PhishAlarm and PhishAlarm Analyzer
PhishAlarm: One-Click Reporting of Suspected Phishing Emails
PhishAlarm® is an email client add-in that allows your users to alert security and incident response teams to suspected phishing emails with a single mouse click. This is a valuable addition to security awareness and training programs as early reporting of suspicious emails can dramatically reduce the duration and impact of an active phishing attack.
A free component of our ThreatSim® Phishing Simulations, PhishAlarm allows users to draw on their knowledge to stop social engineers and hackers in their tracks. As a behavior reinforcement tool, PhishAlarm allows organizations to capitalize on improved awareness and understanding of phishing issues. Users are able to actively apply best practices in defense of their data and systems, which is a benefit of our Continuous Training Methodology.
Key Features and Benefits
- Simplifies the process of reporting email-based phish to abuse boxes and security teams.
- Shortens the phishing delivery–recognition–response window for information security analysts.
- Extends phishing prevention to the desktop and provides one-click reporting for every end user.
- Provides positive reinforcement by immediately thanking end users (via a pop-up message or email) for reporting suspicious emails and encouraging them to continue those actions in the future. These notifications are available in more than 25 languages to support the needs of multinational organizations.
- Reduces or eliminates IT helpdesk calls by allowing employees to route suspicious emails directly to a monitored inbox.
- Integrates with Microsoft Outlook (2007, 2010, 2013, 2016) and browser-based Office 365 and Gmail email clients.
- Integrates with the Outlook Web Access (OWA) for iPhone and iPad mobile applications. Will integrate with OWA for Android following Microsoft's General Availability date for that application.
- Offers optional prioritization capabilities via PhishAlarm Analyzer (see below).
PhishAlarm Analyzer: Email Prioritization for Faster Remediation
PhishAlarm Analyzer (a companion to PhishAlarm) is an email analysis tool that employs machine learning techniques to provide a real-time ranking of suspicious emails in order of threat potential, allowing your security team to focus their time and attention on the most imminent and dangerous threats to your network.
Quick Scanning and Ranking of Reported Phish
Currently available email filters are great at targeting spam, but despite advancements in technology, a small percentage of malicious messages still end up in users’ inboxes. PhishAlarm allows end users to easily and quickly report suspicious messages, and PhishAlarm Analyzer helps organizations identify and target the most pressing threats.
While other layered email analysis tools rank messages based on the users' level of "trustworthiness" and "accuracy," PhishAlarm Analyzer ranks the emails themselves and takes into account knowledge of known threat vectors obtained from established databases and technical resources.
PhishAlarm Analyzer examines the attributes of reported emails and classifies them using standard security indicators of compromise (IOCs) — including WHOIS queries and responses, and scans of IP and DNS blacklists — as well as analysis of the email content itself. Emails are prioritized based on their likelihood of being an actual phishing attack, and an HTML report with the sources of the IOCs is then delivered to designated security and/or incident response teams.
Key Features and Benefits
- Identification of advanced threats – PhishAlarm Analyzer delivers highly responsive identification of phishing attacks in real time (i.e., zero-hour attacks). Emails reported via PhishAlarm are accessed, analyzed, and categorized, and they are immediately available to your response teams.
- Intelligent prioritization – The three email prioritization categories used by PhishAlarm Analyzer are: Likely a Phish, Suspicious, and Unlikely a Phish. Because of the reliability of the data used to determine the rankings, PhishAlarm Analyzer registers a low number of false positives.
- Machine learning functionality – PhishAlarm Analyzer constantly evolves and adapts to new email threat patterns. Thousands of real attacks from the wild are scanned each week and used to learn about and guard against increasingly sophisticated techniques, including spear phishing attacks.
- Delivery of actionable information – Each prioritized message contains a report that includes links to leading security intelligence sources. Security analysts can quickly and easily dig deeper into the threat(s) associated with the reported email. This is a great timesaver for security professionals who are facing an ever-increasing workload.
- Consolidation of email notifications – When similar email messages are reported through PhishAlarm, the resulting PhishAlarm Analyzer notifications can be grouped to eliminate redundancies, reduce clutter, and improve productivity. Threshold alerts can let response teams know when the number of similar notifications has reached a level that could indicate an emerging threat or organization-wide attack.
- Targeted routing of reports – You can choose up to 25 recipients (including bulk inboxes) for each reported email category. This allows administrators to eliminate the likelihood of threats falling through the cracks and enables remediation efforts to be assigned based on severity level.
- Multiple implementation options – PhishAlarm Analyzer is a software-based solution that can be installed as a virtual machine image on a local computer or deployed through the cloud.
- Easy-to-use interface – Activation and configuration wizards guide you through the setup process, and all settings can be monitored and adjusted using our web-based PhishAlarm Analyzer management console.