Email Prioritization for Faster Remediation
PhishAlarm® Analyzer is an email analysis tool that employs machine learning techniques to prioritize reported emails, enabling infosec officers and security response teams to quickly identify, isolate, and remediate suspected phishing messages, including zero-hour attacks. It is an excellent complement to existing email security defenses as it adds an additional layer of protection against phishing and spear phishing.
Quick Scanning and Ranking of Reported Phish
A companion to our PhishAlarm email reporting button, PhishAlarm Analyzer provides security teams with a real-time ranking of suspicious emails that have been reported via PhishAlarm — alerts that may indicate that a phishing email slipped through existing email gateways. By ranking emails in order of threat potential, PhishAlarm Analyzer enables your response team to effectively allocate their time and attention to the most imminent and dangerous attacks on your network.
PhishAlarm Analyzer utilizes sophisticated machine learning models of data compiled and logged in real-world attacks to detect threats and prioritize reported messages. This leading-edge software builds on the considerable technical capabilities of our proven PhishPatrol® anti-phishing filter. Data about known attacks, dangerous IP addresses, blacklisted entities, and other markers from a multitude of reliable resources are fused to create a pool of information from which our algorithms learn to reliably assess email threats. The end result is a quicker path to remediation and a more effective use of infosec assets.
We Rank Emails, Not Users
Currently available email filters are great at targeting spam, but despite advancements in technology, a small percentage of malicious messages still end up in users’ inboxes. That is why PhishAlarm and PhishAlarm Analyzer are needed. While other layered email analysis tools rank messages based on a user’s level of “trustworthiness” and “accuracy,” PhishAlarm Analyzer takes into account knowledge of known threat vectors obtained from established databases and technical resources.
PhishAlarm Analyzer examines reported emails and classifies them using standard security indicators of compromise (IOCs) — including WHOIS queries and responses, and scans of IP and DNS blacklists — as well as analysis of the email content itself. Emails are prioritized based on their likelihood of being a phishing attack, and an HTML report with the sources of the IOCs is then delivered to designated security and/or incident response teams.
- Identification of advanced threats – PhishAlarm Analyzer is highly responsive and can identify phishing attacks in real time (i.e., zero-hour attacks). PhishAlarm Analyzer is constantly evolving and adapting to new email threat patterns.
- Intelligent prioritization – The three email prioritization categories used by PhishAlarm Analyzer are: Likely a Phish, Suspicious, and Unlikely a Phish. Because of the reliability of the data used to determine the rankings, PhishAlarm Analyzer registers a low number of false positives.
- Machine learning functionality – PhishAlarm Analyzer actually gets better at identifying phishing emails over time. Thousands of real attacks from the wild are scanned each week and used to learn about and guard against increasingly sophisticated techniques, including spear phishing attacks.
- Delivery of actionable information – Each prioritized message contains a report that includes links to leading security intelligence sources. Security analysts can quickly and easily dig deeper into the threat(s) associated with the reported email. This is a great timesaver for security professionals who are facing an ever-increasing workload.
- Rapid scanning – PhishAlarm Analyzer scans emails in less than 1 second. Emails reported via the PhishAlarm button are accessed, analyzed, and categorized, and they are immediately available to your response teams.
- Multiple implementation options – PhishAlarm Analyzer is a software-based solution that can be installed as a virtual machine image on a local computer or deployed through the cloud.
- Easy-to-use interface – Activation and configuration wizards guide you through the setup process, and all settings can be monitored and adjusted using our web-based PhishAlarm Analyzer management console.
- Targeted routing of reports – You can choose up to 10 recipients (including bulk inboxes) for each reported email category. This allows administrators to eliminate the likelihood of threats falling through the cracks and enables remediation efforts to be assigned based on severity level.