The challenges in the detection of phishing sites demand an innovative approach, and the Webroot anti-phishing service, code named "Phresh Phish," was developed specifically to catch advanced phishing attacks that can expose an organization to security breaches and data loss.
Webroot has leveraged its deep experience in machine learning, content classification and active learning gained through its web and IP threat recognition technologies to create best-in-class phishing detection. In current tests with industry partners, Webroot's Phresh Phish service has discovered phishing sites three to five days ahead of other popular anti-phishing technologies and sources.
Timing is critical given how quickly these criminal sites are taken down after they have been launched to avoid detection. Phresh Phish evaluates any URL and scores it for phishing risk using hundreds of "features" of the site, including the content on the page, reputation information of the domain and numerous others factors.
The Webroot Web Security Service is used by thousands of organizations to protect their networks from malware, protect their employees whether on the corporate network or roaming and to enforce policies for internet use. It is part of a suite of cloud-based internet security-as-a-service solutions for businesses that includes Webroot SecureAnywhere™ Endpoint Protection and Webroot SecureAnywhere Mobile Protection.
"The Webroot Web Security Service provides a layered approach to defending against increasing phishing attacks and web threats," said Mike Malloy, executive vice president of Webroot Products and Strategy. "Our approach builds upon Webroot's long history of identifying and stopping web-borne malware. We deploy advanced predictive techniques to ensure a safer browsing experience for employees and to discover compromised and misleading URLs days before the competition."
The number of unique phishing sites has reached an all-time high and are commonly used to steal identity information or host one of more than six million malware strains that have been identified, according to industry reports.
Phishing attacks continue to represent a significant threat to corporate brands as well as individual users transacting business on the Internet, capturing users' private information by masquerading as a trustworthy site. Targeted attacks on specific individuals or companies, known as spear phishing, have also become an increasingly popular way for attackers to gather personal information about their targets.
Webroot couples human classification with machine learning, using an active learning process. Machine learning is used to determine which features are significant for each URL being scanned and what weight to apply to each in the classification. The Webroot team also applies classifications made through the Webroot Intelligence Network in real-time to improve the model.
Once the classification model has been established, threat determinations can be made without human interaction. For cases where the URL is not clearly determinable by the machine classification system, human evaluation is used which is then fed back into the machine model for increasingly accurate determinations.