Our News

FST Key to Hot FBI Cyber-Terror Issue

Comments by FBI Cyber Crimes Assistant Director Shawn Henry made last October to reporters centered on a noticeable rise in cyber-terrorism and specifically cited "spear phishing" as a rapidly rising threat.

ISR's Forensic Sender Test™ helps UCE control systems combat all types of email identity crimes. Providing FST service in your mail system component or service not only brings tremendous value to your customers, but also affords an opportunity to show initiative on a “hot button” issue.

Contact us to learn more.

Frequently Asked Questions

1. How does the Forensic Sender Test™ work?

We are unwilling to provide detailed information regarding exactly how the FST works because of intellectual property concerns.  The complex electronic investigation that takes place for each email address/IP address pair is extremely processor intensive and requires very low network latency for maximum efficiency.  The FST starts its investigation with the assumption of guilt and innocence is obtained only after passing one of the FST's checks.  This insures no false-positive results for issues beyond our control, should such conditions arise.

2. Why isn't the FST test patented?

In 2005, we engaged a patent attorney to investigate our options. The attorney verified that our process was patentable and in no way overlapped ANY existing patent. Despite the clear viability of a patent, our attorney recommended that holding a trade secret would provide many times the protection of a patent for our particular case. Patents for manufactured devices are relatively easy to defend because the product can be physically examined to identify a patent violation. However, a patent that publishes a process like ours can be used by anyone anywhere with little or no way to even know that the theft took place. Even if a theft were discovered and proven, there are many jurisdictions outside our reach.

3. How difficult is it to integrate the FST test?

The FST web service is very simple to integrate in virtually any other internet technology.  A URL is crafted that contains the sender's email address and the IP address of the sending server, a connection is made to our network via HTTP, a GET is issued through that connection, and a response code is given back after the test is complete.  That code is then interpreted and acted upon in any way desired.  In high volume environments we recommend multiple persistent HTTP connections to the web service to take advantage of connection pooling.

4. What is the FST's performance track record?

The system that monitors the FST's quality of service is almost as complex as the FST itself. Public registration databases are cross-referenced in nearly-real-time to spot and aggregate potential anomalies which are then presented for further human analysis. In addition, dozens of ISP's and hundreds of businesses participate in quality of service reporting programs. Since it's January 2005 build, there have been neither unidentified spoofs nor falsely reported spoofs that were not the direct result of either a sending mail system mis-configuration or a sending mail system security breach. If you'd like to test the FST for yourself, see number 9 below.

5. How reliable is the FST?

Utilizing a data centers that specialize in high availability ensures that the FST will always be online, even when under attack.  The latest in security and internetworking technology has been used to protect our network from hacking and DoS attacks.

6. Can we host our own copy of the FST?

No.  The FST test is a closely guarded secret that must be hosted at a trusted facility under our control.  No exception can be made in order to maintain trustworthiness and to protect our intellectual property.  The FST requires a very specific configuration of services with uncommon storage and latency requirements that would be too difficult to guarantee on someone else's network and hardware.

7. How does eliminating spoofs stop spam?

The FST removes the shortfall of anti-spam systems by verifying the sender's network against the domain in their email address.  Since most spam will fail the FST, almost none will pass.  Those that pass are much easier to identify as spam and therefore more reliable and accurate anti-spam systems can be built using the FST as the primary starting point for discrimination.

8. Is the FST Sarbanes-Oxley compliant?

A special version of the FST is currently being developed for use in financial and legal environments and will be SOX compliant.

9. We've heard that a standards change was required to do what you claim. Can we test this to verify your claims?

Contact us to arrange a special testing session where you may run your entire database of phishing attacks against the FST.  Seed in legitimate email from your domains as well.  Don't be surprised to find out we identified 100% of the phishing emails as spoofs and all the legitimate email passed the FST!