IPS Security Rules - Phishing

Phishing

Idappcom's cyber-protection services for home, travel and SME/SOHOs assists users in the difficult task of keeping track of the new breed of phishing and drive-by attacks. There are millions of suspect sources that are changing/morphing by the second. We all have busy lives and sometimes we, or a family member, open documents or click on web site links that we just should not, then it's essentially too late.

For this type of attack to be successful it requires someone to inadvertently download a piece of code that puts the hacker inside your system. This is done by clever social engineering tempting you to download a perfectly normal looking document or clicking on a link that will also download code to your machine. That code then expedites itself and reports home then also spread to anyone on the same network as you, and through your connections to work when you next logon to your corporate network.

Whilst it is difficult to stop someone being tricked into opening a cleverly disguised attachment we have designed policies that detect when your devices are trying to connect to known bad reputation servers on the Internet, stopping the connection from happening and blocking the transmission of the malicious code.

This is achieved through a specialist reputation engine that draws on external feeds, injected into the policy database in real-time and updated every three-hours to ensure it keeps pace with the continuing changes in the IP addresses used to obfuscate the source of the malicious code.

Our reputation engine protects users by preventing and blocking access from online threats including:

  • Identified phishing sites
  • Identified infected sites
  • Sites that have been compromised and may therefore spread unwanted malware
  • Identified Trojan dropping points