Zero-day phishing detection

You can use ​Secure Internet Access Enterprise​ for real-time detection of phishing pages that were created with phishing toolkits. When inline payload analysis is enabled, ​SIA​ can analyze requested webpages and determine whether content such as a login page is used in a new phishing attack.

In a sophisticated phishing attack, users are lured to phishing websites that are designed to look like legitimate websites. Users are usually directed to these pages as a result of a phishing email, instant message, social media post or message, or another means of communication where a malicious URL is provided. On these fraudulent websites, users are urged to enter login credentials or other sensitive information, giving an attacker access to confidential information such as usernames and passwords, credit card information, bank account information, or more.

To analyze these requested webpages or phishing domains, you need to enable ​SIA​ Proxy and inline payload analysis. You can use zero-day phishing detection with ​SIA​ proxy as a full web proxy or if the full proxy is not enabled, you can use this feature when ​SIA​ proxy captures only risky traffic.

Zero-day phishing events are reported in ​SIA​ as phishing threat events. You can search for events based on the Phishing threat category and the policy where inline payload analysis is enabled. Like any phishing event, if ​SIA​ detects zero-day phishing, a phishing website warning is shown to the end user. For more information on this custom error page, see Customize error pages.