Trend Micro email writing analysis technology highlights their RSA phishing announcements

Trend Micro also announced a free phishing simulator for business, as well as their participation in a new vendor alliance that pledges to customers it will not assist any government in offensive cyber-operations.

At the RSA 2018 show last week, cybersecurity vendor Trend Micro made a pair of announcements to strengthen anti-phishing in their commercial portfolio. They announced they are the first vendor to introduce a new email writing style analysis, that assesses over 7,000 writing characteristics to determine if emails purporting to be from specific executives are faked. They also launched Phish Insight, a free phishing simulator for businesses. Finally, they announced they are a founding member of the new Cybersecurity Tech Accord.

“RSA this year was all about new protection against super-advanced threats on one side, and against common threats on the other,” said  Greg Young, VP of Cybersecurity at Trend Micro. “Our announcements dealt with the common threats.”

Young, who recently joined Trend after 14 years as research VP for the network security market at Gartner, said that the breakthrough in handwriting analysis in Trend’s new Writing Style DNA will be integrated into multiple products, to raise the alarm when emails are suspected of impersonating an executive or other high-profile user.

“In the past, we have had static analysis around attachments, and then machine learning took over and was good at some characteristics,” Young said. “This uses artificial intelligence which is predictive, and  can build a DNA about the writing style of specific individuals.”

Young said this type of technology is needed, because while phishing is commonly associated with poorly crafted English, many phishing attempts are nothing like this.

“It’s a pyramid,” he said. “You have lots of poorly written ones. The skilled ones know, from compromised email accounts, where an executive is travelling, and often specifics like what hotel they are in. These emails, well-written and generally in a casual style, typically request that money be sent, and are much harder to identify as phishing.”

Young said that the amount of criteria that the new handwriting analysis assesses is much higher than anything anyone has had until now.

“The 7,000 plus criteria is a massive amount of analysis, compared to past criteria which relied on subject lines, key words and how many words,” he said. “It’s like using DNA analysis rather than fingerprint analysis. It was also made non-reverse engineerable. That was a key design requirement.”

Young expects that this will be a significant sales feature for Trend Micro resellers.

“Because it is new, that’s a great foot in the door,” he said. “We know that this will just be for a limited time period, that others will able to be able to come up with something similar. However, this still will allow us to emphasis that Trend is heavily invested in AV and is a technology leader, and because this is focused in high-value accounts, it can have a big account in the C-suite.”

Writing Style DNA will be released in June 2018 on Cloud App Security [CAS] for Microsoft Office 365 and ScanMail for Microsoft Exchange [SMEX] at no extra cost. The beta period started in mid-March for SMEX, and the beginning of April for CAS.

Another anti-phishing tool unveiled at RSA was Phish Insight, a free, enterprise-grade phishing simulation tool to educate and test employees’ awareness of email scams.

“This has been offered in the past as a service, typically by small firms, and some organizations try and do it themselves,” Young said. “That’s not what an IT department should be trying to do, particularly as some also create problems by not conducting them in a safe manner for HR. This is a repeatable and easily consumable service. We are not saying that it is a complete solution. But we believe that it can raise the needle of awareness for organizations.”

Young said that the level of proficiency at recognizing phishing scams still varies wildly at organizations, with some, particularly ex-military or from the financial sector being very savvy, and others having no training of this type before at all. Phish Insight requires no budget, and only five minutes to begin a highly realistic phishing simulation.

Young said that there is a version of this that partners can monetize, which is for larger numbers of employees, but that even the free tool will have value to them.

“It’s a foot in the door,” he said. “This is enterprise-class, and is fully maintained. It’s not an open source project. Security buyers are also so bombarded right now. This is something that you can blurt out to them, when you have only five minutes to tell them what you have. ‘It’s anti-phishing security training and it’s free. Try it.’”

Trend Micro also announced that they are a founding member of the new Cybersecurity Tech Accord, a pact among 30 infrastructure and cybersecurity companies – including Cisco, Facebook, HP, Intel, Microsoft, Nokia, Oracle, and Siemens as well as Trend Micro – which have agreed to defend all customers from malicious attacks by cybercriminal gangs and nation states.

“We know that many of these vendor organizations are Barney the Dinosaur ones – where everyone says they love each other, but there’s not a lot there, especially if there are a lot of directly competing organizations,” Young stated. “This Accord has a clear message – we won’t assist government in offensive cyber-operations. In the past, there have been rumours of backdoors left for government. We are telling customers that we won’t do anything that will harm them. We will protect you, no matter what country you are in. We won’t sacrifice you just to get along better with a government.”

One of the members, Facebook, has been put on the PR defensive again since the accord was announced last week, for moving responsibility for users outside the U.S., Canada and the EU from Ireland to the U.S, in what has been interpreted as a move to avoid possible issues with the upcoming EU GDPR legislation. Young said that this doesn’t bear on Facebook’s commitment to the Cybersecurity Tech Accord.

“The Accord is about government cyber-offensive operations and assisting in those,” he said. “Data sovereignty is a separate issue. This one is about showing that we will be a good provider, and a good company to do business with.”