Sophos Introduces Phish Threat Attack Simulator

Sophos recently launched Sophos Phish Threat which is an advanced phishing attack simulator and training solution that is fully integrated with the company’s cloud-based security management platform, Sophos Central.

With centralized management and automated campaign analysis, Phish Threat dramatically reduces the time and resources required to affect real change in employee behavior when faced with sophisticated and rapidly evolving cyber crime techniques.

Phishing remains one of the most common attack vectors for hackers who exploit end-user behavior as the weakest link in a company’s cyber-defenses. Traditional online security training programs are academic, blind to the current attack landscape and disconnected from the rest of IT security management, making it burdensome for IT managers to effectively integrate anti-phishing into routine risk assessments.

Sophos Phish Threat automates the entire training process and provides visual analytics to identify vulnerable users. The Sophos Phish Threat attack simulator and training platform is managed alongside other Sophos security solutions within Sophos Central to provide rapid risk detection and incident response.

“In the real-world, end users are most vulnerable targets who are relentlessly bombarded with spear-phishing and socially engineered schemes. Sophos Labs sees phishing emails as a primary delivery method for ransomware payloads,” said Sunil Sharma, vice president of sales for India & SAARC, at Sophos.

“It’s easy to be tricked into clicking on a malicious email. Hence, it’s important to create a culture where users are instinctively suspicious of emails which sound too good (or too bad!) to be true, and simply abide by the “don’t buy, don’t try, don’t reply” rule. With Sophos Phish Threat, IT managers now have sophisticated, integrated threat intelligence that combines the strength of Sophos security technologies with a product that tests, trains and analyzes human vulnerabilities.

Sophos acquired the Phish Threat technology in late 2016 from penetration test and risk assessment consultancy Silent Break Security and has since integrated the product into the Sophos Central platform.

Sophos Phish Threat enables IT managers to create authentic phishing simulation and training sessions, and initiates course corrections for their employees. This helps end-users better recognize what a phishing attack looks like and learn from their mistakes should they get lured into taking the bait.

As attacks change with current events, changing seasons and attacker methodologies, Sophos Phish Threat constantly updates its testing framework to reflect real-world threats. IT managers can craft bespoke simulation campaigns for office locations worldwide, just as many cybercriminals are now designing threats tailored by geography.

“Today’s phishing attacks are so prevalent and so convincing that organizations of all types and sizes come to us asking how they can just stop employees from clicking on those emails and prevent an attack from slipping onto the network,” said Karl Bickmore, CEO at Snap Tech IT, a Sophos partner based in Phoenix, Ariz.

“Being able to stop a zero-day attack with next-generation endpoint security such as Sophos Intercept X is a valuable line of defense, but being able to reduce the number of security threats that reach your network in the first place by simply educating employees can dramatically reduce risk and improve security confidence across an organization.”

“Consumer confidence has been rocked by the high profile data breaches that have occurred in recent months, and many of our customers are asking how they can effectively introduce higher standards of security awareness in their business without introducing complicated solutions that require close management and constant updates in order to be effective,” added Shane Swanson, COO at ARRC Technology, a Sophos partner based in Bakersfield, Calif.

“By adding Phish Threat to Sophos Central, Sophos has made it easy for our customers to integrate an additional component of security without adding to the management overhead. It increases the trust our customers have in our team and our solutions.”

 

Leave a Reply

Your email address will not be published. Required fields are marked *