Phalanx Logo

The Cyber Technology and Information Security Laboratory (CTISL) at GTRI can provide expert analysis of spear phishing and other email-based threats associated with malware. As part of Titan, a dynamic framework for malicious software analysis, we can identify phishing with real-time analysis, and perform longer-duration analysis that correlates emails sent over extended periods (e.g. hours or days).

Spear Phishing

The Titan framework enables users to conduct countless varieties of analysis across millions of samples of malware, including spear phishing and other email-based threats. It provides immediate threat identification and analysis and is continuously evolving with the threat landscape and our clients' needs.

Our Approach

The GTRI approach to spear phishing analysis emphasizes flexibility and intelligence. We can provide a stand-alone spear phishing detection system or clients can receive spear phishing detection and analysis as part of Titan. Our system can be deployed locally, in-line or out of band to accommodate cloud-based email. When you receive spear phishing analysis as part of Titan, you also benefit from a large sampling of malware and information sharing.

GTRI spear phishing protection employs Bayesian analysis, URL and attachment analysis, natural language processing, and expert heuristics. The output of these techniques is processed by a suspicion calculator. If an email is deemed suspicious, the system reacts based on configuration, including sanitizing links within emails to require manual user interaction, removing or altering images and attachments, or dropping the email entirely.

Our longer-duration learning model attempts to identify and correlate messages that are very similar but are sent to different individuals. Through this analysis, the system may identify larger-scale spear phishing attacks carried out slowly over the course of hours, days or weeks.

Unique Advantages of Working with GTRI

Our spear phishing analysis and Titan framework process threat intelligence data in a highly efficient manner.

Additional advantages of working with GTRI to identify and prevent spear phishing include:

  • Flexibility - clients can deploy spear phishing protection from GTRI in a variety of ways to accommodate their email analysis preferences.
  • Intelligent analysis - unlike de facto standards for malware analysis, GTRI uses cutting-edge techniques, expert heuristics and natural language processing. And we add new methods of analysis as threats and techniques evolve.
  • Dynamic reporting - reports may be generated on single samples or sample sets and scoped to any number of levels. Trend reports by organization, industry, or region are available with the option to discriminate results based on various factors. Detailed reporting is available for security operations personnel or researchers, including all raw analytical data collected through sample processing.

For more information contact Chris Smoak.