In the latest addition to an ongoing string of product releases, U.K.-based security vendor Sophos Ltd. has launched a new phishing email testing and training solution.
Called Sophos Phish Threat and available immediately, the system lets VARs and MSPs automatically send customizable simulated phishing messages to all or some of a customer’s end users. Anyone who flunks the test by clicking on a malicious link gets directed to online training resources also included with the system. Graphical reporting tools then detail response rates to test campaigns, identify especially vulnerable employees in need of extra instruction, and measure organizational improvement.
“You’re able to see some historical data on how your organization is doing over time,” notes Brady Bloxham, director of Phish Threat product development at Sophos.
The new system arrives amid an explosive rise in the volume and dangers of malware. Ransomware incidents spiked 6,000 percent globally last year, according to IBM, and ransomware damages are on track to hit $1 billion a year in the U.S. alone, according to the FBI. Phishing emails are one of the primary techniques cybercriminals use to penetrate security perimeters.
“End users are often the weakest link,” observes Scott Barlow, vice president of global MSP, at Sophos.
Unlike other phishing education solutions, Barlow continues, Sophos Phish Threat draws on threat intelligence collected by the company’s in-house security analyst team.
“Leveraging SophosLabs, we know the latest and greatest phishing threats,” he says. Sophos updates its new software continually to reflect those evolving risks.
In addition, Phish Threat integrates with Sophos Central, the vendor’s consolidated management platform, so partners can administer anti-phishing efforts through the same portal they use to monitor and control other Sophos security tools.
By highlighting weaknesses in an end user’s security posture, Barlow notes, Phish Threat can help channel pros boost security revenues by cross-selling some of those other tools, which include Intercept X, the end point security and anti-ransomware solution that Sophos introduced in September.
“This is a very good way that you can now sell or implement additional security services into your customer,” he says. The new system also increases profits for MSPs specifically by reducing the number of successful phishing attacks they must remediate.
“Every time you get a piece of malware on a desktop at your customer you’re losing money,” Barlow notes.
Partners can purchase one-year or multi-year term licenses for Phish Threat, or pay for the system via monthly subscription fees through the MSP Connect partner program that Sophos introduced last May.
Phish Threat is based on software that Sophos acquired for an undisclosed sum late last year from Silent Break Security, of American Fork, Utah. Bloxham, who is the founder and former CEO of that firm, became a Sophos employee as part of the transaction, along with a core team of developers. Silent Break Security continues to operate under new management as an independent consulting and penetration testing provider.
Sophos has rolled out new solutions at a steady clip over the last year. In addition to Intercept X, for example, the company released encryption and managed Wi-Fi security solutions in July, and a new email protection solution in August.