Symbol Security has been in product development and beta testing with customers.

Edward Gately, Senior News Editor

November 20, 2018

9 Min Read
Cybersecurity
Shutterstock

A New Jersey-based cybersecurity startup is rolling out a new phishing simulation platform and plans to make a big channel play next year.

Symbol Security, a SaaS-based phishing simulation and training company, formed in April and has been in product development and beta testing with customers. It is now offering its platform to the general public.

Sandman-Craig_Symbol-Security.jpg

Symbol Security’s Craig Sandman

Craig Sandman, Symbol’s president and co-founder, tells us his company expects to see “tremendous growth — and we’re built for tremendous growth.”

“It’s a highly automated, highly scalable SaaS platform, so there will be no limitations from an architecture growth perspective,” he said.

Sandman said there are email security services designed to prevent phishing from occurring, and yet 90 percent of security breaches begin with a phish posing as a benign email, with “people walking through the front door, not peeking in the window or through the chimney.”

“You have to train people to be aware and recognize what a phishing email looks like because this problem is not going away,” he said. “When we looked at the market a number of months ago, we felt that the phishing training and phishing simulation services out there, while they were effective, they didn’t really get authentic enough to really test and train users through real-life experiences so that they could recognize and prevent themselves from clicking on a bad URL.”

The phishing simulation not only includes real phishing that has occurred, but customized phishing templates with vendors a company works with — and not just big-name vendors, but local ones too.

“What we’re finding is cybercriminals are dropping down in the market, taking the time to target you, finding out who you are, and [launching] a specific phishing attack against you,” Sandman said. “By offering a very reasonably priced phishing simulation tool that can be delivered by security firms, that can be delivered by IT channel partners that are custom advisers, we believe we can get the right level of authentic phishing simulation to businesses that really need some help.”

Symbol is in the early stages of developing its partner program, Sandman said. It now is starting to approach the market with the format and pricing structures for channel-partner relationships, he said.

“There are channel partners that we’re beginning to work with, but the broader channel community doesn’t necessarily know that our doors are open for business,” he said. “Later after New Year’s and leading up to the Channel Partners Conference and Expo in Las Vegas, that’s when we’ll announce our partner program, and we’ll announce the partner portal and everything like that. There’s going to be some time needed to prepare the market and the channel partners for whom we are and what we’re doing.”

Symbol is targeting MSPs and MSSPs, as well agents that can make sales of third-party services to customers, Sandman said. The company has beta customers that will transition into production-level customers, but “we have not yet really put the gas down on going out and attracting production-level customers yet,” he said.

“It fits all verticals, but those that have the highest sensitivity to breaches or those whose information is the most valuable — medical and health-care companies, absolutely,” he said. “We know that patient records in the health-care space sell for 100 times what most other personal information sells for on the dark web, so therefore you can make a significant impact on lowering risk by simply preventing the next phishing from being successful.”

Symbol’s platform also is geared toward …

… the higher-education vertical, which is heavily targeted by cybercriminals, Sandman said.

“Even though there [are] different outcomes in certain verticals … the reality is we’ll tailor content for each vertical and sometimes for each customer through these custom templates,” he said. “Yes, we have verticals that we’re going to focus on, but ultimately we’ll be able to go deeper than that and be able to customize per customer through templates that speak to them irrespective of their vertical.”

“Phishing is often the entry point for cybercriminals,” said Mike Viruso, chief strategy officer of Rocus Networks, an MSP based in Davidson, North Carolina. “Symbol Security’s simulation platform allows us to efficiently bundle phishing training and awareness into our security service offerings.”

Vade Secure Offering Helps SOCs Battle Phishing Attacks

Vade Secure has rolled out a new anti-phishing offering designed to help security operations centers (SOCs) identify and block targeted phishing attacks.

Integrating with existing security information and event management (SIEM) and security orchestration, automation and response (SOAR) solutions through an API, IsItPhishing threat detection delivers a real-time verdict on whether a suspicious URL is phishing or not. These verdicts can be leveraged in SOC workflows to accelerate phishing detection, response and resolution.

Gendre-Adrien_Vade-Secure-2018.jpg

Vade Secure’s Adrien Gendre

To detect unknown, targeted phishing attacks, IsItPhishing’s machine-learning algorithms perform real-time analysis of nearly 50 features of the URL and page content. These models have been trained using Vade Secure’s global threat intelligence from 500 million mailboxes and 6 million daily URL scans.

Adrien Gendre, Vade Secure’s North American CEO, tells us that aside from large enterprises, few businesses have the resources required to build an in-house SOC.

