PhishAlarm and PhishAlarm Analyzer
PhishAlarm: One-Click Reporting of Suspected Phishing Emails
PhishAlarm® is an email client add-in that allows your users to alert security and incident response teams to suspected phishing emails with a single mouse click. This is a valuable addition to security awareness and training programs as early reporting of suspicious emails can dramatically reduce the duration and impact of an active phishing attack.
A free component of our ThreatSim® and PhishGuru® simulated phishing assessments, PhishAlarm allows users to draw on their knowledge to stop social engineers and hackers in their tracks. As a behavior reinforcement tool, PhishAlarm further strengthens the Wombat Security Continuous Training Methodology by capitalizing on awareness and understanding of phishing issues, and allowing end users to actively apply best practices in defense of their data and systems.
Key Features and Benefits
- Simplifies the process of reporting email-based phish to abuse boxes and security teams.
- Shortens the phishing delivery–recognition–response window for information security analysts.
- Extends phishing prevention to the desktop and provides one-click reporting for every end user.
- Provides positive reinforcement by immediately thanking end users (via a pop-up message or email) for reporting suspicious emails and encouraging them to continue those actions in the future. These notifications are available in more than 25 languages to support the needs of multinational organizations.
- Reduces or eliminates IT helpdesk calls by allowing employees to route suspicious emails directly to a monitored inbox.
- Integrates with Microsoft Outlook and Office 365 email clients, with future support planned for other platforms.
- Offers optional prioritization capabilities via PhishAlarm Analyzer (see below).
PhishAlarm Analyzer: Email Prioritization for Faster Remediation
PhishAlarm Analyzer is an email analysis tool that employs machine learning techniques to identify and prioritize reported emails, enabling infosec officers and security response teams to quickly identify, isolate, and remediate suspected phishing messages, including zero-hour attacks. It is an excellent complement to existing email security defenses as it helps information security teams to quickly address phishing and spear phishing messages that slip past existing technical safeguards.
Quick Scanning and Ranking of Reported Phish
PhishAlarm Analyzer is an optional addition to our PhishAlarm email reporting tool (see above). PhishAlarm Analyzer provides security teams with a real-time ranking of suspicious emails that have been reported via PhishAlarm — alerts that may indicate that a phishing email slipped through existing email gateways. By ranking emails in order of threat potential, PhishAlarm Analyzer enables your response team to effectively allocate their time and attention to the most imminent and dangerous attacks on your network.
PhishAlarm Analyzer utilizes sophisticated machine learning models of data compiled and logged in real-world attacks to identify threats and prioritize reported messages. This leading-edge software builds on the considerable technical capabilities of our proven PhishPatrol® anti-phishing filter. Data about known attacks, dangerous IP addresses, blacklisted entities, and other markers from a multitude of reliable resources are fused to create a pool of information from which our algorithms learn to reliably assess email threats. The end result is a quicker path to remediation and a more effective use of infosec assets.
We Rank Emails, Not Users
Currently available email filters are great at targeting spam, but despite advancements in technology, a small percentage of malicious messages still end up in users’ inboxes. That is why PhishAlarm and PhishAlarm Analyzer are needed. While other layered email analysis tools rank messages based on a user’s level of “trustworthiness” and “accuracy,” PhishAlarm Analyzer takes into account knowledge of known threat vectors obtained from established databases and technical resources.
PhishAlarm Analyzer examines the attributes of reported emails and classifies them using standard security indicators of compromise (IOCs) — including WHOIS queries and responses, and scans of IP and DNS blacklists. Emails are prioritized based on their likelihood of being a real phishing attack, and an HTML report with the sources of the IOCs is then delivered to designated security and/or incident response teams.
- Identification of advanced threats – PhishAlarm Analyzer is highly responsive and can identify phishing attacks in real time (i.e., zero-hour attacks). PhishAlarm Analyzer is constantly evolving and adapting to new email threat patterns.
- Intelligent prioritization – The three email prioritization categories used by PhishAlarm Analyzer are: Likely a Phish, Suspicious, and Unlikely a Phish. Because of the reliability of the data used to determine the rankings, PhishAlarm Analyzer registers a low number of false positives.
- Machine learning functionality – PhishAlarm Analyzer actually gets better at identifying phishing emails over time. Thousands of real attacks from the wild are scanned each week and used to learn about and guard against increasingly sophisticated techniques, including spear phishing attacks.
- Delivery of actionable information – Each prioritized message contains a report that includes links to leading security intelligence sources. Security analysts can quickly and easily dig deeper into the threat(s) associated with the reported email. This is a great timesaver for security professionals who are facing an ever-increasing workload.
- Rapid scanning – PhishAlarm Analyzer scans emails in less than 1 second. Emails reported via PhishAlarm are accessed, analyzed, and categorized, and they are immediately available to your response teams.
- Consolidation of email notifications – When similar email messages are reported through PhishAlarm, the resulting PhishAlarm Analyzer notifications can be grouped to eliminate redundancies, reduce clutter, and improve productivity. Threshold alerts can let response teams know when the number of similar notifications has reached a level that could indicate an emerging threat or organization-wide attack.
- Multiple implementation options – PhishAlarm Analyzer is a software-based solution that can be installed as a virtual machine image on a local computer or deployed through the cloud.
- Easy-to-use interface – Activation and configuration wizards guide you through the setup process, and all settings can be monitored and adjusted using our web-based PhishAlarm Analyzer management console.
- Targeted routing of reports – You can choose up to 10 recipients (including bulk inboxes) for each reported email category. This allows administrators to eliminate the likelihood of threats falling through the cracks and enables remediation efforts to be assigned based on severity level.