Area 1 Security: Using Google Cloud Platform to Preempt Targeted Phishing Attacks

Area 1 Security uses a big data platform to identify targeted phishing attacks early and stop them. Founded by those who led and built the big data and analytics infrastructure for the National Security Agency, the company eliminates the threat from phishing, which remains the number one way hackers breach businesses, steal data and cause financial damage. Area 1 Security gives customers the ability to change outcomes and protect themselves.

Area 1 Security uses a cloud-based service to uniquely identify targeted attacks based on the infrastructure and delivery mechanisms attackers use. The company analyzes a vast amount of information daily using sensors across the internet, a high speed web crawler that spiders up to 5 to 6 billion URLs every month, and a distributed sensor network that gathers billions of network events in a day. It sends that information to a massive data warehouse for analysis where it is processed to discover emerging and ongoing cyberattacks. The company uses Google Cloud Platform for its scalability, performance and sophisticated data analytics tools.

“Area 1 Security’s service depends on scale, speed and smart, fast analytics. Google Cloud Platform’s superiority in data analytics tools, processing and highly scalable storage helps us provide the best security service possible for our customers.”

— Phil Syme, Chief Technology Officer, Area 1 Security

When identifying cyber threats, faster is better

Area 1 Security’s total attack data warehouse is approximately 2.5 petabytes, including a quarter of a trillion attack metadata records. Additionally, the company’s service needs to analyze over 3 billion events every day. In order to do that, the company turned to Google Cloud Platform, and uses a variety of its tools to host and analyze massive streams of information. The company’s data is stored in Google Cloud Storage, and Google Cloud Dataflow streams data to Google Cloud BigQuery and Google Cloud Bigtable. BigQuery, which hosts a database of more than 330 billion rows, performs analysis and ad hoc queries that help Area 1 Security quickly identify impending attacks. Syme realized that when querying large datasets, BigQuery is the only cloud-based solution available capable of handling a data set this size within the SLA that is required for their enterprise customers.

A curated set of attack and phishing data is sent to Bigtable for fast searches. Area 1 Security then passes its recommended rulesets to its customers to take action on, catching emergent attacks before they cause damage.

“When it comes to identifying security threats, speed and time is of the essence. With Google Cloud Platform our platform gets answers in 30 to 60 seconds when querying a massive data set, which in turn allows us to rapidly protect our customers before attackers breach their network,” Syme says.

“Just in the past six months, through Google’s Compute Platform, Area 1 has been able to identify over 3 million phishing attacks and 176 million malicious campaign events across all aspects of the cyber kill chain. From reconnaissance through exfiltration, GCP provides us with unparalleled capabilities to discover attacks in their earliest formative stages and protect our customers,” says Blake Darché, Chief Security Officer, Area 1 Security.

Built from the ground up for security

Given recent breaches and state-sponsored vulnerabilities in off-the-shelf networking equipment, Area 1 Security sought out a public cloud provider that could provide the security to run their systems.

“GCP has its own purpose-built chips, servers, storage, network and datacenters. GCP’s dedication to hardened security across the entire infrastructure means that Area 1 Security can trust the software that we run in GCP to be secure,” Syme says.

Big data helps protect against big threats

GCP helps Area 1 Security find threats more quickly, saves the company money, and lets its engineers focus on predictive analytics to find threats instead of running data center infrastructure. Digging through massive amounts of big data to find the small patterns that signal an early attack takes an enormous amount of computing, and GCP provides the power to do it.

“With Google Cloud Platform, we can be agile and quick, while having a minimal operational staff. As a startup, we didn’t have the time or resources to build our own infrastructure at large scale. With Google Cloud Platform we got an instant data warehouse, and a fast, comprehensive search. We’ve saved many person-years of engineering effort, and so can provide a unique security service for our customers,” Syme says.