[Webinar on Demand]

Beyond Signatures

6 Contextual and Human Intelligence Methods for Detecting Phishing and BEC

The earlier in the attack cycle you can stop the bad guys the better. A large proportion of attacks, both targeted and opportunistic, begin with an email. But many anti-phishing / business email compromise (BEC) technologies depend primarily on some kind of known bad data whether IP address, domain name, URLs, message text and so on. Those technologies probably catch a lot of bad messages, but they simply can’t catch new widely broadcast opportunist campaigns running on newly spun, fresh infrastructure, until the campaign has been around long enough to get on threat intel lists. Moreover, carefully targeted attacks built on top of fresh infrastructure may never be picked up by curators of threat intel lists.

An important risk with anti-malicious email technology is the false positive. At worst, major business opportunities have been lost by improperly blocked email and otherwise productivity is routinely impacted by false positives.

But there are so many useful indicators of malicious email, even newly launched ones, if you use context and history. There are 4 types of history and context that are valuable for detecting malicious email:

  • Your organization’s directory
  • The recipient’s history of email communications
  • The sender’s history of email communications
  • If external, the sender’s domain and email infrastructure
quotes-gray"Some of the techniques we will look at might be described as fuzzy – meaning that an automated block or pass decision isn’t always viable. And that’s where I come to the other aspect of this session – human intelligence. I have come to realize that the human element of cyber security is more nuanced than we infosec pros have acknowledged in the past. Traditionally we’ve said that any control requiring a user to make a decision between security and productivity is not a control. And certainly, if you present users with a warning confirmation every time they perform a repetitive operation, like opening a document, their eyes will glaze over and they’ll just click OK – me included."
— Randy Franklin Smith, Ultimate Windows Security

Register Below to View the Slide Deck and Recording.

For more information, please see our Privacy Policy. If you prefer not to receive marketing emails, you can opt-out of all marketing communications or customize your preferences here.

Our Speakers


Eric Chaves, Senior Solutions Engineer
Eric is an experienced Solutions Engineer with over 20 years in the cyber security and APM space. Eric has a deep passion and understanding of Security, Application Performance Management, Professional Services, Data Center, Management, and Software as a Service (SaaS). His approach to listening to organizational pain points and identifying the most effective solutions to minimize threats and improve remediation for cloud email security challenges provides great value to IT professionals on a daily basis.

Asher Morin

Asher Morin, Deployment Manager – Americas, Toronto, Ontario, Canada
Asher Morin, dmarcian’s Deployment Manager in the Americas, is an experienced project manager with a successful history of guiding the development of domain security processes and helping to manage IT security technology with organizations large and small. His expertise and relationship-building has garnered plaudits from organizations across the globe as a recognized and approachable expert. An excellent presenter, Asher’s administration skills are well rounded with a focus in email security, specifically email authentication.