ID Agent Eyes Anti-Phishing Enhancements To Thwart Threats

The effort will build upon ID Agent’s phishing attack simulation and security awareness training tools and focus on developing capabilities to detect and prevent phishing in the first place.

ID Agent plans to move aggressively into the anti-phishing space by developing and enhancing its ability to detect and prevent phishing in the first place.

The anti-phishing push will build upon the phishing attack simulation and security awareness training prowess found in ID Agent’s BullPhish ID product, said co-founder and CEO Kevin Lancaster. Lancaster wants to take BullPhish ID to the next level by analyzing where the company can go from a road map perspective with its existing technology and where it makes sense to augment through acquisitions.

“The market and the customer are starting to understand that they really need to take training more seriously,” Lancaster said. “They need to start taking training and embedding it into their security ethos.”

[Related: ID Agent Provides ROI For MSPs 'Right Away' With Dark Web Monitoring]

The anti-phishing enhancement efforts are in the early stages, and Lancaster said the company hopes to make progress on that front over the next quarter. Part of the analysis will include looking at the capabilities found within other business units at Kaseya that can be pulled together to create new innovative products, Lancaster said. ID Agent was acquired by Kaseya in May 2019.

Organizations are increasingly realizing that they need to have a consistent training regimen in place that includes a testing element to ensure the concepts covered in training are being applied in real-world scenarios, Lancaster said. ID Agent can see from its phishing testing campaigns what people are falling for as well as the success rate associated with different types of campaigns, Lancaster said.

The volume and types of phishing campaigns have gotten more sophisticated in recent years, Lancaster said, and are now very tailored to the specifics of an organization’s business. Phishing campaigns have gotten much more specific over the year with the emergence of COVID-19 as adversaries began to discover what types of medical facilities in a state are offering antibody tests and building a phishing campaign around them.

ID Agent can iterate its anti-phishing capabilities by analyzing what percentage of the population responds to prompts to click on a malicious link or input data on a malicious page, Lancaster said. By looking at that data from a behavioral analytics standpoint, Lancaster said ID Agent can start to make its anti-phishing products that much better.

“They're upping their game by playing on people's fears and emotions and wallet,” Lancaster said. “And that’s why we have to lean in and help better educate and protect individuals.”

Cutting-edge firewall and threat detection technology can only do so much if users are clicking on links that they shouldn’t, according to Charles Henson, managing partner at Brentwood, Tenn.-based Nashville Computer.

ID Agent is really tackling phishing head-on by examining how threats come in, what works to defend against those threats, and providing continual, on-demand education that gets users to think before they click, Henson said.

If ID Agent develops ways to detect phishing attacks early or prevent them from happening altogether, Henson said that’s even better since he’s had customers buy anywhere from $600 to $8,000 worth of gift cards in response to emails impersonating a supervisor. The human signing into the computer is the weakest link in the security stack, and vendors need to focus on protecting humans from human nature.

“At the end of the day, it’s really about education,” Henson told CRN. “This is going to be really really great.”