Phishing

Phishing is the attempt to deliver malware to a victim or to obtain sensitive information such as usernames, passwords and banking and credit card details, often for malicious purposes. Phishers usually masquerade as a trustworthy entity in an electronic communication.

Umbrella’s phishing category leverages indicators derived from multiple sources including lexical clustering of domains, natural language processing model (identification of homograph domains) and the spike rank model, which detects sudden spikes of traffic to particular domains. In addition, our newly seen domain category is a highly effective indicator of phishing. We also leverage community resources such as phish tank feeds.

Compared to other common threat types, phishing is often a more reactive threat. Our industry-renowned researchers are constantly finding new ways to uncover fingerprints that attackers leave behind and actively searching for new phishing domains and IPs to deliver stronger protection. When phishing is detected, Cisco Umbrella will block at the IP and domain level as well as analyze risky domains in the Intelligent Proxy.

There are three key factors that make up our unparalleled threat intelligence: data, security researchers, and statistical and machine learning models. Umbrella resolves over 175 billion DNS requests daily, far more than any other security vendor, giving our researchers a unique view of the internet to better identify trends on threats, faster. In addition, our industry renowned researchers are constantly finding new ways to uncover fingerprints that attackers leave behind and building new statistical and machine learning models to automatically classify our massive amounts of data.