Cloudflare AREA 1 – Fighting the War Against Phishing

By: Bashar Bashaireh, Managing Director, Middle East & Turkey, Cloudflare

A phishing attack is a targeted, fraudulent communication that appears to come from a reputable source. Email phishing occurs when attackers trick legitimate users with proper access credentials into taking action that open the door for unauthorized users, allowing them to transfer information and data out (data exfiltration). The most sophisticated email attacks compromise trusted vendor and partner accounts to steal money and data. Security teams are overwhelmed with high volumes of user-reported email threats, time-consuming policy setup and upkeep, and manual incident response.

There are 5 types of different phishing techniques:

1. Impersonation phishing: The attacker poses as a known and/or trusted contact.
2. Credential harvester: The attack focuses on gathering compromised user credentials (emails and passwords).
3. Malware attachment: The victim is prompted to open an attachment that contains malware. 
4. Voicemail phish (vishing): A supposed voicemail sound file actually redirects the victim to a web site.
5. Order confirmation phish: In this attack, the victim clicks a link to a spoofed login page. 

Zero Trust Strategy Needs to Include Email
Email is the most used form of communications today. As per research from Gartner, 70% of organizations use cloud email solutions today. These are primarily Microsoft 365 and Google Workspace.  The firm also estimates that 45% of organizations will have experienced attacks on their software supply chains by 2025. Phishing attacks exploit our implicit trust in email communications. A study by Deloitte shows that 91% of all cyber breaches originate from phishing emails, which target the weakest link in an organization’s security posture: People. This includes business email compromise (BEC) or Vendor Email Compromise, ransomware and credential harvesting, and malicious attachments. Socially engineered phishing attacks are often delivered under the guise of being a trusted brand or business partner. Therefore, it is imperative that email needs a Zero Trust security model.

Weaknesses in Current Security Approaches

When it comes to email security, organizations have legacy Security Email Gateways (SEGs). Security is primarily SPAM focused, not cloud native, has a high miss rate (around 30%), remains reactive and is missing new phishing campaigns. API solutions and email authentication technologies have their limitations and although end-user education is important to create awareness, it cannot alone stop breaches.

Cloudflare Area 1 – Pre-emptively Stopping Phishing Attacks

Cloudflare Area 1 is a cloud-native email security solution whose mission is to deliver a clean inbox to organizations. The platform pre-emptively stops targeted phishing and BEC attacks. Cloudflare Area 1 was integrated into Cloudflare One (Zero Trust solution) further to Area 1’s acquisition by Cloudflare in April 2022. 

Cloudflare Area 1 uses technology that crawls the entire Internet every week (this means looking at around 8 billion items) for attacker infrastructure and delivery mechanisms, resulting in identification and prevention of phishing attacks during the earliest stages of an attack cycle. This ensures that the system is completely up-to-date. The platform can be deployed inline, over APIs, or in multi-mode deployment. The solution provides customers with a 99.997% detection efficacy rate and offers leading scalable and uptime functions.

Classified by Gartner as an Integrated Cloud Email Security Solution, or ICES, most often referred to as Cloud Email Security, Cloudflare Area 1 was designed and built to offer flexible deployment options that enable customers to get started in a matter of moments.

What makes Cloudflare Area 1 Special?

Cloudflare Area 1 provides cloud-native email security that fits into any stack.

It is:

1. Pre-emptive: with a massive-scale phishing indexing to stop attacks before they reach inboxes. 
2. Continuous: It has multiple protection layers before, during, and after emails reach inboxes. 
3. Flexible: Deployment can be initiated and completed in as little as 5-minutes, with no disruption to mail flow, via inline, API or multi-mode. It saves a lot of time!
4. Contextual: Analyzes content, context, and social graphs of email communications to stop “needle in the haystack” email threats like long-con BEC and vendor invoice fraud.
5. Comprehensive:  Covers the full range of email attack types (URLs, payloads, BEC), vectors (email, web, network), and attack channels (external, internal, trusted partners).

Cloudflare Area 1 can be the sole provider of email security services, or an augmentation to an existing platform, depending on the unique needs of an organization. In some cases, the solution is implemented to serve as an added layer to existing SEG services. In other cases, it replaces the legacy SEGs entirely, ultimately removing network complexity and unnecessary renewal fees relating to maintaining the SEG.