Hugh Docherty

Recent Posts

PhishMe expands Phishing Intelligence offerings through Malcovery asset aquisition

Posted by Hugh Docherty on Fri, Apr 8, '16


Technology Integration Will Provide Enterprises with Most Advanced, High Fidelity Phishing Threat Intelligence Available

LEESBURG, Va. – October 14, 2015 – PhishMe® Inc., the leading provider of phishing threat management solutions, announced today that it has acquired key assets of phishing intelligence firm – Malcovery Security LLC, for an undisclosed sum.

“This acquisition rounds out our portfolio of targeted phishing mitigation, detection, and response solutions, making us the go-to solution in the market,” said Rohyt Belani, CEO and co-founder of PhishMe.

Aaron Higbee, PhishMe’s CTO and co-founder, commented, “Enterprises want to know if they are being singled out by the attackers or are a part of a larger phishing campaign. Malcovery’s intelligence will help answer that. The integration of Malcovery’s offerings into PhishMe’s comprehensive anti-phishing platform will boost the accuracy and value of the intelligence and response capabilities for our customers.”

PhishMe will incorporate Malcovery’s Protect Your Network and Protect Your Brand offerings into its full lifecycle of anti-phishing products – Simulator, Reporter and Triage – empowering its customers with a cohesive solution to address the most significant attack vector today. The company will leverage the added layer of malware analysis and threat intelligence in everything from sourcing content for our simulations, to augmenting PhishMe Triage with enhanced analytics and automated response to phishing incidents.

“The combination of Malcovery’s in-depth external threat analysis and PhishMe’s real-time view into phishing attacks reported internally results in the highest-fidelity, actionable intelligence currently available,” said Gary Warner, Chief Technologist and co-founder of Malcovery Security. “We are thrilled to combine forces with PhishMe in this fight against cybercriminals and nation-state actors.”

The acquisition news comes in the midst of PhishMe’s hyper-growth period, as evidenced by its recent designation on the prestigious 2015 Inc. 5000 list of fastest growing private companies for the its record growth of 892 percent over the past three years. Malcovery’s expert team will add to PhishMe’s already growing staff, bringing the combined employee headcount to 200.

To learn more about PhishMe’s human-powered, anti-phishing offerings, visit

Connect with PhishMe

About PhishMe

PhishMe® is the leading provider of threat management for organizations concerned about human susceptibility to advanced targeted attacks. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.


Read More

Malware Trends and Tactics: 3 Things Companies Need To Do

Posted by Hugh Docherty on Fri, Aug 28, '15

Gary Warner, Malcovery's Chief Technologist, recently presented findings from our 2015 Q2 Malware Trends and Tactics report. The second quarter is notable for the diversity of campaigns that were observed. It's clear that there are more actors in the space, and many are experimenting with various crime tools in a variety of short-lived campaigns.

Malcovery produced 540 reports during the second quarter related to email-based malware and phishing attacks. In each case, Malcovery's analyst team dissected the campaign to uncover how it was designed to penetrate your network perimeter. Every report contains a confirmed set of domains, hosts, and artifacts associated with the campaign. Given the variety of payload malware and downloaded applications observed and the number of new hosts and domains supporting the malware attack, it is more important than ever to act quickly on indicators provided by threat intelligence services.

There are 3 things that companies need to do based on this analysis.

  1. Automate consumption of threat intelligence.
  2. Beware of Microsoft Office attachments.
  3. Review how your team is using third party file sharing services.
  Read More

Topics: Malware Intelligence, Protect Your Network

Alert! Alert! But then what?

Posted by Hugh Docherty on Thu, May 21, '15

Gary Warner from Malcovery Security and Wendy Nather of 451 Research recently hosted a webinar: Using Contextual Threat Intelligence to Improve Incident Response. With some assistance from a very “animated” CISO, Gary and Wendy reviewed the challenges facing these teams today.  Here we provide an overview of some key points of part two of the webinar. 

Read More

Topics: Malware Intelligence, Protect Your Network

Defining Threat Intelligence at RSA Conference

Posted by Hugh Docherty on Mon, May 4, '15

35,000 people and 500 exhibitors trekked to the RSA_booth_medMoscone Center in San Francisco to learn, share, commiserate, and strategize about the latest challenges and solutions to cyber threats facing companies of all sizes. The 2015 RSA Conference was the biggest yet (compare to 15,000 attendees and 300 exhibitors in 2007) and much of the action happens on the Expo floor which burst out of Moscone South in 2013 and has since squeezed the keynote speakers out of Moscone North. The Expo is crowded with booths of all sizes and vendors of every type. It’s a collage of banners, signs, and collateral and is abuzz with demos, presentations, and evangelists. 

Threat intelligence has been a hot topic in the sector for the past few years and was a major part of the discussion again this year. And like other technologies, 

Read More

Topics: RSA Conference, Actionable Intelligence, Protect Your Network

These are the events you are looking for

Posted by Hugh Docherty on Fri, Apr 17, '15

Malcovery Security and 451 Research recently hosted a webinar in which the use of contextual threat intelligence was demonstrated to provide an advantage to incident response teams. During the webinar, Malcovery's Gary Warner and Wendy Nather from 451 Research provided good insights into the challenges of today's incident response teams. They discussed issues ranging from staffing to the latest technology and Gary shared valuable techniques you can use in the battle against malware and phishing attacks.

Read More

Topics: Incident Response, SIEM

Introducing New Threat Intelligence Services at Malcovery!

Posted by Hugh Docherty on Wed, Oct 15, '14

We announced two services today, both extending the capabilities we currently offer by making it easier for companies to operationalize the intelligence and respond to attacks. The new services include our best-of-breed threat intelligence derived from analyzing vast amounts of phish, spam, and malware plus the tools and coaching we’ve developed with our customers and partners.

At Malcovery, we’re fortunate to have had visionary companies and partners providing input to our services from the beginning. This goes back to the early days when Gary Warner started his research at UAB which lead to commercial-ready services from day one of the company. We continue to seek out the best customer and industry guidance as we enhance our products. We love talking to customers and listening to their stories. We recently had this opportunity at events hosted by ISSA, FS-ISAC, APWG, and others and this release incorporates their feedback and suggestions.

Here are some concepts that influence the services we offer:

Read More

Three Malware Predictions for the Remainder of 2014

Posted by Hugh Docherty on Mon, Aug 25, '14

As summer is drawing to a close, it is useful to take a quick look ahead to the end of the year to determine what we can expect on the malware front. After all, 2014 has brought about many new developments in malware. In this blog post, we explore a few malware predictions for the balance of the year.

Read More

Topics: Malware

View Webinar Now