Integration Pairs Efficient and Expedient Phishing Incident Response with Integrated Threat Analysis and Prevention
PhishMe® and Palo Alto Networks® technologies equip security teams with enhanced protection against phishing threats.
Conditioning employees to detect and report suspicious email is a strategy security leaders have adopted to protect the business and empower employees to become a defensive asset. PhishMe Triage™ ingests employee-reported suspicious email – allowing security teams to quickly assess and respond to threats. PhishMe Triage now integrates with Palo Alto Networks WildFire™ cloud-based threat analysis and prevention capabilities to provide an even more formidable approach to identifying and preventing potentially damaging phishing attacks.
When Phish Swim Through the ‘Net
As attackers continue to innovate, preventing successful execution of email with malicious intent will continue to be a challenge if it makes it to the inbox. Ransomware, business email compromise (BEC), malware infections, and credential-based theft all primarily stem from a single vector of compromise – phishing. A key defensive tactic is to condition employees to identify and report suspicious email to security teams for analysis. Yet, security teams need to be efficient and can’t afford to be bogged down with manual processing and analysis when responding to incidents. High functioning security teams must automate the ability to ingest, verify and enforce new protections for potential phishing attacks, all within their existing infrastructure.
Empowered Employees and Technology – Catchin’ Phish!
PhishMe Research has proven that employees who are conditioned to report suspicious email are assets, not liabilities, to the security posture of the business. Reporting suspicious email allows for additional technical and human analysis. Just a single employee reporting a malicious email is enough for security teams using the right resources to identify and disrupt the attacker before they are able to achieve their mission.
That one employee who has received proper conditioning to recognize and report suspicious email serves as an early warning system – tipping off the security team to an anomaly as soon as it hits the inbox!
PhishMe Triage receives reported suspicious email from employees and organizes and analyzes through its own security analytic engine as well as security partner integrations. These integrations allow security leaders to maximize their security technology investments and defenses. Triage identifies what is nefarious, and does it through automation rather than inundating security analysts with more reports to dissect.
Integrated PhishMe Phishing Analysis with Palo Alto Networks
Security teams who aspire to accelerate their phishing analysis can do so with the Palo Alto Networks WildFire API integration with PhishMe Triage. As email is reported to security teams operating PhishMe Triage, Palo Alto Networks WildFire customers can harness the integration capabilities to detect and prevent phishing cyberthreats.
Here’s a sample of how PhishMe and Palo Alto Networks are spotting threats that demand security teams’ attention.
- The analysis results produced by WildFire are strengthened when PhishMe Triage collects and prioritizes reported phishing attacks from PhishMe Reporter™ and maps useful indicators in the workflow.
- Customers with a valid WildFire subscription simply enter their API credentials into Triage to enable analysis of file attachments automatically. PhishMe Triage supports customer environments who utilize WildFire in the cloud or an on-premise WF-500 appliance. When configured, these solutions quickly analyze and provide a detailed examination to help security teams determine which threats require immediate attention to remediate or prevent similar attacks.
- Security teams simply choose the file-types they wish to have automatically analyzed at ingestion. The analysis results are then contained within PhishMe Triage and clustered to allow analysts to swiftly respond to the most critical.
- PhishMe Triage scrutinizes suspicious email at ingestion and uses the WildFire API to send the file(s) to determine their cyberthreat verdict. Quickly, the analyst receives integration results back into PhishMe Triage with summary detail and a thorough human-readable report illustrating the threat’s characteristics.
- With PhishMe Triage rule matching, reputation of the employee reporting, threat intelligence, and combined threat analysis from the WildFire cloud, analysts will be confident in their response and automation workflow action. Security teams can manually or programmatically categorize the threat to follow a workflow involving support for leading SIEM providers.
More about WildFire:
Palo Alto Networks WildFire™ cloud-based threat analysis and prevention service analyzes files and links and designates never-before-seen items for further investigation using static and dynamic analysis over multiple operating systems and application versions. If a sample is categorized as malicious, WildFire will automatically generate and populate a holistic set of new preventions to the Palo Alto Networks Next-Generation Security Platform and integration partners, minimizing the risk of infection from both known and unknown threats without any additional, manual action. WildFire correlates global, community-driven threat intelligence from multiple sources across networks, endpoints and clouds to immediately halt threats from spreading. WildFire’s architecture provides granular controls over what data will be submitted for analysis. Elements like file type and session data, as well as choosing the data path and regional WildFire cloud where the analysis and data storage will take place, are all configurable.
To learn more about the Palo Alto Networks Next-Generation Security Platform and WildFire, visit: https://www.paloaltonetworks.com/products/designing-for-prevention/security-platform.
To learn more about the PhishMe Triage, visit: http://cofense.com/product-services/triage.
For more information, download the full solution brief.