zvelo’s Malicious and Phishing Threat Detection Feeds Drive 40% Lift in Unique Detections for Client
zvelo’s latest client sees a huge increase in unique malicious and phishing threat detections, faster detection speed, and a reduction in false positive rates following the implementation of two of the zvelo cyber threat intelligence feeds — Malicious Detailed Detection Feed (MDDF) and PhishBlocklist (PBL).
The Client is a fast growing, global DNS provider protecting tens of millions of users and devices across several continents.
The Client is charged with the responsibility to protect a growing base of tens of millions of end users and even more devices from a multitude of malicious threats and phishing scams on a daily basis. Like most companies in the cybersecurity space, the Client is always seeking to improve their threat protection capabilities through feeds that provide better coverage, more accuracy, faster detections and better value for the money. The Client’s list of requirements included
- Global threat detection and coverage with the ability to detect threats from any geographic location
- Threat coverage that meets or exceeds their existing threat coverage
- Lift in coverage from unique threat detections unavailable from other sources and feeds
- Real-time detections to provide the fastest possible time to detection
- High quality threat detection data with low false positives
Evaluation Testing Criteria
The Client’s evaluation focused on malicious and phishing threat detection with the following criteria:
- Percent overlap/coverage compared with their existing phishing and malicious detection feeds
- Percent of lift/increase in coverage due to unique detections above what their current feeds provide
- Speed of detection of new phishing and malicious threats vs. their existing feeds
- False positive rates for phishing and malicious detection
The Clients leveraged an in-house team of cyber threat analysts to evaluate the zvelo threat feeds — PhishBlocklist and the Malicious Detailed Detection Feed — against key performance metrics to quantify the results. The top areas of focus included measuring zvelo’s threat intelligence feeds against the Client’s existing sources for coverage overlap, unique detections, speed of detection, and false positive rates.
At the end of the evaluation, the Client shared some of their findings on how zvelo’s threat detection feeds stacked up against their existing sources.
Overlap — 100% Coverage
When it came to coverage overlap, the zvelo threat intelligence feeds detected 100% of the threats covered in the Client’s existing phishing and malicious threat detection feeds.
Unique Detections (“Lift”)— 30-40% Uplift with Unique Detections
zvelo’s threat feeds delivered 30-40% more unique detections than what the Client was getting with their existing threat feeds.
Detection Speed — Fastest Detection 65% of the Time
zvelo’s threat detection feeds proved to be faster for over 65% of the detections where there was coverage overlap. The existing feeds were faster only ~10% of the time.
False Positives — 0.1 – 0.15%
When it came to evaluating the False Positive rates, zvelo’s phishing detections had a 0.1% false positive rate and the malicious detections had a 0.15% rate (meaning accuracy rates of 99.9%) — easily beating the Client’s existing FP rate.
Based on the evaluation results, zveloCTI threat feeds proved to be the clear winner and the Client decided to move ahead with both PhishBlocklist (PBL) and Malicious Detailed Detection Feed (MDDF). Together, the zveloCTI threat feeds deliver meticulously curated, high veracity, actionable and real-time active threat data on phishing URLs, and malicious URLs and files — meeting all the Client’s initial requirements and exceeding their expectations.
After the initial evaluation, the Client moved quickly to implement PhishBlocklist and the Malicious Detailed Detection Feed. The post implementation performance of the zvelo threat feeds was equally as impressive as the evaluation. To date, the Client has maintained an ongoing uplift in malicious and phishing threats detected at the base and subdomain levels without losing any of the coverage they had previously. In addition to huge performance improvement, the Client was able to reduce operational expenses by streamlining the number of 3rd party threat feeds, and improve the effectiveness of their in-house threat team by significantly cutting down on the number of false positives as a result of zvelo’s curated threat data.