By Eyal Benishti
In the 2000s, Microsoft’s Encarta was far superior to Wikipedia in its accuracy and coverage of a vast array of topics. But that initial advantage didn’t last. Built on a centralized model, Encarta was quickly outflanked.
Wikipedia improved rapidly by relying on a decentralized community of active content contributors, becoming the most popular reference site on the Internet by 2005. No one searches for information on Encarta anymore: Microsoft shut it down in 2009.
Why phishing protection is fundamentally broken
Today’s secure email gateways (SEGs) and other anti-phishing solutions are like Encarta back in the day. They rely on centralized data feeds of threat intelligence and internal research teams – just like Encarta relied on quarterly updates of encyclopedia content. As we recently blogged about, vendor-driven threat intelligence data feeds are not as up-to-date or scalable as real-time threat intelligence from hundreds or even thousands of security analysts.
Instead, by tapping into the power of a decentralized paradigm akin to Wikipedia’s approach, SecOps teams can better prepare to meet the latest email threats and trending phishing attacks in real-time.
The power of decentralized networks for phishing detection and response
So why is a decentralized approach far superior to a traditional centralized anti-phishing solution? Consider how apps like Waze have revolutionized the way we navigate our cities and communities – and get from point A to point B as quickly as possible. Few people venture out anymore – especially in larger cities – without first checking apps like Waze for real-time traffic intelligence.
It’s hard to remember a time when we didn’t rely on Waze for real-time traffic intelligence. Everyday commuters collectively report on traffic and road conditions as they encounter them to provide up-to-the-minute information on everything from potholes to the traffic accident just ahead.
Waze’s AI technology “learns” based on this intelligence and the actual behaviors of millions of human drivers on the roads. Waze doesn’t have to wait for any centralized data feed(s) to find out a new road has been paved or a major accident has shut down the interstate. That data is instantly available in real-time through the power of distributed and decentralized intelligence produced by the actual driving behavior of millions of motorists.
In the past, drivers relied on offline navigation apps and printed maps, running the risk of an unexpected road closures, detours, or major traffic jams. With apps like Waze, motorists have come to expect instant access to traffic reports, alternative routes and realistic information about estimated time of arrival (ETA).
As we saw in the Encarta vs. Wikipedia example, centralized systems sometimes have the upper hand in the beginning of a product lifecycle. However, they are enhanced only as quickly as the company’s developers can improve them.
Anti-phishing solutions armed with distributed global threat intelligence
Decentralized systems, however, have the potential to outpace their centralized peers by relying on an unlimited network of contributors. Take, for example, IRONSCALES advanced phishing prevention platform, which relies on incident responders, intelligent decisions and machine learning to act as a comprehensive virtual response team with thousands of other security analysts from other companies.
Through our decentralized platform, security analysts are constantly made aware if other SOC teams are working on similar incidents as they occur. Armed with distributed global threat intelligence, enterprises can automatically respond, classify and mitigate phishing attacks across all endpoints in real-time – faster and more efficiently. This is extremely important for anti-phishing, as the time from threat identification to attack remediation is of the essence.
(From IRONSCALES blog).