zvelo Full-Path URL Classification Supports the Detection of Malware Hidden within Whitelisted Sites
“We knew there were malicious URLs disguised within the whitelisted sites, we just didn’t have the right kind of visibility we wanted, or needed, to improve the security of our platform. zvelo has allowed us to extend our security platform with greater coverage and protection against the escalating threats to mobile.”
– Vice President of Product, Client
Client Profile
Industry leading mobile security platform, supporting large enterprises, and tens of millions of end users around the globe.
The Challenge
The challenge was to identify and isolate malicious and suspicious URLs appearing within whitelisted sites and utilizing content from popular brands to hook potential victims.
From the proliferation of mobile devices within enterprise IT environments, to the disappearing network perimeter, to the explosion of remote workforces, mobile has become a prime target. Malicious Cyber Actors (MCAs) are capitalizing on the rapidly expanding mobile attack surface and using popular SaaS cloud storage platforms, like DropBox, OneDrive, Google Drive, etc, to launch attacks. In this type of attack, the MCA hosts a malicious document in a cloud storage account, then shares the file with targeted users under the guise of a legitimate business purpose. Mobile devices make it much more difficult to detect what would be a ‘red flag’ on a PC or laptop as users are not able to view full URLs in mobile browsers, nor can they preview links. Combined with the typical user behavior of just clicking whatever comes through email, MCAs are easily able to exploit these types of trusted, legitimate resources to prey on their victims.
Business Requirements
As a leading provider which has been recognized as a leader in mobile security, the Client already had a robust mobile security platform to start with. However, in order to get ahead of the evolving threat landscape, the Client began seeking a solution which would improve their ability to detect this type of attack that could be easily integrated into the existing platform to maximize threat detection.
Granular Full-Path URL Classification
The capability to obtain full-path URL classifications for malicious and suspicious links embedded deeply into a trusted domain’s structure was the most crucial requirement for the Client. The full-path classification would enable the continued use of SaaS platforms which had been whitelisted at the base domain level, while detecting threats lurking from within the domain.
Real-Time Threat Analysis
Live threat intelligence and URL analysis was a key requirement to detect and block as many suspicious and malicious URLs associated with trusted domains as possible.
Performance and Speed
Supporting a large customer base that spans the globe, the Client also required a solution which would allow for processing high volumes of data, while delivering ultra fast query performance for users across its international markets.
Integration
As the client had a very robust platform to begin with, a solution which could be easily integrated into the existing architecture was another key solution requirement.
The Solution
After evaluating some of the leading top URL database categorization tools, the Client settled on deploying zvelo’s malicious detection data. zvelo’s capability to deliver full-path URL classification was a key differentiator for the solution. Additionally, with more than 99% accuracy and coverage of ActiveWeb traffic across a network of more than 650 million end users, and ultra fast performance speed, zvelo more than satisfied the client’s technical performance requirements — including a seamless integration.
“At the outset of this project, our internal teams had set a very high bar in terms of expectations for the ‘ideal’ solution. Those expectations came with a pretty extensive wish list for technical requirements and performance results. zvelo met all of the key criteria from a technical standpoint, and the speed and performance made the decision to implement zvelo an easy one.”
– Vice President of Product, Client
The Results
Very quickly after deploying zvelo, the Client noticed an uptick in the quantity of suspicious URLs and emerging threats detected and blocked by the platform. By educating its customer base and bringing a heightened awareness around the threat of whitelisted sites delivering malware, the Client is able to leverage the addition of zvelo detections as a key competitive differentiator for its solution, boosting overall adoption rates and generating new revenue opportunities.
