As part of his SANS Technology Institute Master's degree, Geoffrey Parker recently published a whitepaper called Automating Response to Phish Reporting that got an A, was made a gold paper and got published in the SANS InfoSec Reading Room.
It's an excellent independent analysis of available email triage tools, and covers:
- Proofpoint with Threat Response Auto Pull (TRAP)
- Cofense Triage
- KnowBe4 PhishER
- StackStorm (open source)
- PowerShell 6 Core Windows
Here is the abstract:
"Phish Reporting buttons have become easy buttons. They are used universally for reporting spam, real phishing attacks when detected, and legitimate emails. Phish Reporting buttons automate the reporting process for users; however, they have become a catch-all to dispose of unwanted messages and are now overwhelming Response Teams and overflowing Help Desk ticket queues.
The excessive reporting leads to a problem of managing timely responses to real phishing attacks. Response times to false positives, spam, and legitimate messages incorrectly reported are also significant factors. Vendors sold phish alert buttons with phishing simulation systems which then became part of more in-depth training systems and later threat management systems.
Because of this organic growth, many companies implemented a phish reporting system but did not know that they needed an automation system to manage the resulting influx of tickets. Triage systems can automate a high percentage of these phish alerts, freeing the incident response teams to deal with the genuine threats to the enterprise on a prioritized basis."
We warmly recommend this excellent whitepaper. Read it here at SANS.
[July Live Demo] Identify and Respond to Email Threats Faster with PhishERYour users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic... can present a new problem!
With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you handle the real phishing attacks and email threats —and just as importantly— effectively manage the other 90% of user-reported messages accurately and efficiently?
Now you can with PhishER, a product which allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!
See how you can best manage your user-reported messages.
Join us, Wednesday, July 24 @ 2:00 pm (ET), for a live 30-minute demonstration of the new PhishER platform. With PhishER you can:
- Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
- Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
- See clusters of messages to identify a potential phishing attack against your organization
- Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
- Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team.
Date/Time: Wednesday, July 24 @ 2:00 pm (ET)