Thwart Phishing Attacks in minutes using PhishScout

PhishScout is an automated phishing defense & orchestrated response that allows the IT security teams to instantly investigate suspicious emails with the ability to quarantine and ultimately delete phishing emails from the end user’s mail box.

Security controls such as IPS & Email Gateways are only effective to a certain level. This is why phishing remains the most potent threat vector to date. Once a phishing email lands into the mailbox, it only takes a click to trigger a cyberattack. The longer the phishing email resides in the mailbox, the bigger is the probability of the threat propagation.

PhishScout uses built-in threat intelligence feeds from 3rd party and PhishRod global threat intelligence engine, to instantly thwart a phishing attack. The automated & orchestrated response workflow ensures roles-based coordination between relevant stakeholders to report, investigate, quarantine and delete phishing emails from the end user’s mailbox in the shortest possible time.

How it Works

PhishRod provides a reporter plug-in that works as an agent for all mail clients. While the mailbox synchronizes to receive any incoming email, the end user is provided with a warning that the email is coming from a malicious source.

Once reported, PhishScout extracts the links & attachments from the reported suspicious email and performs IP Scanning, Domain Reputation Scanning, URL Scanning, Site Verification, Attachment Scanning using 90+ intelligence feeds and creates an incident for the primary analyst. Based on the results received, the primary analyst can immediately quarantine the reported email and can escalate the case for secondary analysis.

Based on the feedback from the secondary analyst, the email can be deleted from all end user mailboxes immediately.

Key Benefits

  • Provides intelligence to end users to report emails based on evidence
  • Automated & coordinate response to phishing threats
  • Reduces burden on SOC team as 80% of incidents get resolved at the primary analyst level.
  • Threat intelligence heat map based on the source of phishing emails to optimize email security gateways.

PhishScout analyzes the following parameters related to email verification which helps the primary analyst to mark the reported emails as suspicious.

  • Format Validity
  • Suspicious User Name
  • MX Records Configuration
  • SPF Records Configuration
  • DMARC Enforcement

The domain reputation is thoroughly scrutinized by PhishScout which further helps the primary analyst to determine the credibility of the domain from which the suspicious email was received.

  • IP Address
  • IP Location
  • IP Scan Results from 40+ IP Reputation Engines

The following parameters are investigated for IP Reputation to determine whether the email is malicious or not.

  • IP Address
  • IP Location
  • IP Scan Results from 97+ IP Reputation Engines
  • VPN Used
  • TOR Used
  • Web Proxy used

PhishScout maneuvers through the following criteria which can extensively verify the site from which the email or link has been sent.

  • Is the website suspended
  • Is the title page empty
  • Is the domain blacklisted
  • Is the domain suspicious
  • Is the domain malicious
  • Is the domain from a risky geolocation

PhishScout extracts all the URLs from the reported suspicious email and scans them using built-in intelligence such as VirusTotal, PhishTank & Google Safe Browsing API.

PhishScout has built-in integration with Cuckoo Sandbox for malware analysis. When an end user reports a suspicious email, PhishScout extracts all the attachments from the reported suspicious email & a detailed malware analysis report is provided to the primary analyst to scout the phishing email.