PhishScout
PhishScout is an automated phishing defense & orchestrated response that allows the IT security teams to instantly investigate suspicious emails with the ability to quarantine and ultimately delete phishing emails from the end user’s mailbox.
Security controls such as IPS & Email Gateways are only effective to a certain level. This is why phishing remains the most potent threat vector to date. Once a phishing email lands into the mailbox, it only takes a click to trigger a cyberattack. The longer the phishing email resides in the mailbox, the greater the probability of the threat propagation.
PhishScout uses built-in threat intelligence feeds from 3rd party and PhishRod global threat intelligence engine, to instantly thwart a phishing attack. The automated & orchestrated response workflow ensures role-based coordination between relevant stakeholders to report, investigate, quarantine and delete phishing emails from the end user’s mailbox in the shortest possible time.
Key Benefits
- Provides intelligence to end users to report emails based on evidence
- Automates & coordinates response to phishing threats
- Reduces burden on SOC team as 80% of incidents get resolved at the primary analyst level
- Builds a threat intelligence heat map based on the source of phishing emails to optimize email security gateways
How it Works?
PhishRod provides a reporter plug-in that works as an agent for all mail clients. While the mailbox synchronizes to receive any incoming email, the end user is provided with a warning that the email is coming from a malicious source.
Once reported, PhishScout extracts the links & attachments from the reported suspicious email and performs IP Scanning, Domain Reputation Scanning, URL Scanning, Site Verification, Attachment Scanning using 130+ intelligence feeds and creates an incident for the primary analyst. Based on the results received, the primary analyst can immediately quarantine the reported email and can escalate the case for secondary analysis.
Based on the feedback from the secondary analyst, the email can be deleted from all end user mailboxes immediately.
Standout Use Cases
- Analysis of the following parameters related to email verification:
- Format Validity
- Suspicious Username
- MX Records Configuration
- SPF Records Configuration
- DMARC Enforcement
- Domain credibility determination, considering:
- IP Location
- Domain scan results from 40+ Domain Reputation Engines
- Free Hosting
- URL Shortener
- IP Reputation Analysis, considering the following parameters:
- IP Address
- IP Location
- IP Scan Results from 97+ IP Reputation Engines
- VPN Used
- TOR Used
- Web Proxy used
- Extensive site verification from which the email or link has been sent, considering:
- Is the website suspended?
- Is the title page empty?
- Is the domain suspicious or malicious?
- Is the domain from a risky geolocation?
- Extraction of URL from reported email
- URL reputation determination using built-in intelligence feeds
- Suspicious URL labeling
- Centralized dashboard for enhanced monitoring
- Centralized decision-making and threat correlation
- Ability to report actions taken to SOC teams