Because phishing remains the most widely used cyber attack vector, most end users report a lot of email messages they “think” could be potentially malicious to your incident response team.
Whether or not you step employees through security awareness training doesn’t change the fact that your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic…can present a problem!
With the firehose of spam and malicious email that attack your network, some 10-15% of these make it past your filters. With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you not only handle the high-risk phishing attacks and threats, but also effectively manage the other 90% of user-reported messages accurately and efficiently? Now, there is PhishER.
PhishER is a simple and easy-to-use web-based platform with critical functionality that serves as your phishing emergency room to identify and respond to user-reported messages. PhishER helps you prioritize and analyze what messages are legitimate and what messages are not – quickly. With PhishER, your team can prioritize, analyze, and manage a large volume of email messages – fast! The goal is to help you and your team prioritize as many messages as possible automatically, with an opportunity to review PhishER’s recommended focus points and take the actions you desire.
• Full integration with KnowBe4’s Phish Alert Button allows automatic prioritization of emails that are not threats
• Cut through the IR-inbox noise and respond to the most dangerous threats more quickly and efficiently
• Free up IR resources to identify and manage the 90% of messages that are either spam or legitimate email
• See clusters or groups of messages based on patterns that can help you identify a widespread phishing attack against your organization
• Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
• Automated email response templates let you quickly communicate back to your employees about the emails they need in order to continue working
• You can create custom workflows for tasks such as prioritization and alerting so that the IR team can focus on the right messages
PhishER processes user-reported phishing and other suspicious emails by grouping and categorizing emails based on rules, tags, and actions..
PhishER will help you prioritize every reported message into one of three categories: Clean, Spam, or Threat. Through rules you set, PhishER helps you develop your process to automatically prioritize as many messages as possible without human interaction.
With automatic prioritization of emails that are not threats, PhishER helps your team respond to the most dangerous threats more quickly. PhishER easily integrates with KnowBe4’s email add-in button, Phish Alert, and also works by forwarding to a dedicated mailbox. PhishER reviews attributes of reported messages and stack ranks the most critical messages based on priority.
You can create custom rules, use the built-in YARA-based system rules, or edit existing YARA rules. You can use system rules to help simplify your rules requirements or copy and modify to customize rules depending on the proficiency of your incident response team.
PhishER integrates with external services like VirusTotal to help analyze attachments and malicious domains. Using URL Unwinding, it automatically expands shortened URLs to help see the potential threat level of the final destination.
PhishER integrates into your organization by pushing data into popular SIEM platforms such as Splunk and QRadar. With support for multiple syslog destinations available it’s also possible to push data into as many other systems as you like.
PhishER features “Emergency Rooms” to help you identify similar messages reported by your users. Emergency Rooms consist of pre-filtered views of your messages that are unresolved in your PhishER inbox. These messages are dynamically grouped by commonalities and include system pre-filtered views for messages by Top Subject Lines, Top Senders, Top Attachments, and Top URLs.
Each room is interactive, allowing you to drill down into filtered inbox views of the messages and take action across all associated messages at the same time. The overview of the Emergency Rooms allows you to immediately prioritize which room contains the most messages and is in need of attention.
Best of all, you can define criteria to create your own room and highlight what means the most to your organization. Interested in how many messages are spoofing your executives or how many legitimate HR notices are being reported by your users? How about finding out if there is a widespread generic phish campaign that many users are reporting? Emergency Rooms will give you all that and more.