There are hundreds, thousands really, of potential IT vendors vying for the attention of the same comparatively small group of enterprise IT buyers that can’t physically absorb that amount of sales activity, dozens if you count established players. The weight of such numbers makes it impossible for us to promote even 1-5% of new vendor products with any real frequency without the risk being counterproductively intrusive.
Yet customers also tell us they want expert curation and distillation of the good stuff that can meaningfully solve problems. It’s a delicate balance.
Every once in a while, something pops up that’s compelling enough to mention for its relevancy, differentiation, problem-solving effectiveness with minimal operational overhead. We found one in the security space. We actually found them quite a while ago but now they’re better than ever and have evolved to “let me interrupt you” status.
It’s a safe bet to argue the front-line battle in security is being waged at the end point. If there were no users, networks and data would be substantially more secure because too many users unwittingly do bad things that can cause devastation at scale. Like letting their credentials get stolen through phishing.
With the exception of MFA, security controls can’t protect IT infrastructure from access through stolen credentials. And MFA isn’t everywhere, so investing in protection to address credential phishing at scale is vital and indispensable.
However, that investment effort tends to focus on email. After all, email is where credential phishing (and malware infections) usually starts. But email security can’t protect from other forms of digital communication: web browsing, SMS, social media, ‘wolf’ apps in ‘sheep’s’ clothing, even social engineering that directs you to a phishing site, etc. The Mimecast’s and Proofpoint’s of the world are essential, for sure. They’re also insufficient.
In addition to NGFW’s, the other must have is modern EPP, which has evolved into EDR and xDR etc. which, I suppose, is a way to elevate the conversation by suggesting modern EPP is critical and needs to be more effective, hence it’s not AV or EPP anymore but EDR and xDR, etc. It does seem to be working based on an emerging trend of AV titans of the past getting replaced by what we suspect to be the EDR/xDR titans of the future.
Given its importance as a vital point of control, it’s still somewhat surprising there isn’t more widespread attention paid to modernizing end point protection. I’ve actually heard variations of the following a number times: “Well, our maintenance [that covers our antiquated, signature based, AV solution] goes until 2023 so we’re not going to look at that right now.”
SlashNext was founded to identify and block zero-hour phishing attempts in real-time from any form of digital communication channels with a stunning false positive rate of only 1 in 1MM. All of this protection comes in the form of a browser plug-in for Windows and Mac. For iPhone and Android devices, the protection comes in the form of an App. This allows the protection to take place on device and not through a proxy.
It also provides for user privacy. And it’s simple to rollout at scale in an automated way providing for the kind of user experience that users ask for.
Secret Sauce? It uses Natural Language Processing, AI and ML to block zero-hour phishing attempts.
It works with EDR/xDR and NGFW from the likes of Crowdstrike, Palo and SentinelOne. In fact, it was rated the number 1 app in Palo Alto’s XSOAR marketplace. SlashNext discovered 50,000 infected URLs hosted on a very large and venerable Silicon Valley company who provides IaaS. These URLs were hosted on their legitimate and trusted infrastructure. That company stated, it was “extremely rare to see this quality of detection and data.”
It can also be a SOAR admin’s best friend because it virtually eliminates oceans of user emails reporting on phishing attempts that need investigation. Is that a challenge in your SOAR operation?
And its AI and ML engine gets better every day because it learns and learns and learns….
IT Security Groups can’t blacklist OneDrive, DropBox, Facebook, Gmail, etc. With SlashNext, they don’t trust any URL which is why they preemptively mined the global web 24×7 to identify and block even zero hour phish in real-time.
There’s a proven track record too (active for 5 years). Once again, there’s is no performance impact because all blocking of malicious URLs is done on device. Management of SlashNext is SaaS based and provides a set and forget administration process. The likes of Palo Alto Networks, Crowdstrike and Google all have given SlashNext praise for their quality of detection and efficacy.
It’s relevant: What’s more relevant than preventing users from getting phished? I already mentioned it was accurate and they can prove it.
I humbly recommend you check them out. Why not benefit from a solution that delivers maximum utility for minimum effort?
