Leading Computer Science University Takes Multi-Pronged Approach to Combat Phishing; Deploys Wombat Security’s Highly Effective Suite of Training and Filtering Products - CTTEC - Carnegie Mellon University

Tuesday, March 15, 2011

Leading Computer Science University Takes Multi-Pronged Approach to Combat Phishing; Deploys Wombat Security’s Highly Effective Suite of Training and Filtering Products

Carnegie Mellon University (CMU), one of the world’s premier institutions for computer science research and education, is leading the way in combating phishing attacks with an evidence-based, multi-layered approach. “When it comes to phishing, there is no silver bullet” says Dr. Norman Sadeh, Co-Founder and CEO of Wombat Security Technologies (Wombat). “What we offer is a suite of highly effective training and filtering products that significantly reduces the chance that an organization’s users fall for an attack”. Following an extensive evaluation of Wombat’s products, CMU licensed the complete suite of anti-phishing products from Wombat.

The suite includes a combination of highly effective training products – Anti-Phishing Phil, Anti-Phishing Phyllis and PhishGuru and a unique anti-phishing email filter, PhishPatrol, that complements traditional anti-spam and anti-virus filtering solutions.

“Like many organizations, we face continuing threats of credential loss via phishing attacks,” says Mary Ann Blair, CMU’s Director of Information Security. In this role, she is responsible for real-time protection of the campus computing and network infrastructure and institutional information —which includes training and awareness. “We are concerned about all of our constituents—not just staff and faculty but also our students,”

For users to learn the skills they need to better protect themselves, training must be provided at the right time, and in the right way. That premise is at the core of the success of Wombat’s PhishGuru product, which incorporates principles of learning science to teach skills in real time and in context. As a software-as-a-service product, PhishGuru enables IT administrators to test and train users by sending them simulated phishing emails. When users fall for one of the simulated attacks, the system doesn’t just record their error—it also pops up real-time training that teaches them how to avoid falling for similar attacks in the future.

CMU supplements the PhishGuru campaigns with Wombat’s Anti-Phishing Phil and Anti-Phishing Phyllis training games. In a matter of minutes, these training games teach people practical strategies to recognize fraudulent emails and URLs. PhishPatrol is another important component of Wombat’s suite of anti-phishing products. It is a unique anti-phishing email filter that complements traditional anti-spam and anti-virus filtering solution. Rather than relying on blacklists, PhishPatrol uses advanced machine learning techniques and a unique combination of email features to detect phishing.

“PhishPatrol was able to improve our filtering of phishing emails with zero false positives, minimal configuration, and no noticeable load increase,” says Lou Anschuetz, CMU’s Electrical and Computer Engineering network manager.

"The most important thing is to give people the skill set to practice the right behavior,” says Mary Ann Blair. “Just making them aware of phishing emails is not sufficient. They need to be able to effectively differentiate between legitimate and fraudulent emails. That is our goal, to give them the skills to take the right action. And our results show that it works.”

Article courtesy ofInsurance News Net