub‐domains for anti‐phishing, phishing & pharming monitoring & detection, malware & Trojan monitoring and detection, incident response, phishing site take down service.
Rapid Global Takedown Service
Once a phishing page is identified and confirmed by the SOC team, we seek the confirmation from the customer to proceed with the takedown process. The SOC team will contact all of the relevant parties to have the phishing web page shut down.
Domain Registration Analysis
At times, the attackers may use look‐alike or related domain names for launching a phishing attack. ValueMentor team will monitor domain name registrations that would be of concern to the client. In such cases, monitoring the domain name registration would provide indications of an upcoming phishing attack.
A phishing incident should be addressed at the earliest so that it will have only minimal or no impact on client’s business. At ValueMentor Incident Response process includes phishing site takedowns, reporting, bogus data feeding, attacker identification and victim identification .
A taken down phishing site may get activated again. ValueMentor automatically will monitor the Phishing attack URL after Shut Down and will notify the SOC team of any resumption of the Phishing activity, in which case the SOC team will take steps to have the Phishing web page Shut Down.
To prevent the spread of malware, an automated analysis will be conducted of all email messages collected at the Phishing Hole, including any attachments and websites to which such email messages refer.The SOC team will review the forensic data generated by this analysis and, if necessary, commence Shut Down procedures.
Statistical Analysis with Summary Reports
A formal incident report will be provided to the Client which will be helpful in addressing the customer queries about the phishing attacks.Also, ValueMentor will provide reports on daily and monthly basis as well as reports of information that is identified as a result of searches conducted on a continuous basis.
Web Log Monitoring
Web server logs provide vast information about a phishing attack. We use web server logs at various stages of phishing analysis.This will help us detect any phishing attacks which are not detected in the earlier method.
Monitor SPAM Traps
We have a large number of e‐mail addresses implanted in high risk online environments, which results in ValueMentor’s e‐mail servers continuously being flooded with e‐mail messages. Each of these e‐mail messages is then subjected to an analysis in order to determine whether any of the Client Brands has been exposed in a phishing attack.