“We think there’s a great opportunity for MSPs/MSSPs to offer managed SOC services to midmarket organizations who need processes to detect, respond to and remediate phishing threats,” he said. “Partners can leverage IsItPhishing threat detection, integrated with their existing SIEM/SOAR solutions, to accelerate and automate their SOC playbook. Augmenting managed SOC services with real-time phishing detection translates to a leaner, more efficient team and a higher value, higher margin service.”

Barracuda Study: Cloud Security to Become Increasingly Important

A new study by Barracuda Networks shows that while the top security priorities have remained consistent during the past 15 years, the types of threats organizations are protecting against has shifted significantly.

Released as Barracuda celebrates its 15th anniversary, the study looks at how much technology has changed since 2003 when the company launched its first email security offering. More than 1,500 IT leaders and security professionals in North America, EMEA and APAC were polled about their IT security priorities, how those priorities have shifted and where they’re headed next.

Asaf Cidon, Barracuda’s vice president of content security services, tells us the survey shows that threats keep evolving, and cybersecurity is …

… an ever-moving target.

Cidon-Asaf_Barracuda.jpg

Barracuda’s Asaf Cidon

“Therefore, cybersecurity providers and the channel need to constantly evolve themselves — they need the latest technological tools to protect their customers,” he said. “They also need to make sure their customers have high security awareness and always be on the lookout for the latest attacks.”

Respondents identified email and networks as their top two security priorities in both 2003 and 2018. Viruses, and spam and worms were the top two threats in 2003, while ransomware and phishing/spear phishing top the current list.

Twenty-five percent said the cloud would be their most important security priority 15 years from now, outranking email, network and data security.

“The rise of the cloud [and cloud security] present challenges to the channel, since the old days of shipping hardware appliances and software licenses are going away,” Cidon said. “The channel needs to reinvent itself for the cloud era, and make sure it remains an innovative partner to end customers as they transition to the cloud and deal with emerging threats that result from that transition.”

Artificial intelligence (AI) is another technology that is top of mind for many of the respondents, both as an opportunity to improve security and as a threat. Thirty-one percent of respondents chose AI as the new technology they will rely on to help improve security, and 43 percent identified the increasing use of AI and machine learning as the development that will have the biggest impact on cybersecurity in the next 15 years. On the other hand, 41 percent believe the weaponization of AI will be the most prevalent attack tactic in the next 15 years.

“Offensive AI seems like a theoretical or far-flung threat, but I found it interesting that our respondents are already anticipating it and worried about its effects,” Cidon said.

Enterprises have begun sustaining significant monetary losses stemming from the lack of good practices as they move forward with incorporating IoT into their business models, according to a new study by DigiCert. Among companies that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years.

These findings come amid a ramping up of IoT focus within the typical organization. Some 83 percent of respondents indicated that IoT is extremely important to them currently, while 92 percent said they anticipate IoT to be extremely important to their respective organizations within two years.

Some 700 enterprise organizations were polled in the United States, United Kingdom, Germany, France and Japan.

Nelson-Mike_DigiCert-1.jpg

DigiCert’s Mike Nelson

Mike Nelson, DigiCert’s vice president of IoT security, tells us there are benefits to putting in place preventative security instead of handling security issues in a reactive way.

“Organizations that prioritize security and do the right things during the design, architecture and testing phases of a device protect their organizations from IoT security mishaps, which can be very costly for organizations,” he said. ”

Respondents were broken into three tiers: top-tier for enterprises experiencing fewer problems and demonstrating a degree of mastery mitigating specific aspects of IoT security; middle-tier for enterprises scoring in the middle range in terms of their IoT security results; and bottom-tier for enterprises experiencing …

… more problems and that were much more likely to report difficulties mastering IoT security.

Companies struggling the most with IoT implementation are much more likely to get hit with IoT-related security incidents. Every bottom-tier enterprise experienced an IoT-related security incident in the past two years, versus just 32 percent of the top-tier. The bottom-tier was also more likely to report problems in these specific areas:

  • more than six times as likely to have experienced IoT-based denial of service attacks.

  • more than six times as likely to have experienced unauthorized access to IoT devices.

  • nearly six times as likely to have experienced IoT-based data breaches.

  • four-and-a-half times as likely to have experienced IoT-based malware or ransomware attacks.

Although the top-tier enterprises experienced some security missteps, an overwhelming majority reported no costs associated with this those missteps.

“The survey shows the security practices successful organizations are deploying are encryption of data, prevention of unauthorized access, risk assessments, secure over-the-air updates and the secure storage of keys,” Nelson said. “These security best practices are saving their organizations significant money related to the resulting damages from IoT security mishaps.”

Read more about:

Agents

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like