Catching Phish with PhishMe Intelligence and ThreatQ
PhishMe IntelligenceTM Integrates with ThreatQuotient’s ThreatQ Platform
Swimming in a sea of threat intelligence indicators and services, security teams have been working towards effective ways to centralize, de-duplicate, and correlate massive amounts of threat data. The challenge, once this is done, is acting on what matters most. This requires intelligence, not just data.
PhishMe® and ThreatQuotient completed an integration combining PhishMe Intelligence and the ThreatQ threat intelligence platform (TIP). Together, the integration provides security teams the ability to ingest and correlate phishing-specific indicators with easy-to-act-on impact ratings and contextual reports to make security and business decisions with confidence.
PhishMe Intelligence customers gain from our human-verified phishing intelligence. What does this mean? It means that customers receive phishing indicators from daily criminal phishing campaigns such as compromised IP addresses, domains, URLs, hashes, and botnet and command and control infrastructure. These indicators and credible intelligence reports are meticulously maintained and verified by PhishMe security researchers. Customers receive expert phishing intelligence that connects indicators with threat actors’ infrastructure so that security teams can confidently act quickly and accurately in their investigations.
ThreatQ is an open and extensible TIP to provide defenders the context, customization, and collaboration needed for increased security effectiveness and efficient threat operations and management. ThreatQ accelerates the transformation of threat data into actionable threat intelligence by giving defenders unmatched control through a threat library, an adaptive workbench, and an open exchange to ensure that intelligence is accurate, relevant and timely to their business. With ThreatQ, customers can automate much of what is manual today and get more out of existing security resources, both people and infrastructure. And, in today’s crunch for security talent and efficiency, ThreatQ alleviates a lot of the manual burden of fighting phishing when combined with PhishMe Intelligence.
The screenshot below (Figure 1) illustrates the indicators collected by PhishMe’s global research team. Many services provide a list of indicators without context. PhishMe Intelligence goes much further and helps answer the never-ending question: “Is this a threat to my business?”
(Figure 1. PhishMe Intelligence Attributes within ThreatQ)
PhishMe makes it easy by providing indicator impact ratings of MAJOR, MODERATE, MINOR, or NONE. When PhishMe designates an indicator with a MAJOR impact rating, teams can heed this warning and confidently take action. PhishMe doesn’t just tell security teams what is malicious, but also explains why something is malicious. This is the context that allows analysts to act on the data analyzed and enriched by trustworthy PhishMe researchers.
The Active Threat Reports (Figure 2) are contextually-rich reports that illustrate threat actor tactics and the neighboring criminal infrastructure that supports their operation. The reports take the “so what” about an indicator, providing an inside-out view of the threat actor and tactics so analysts can determine what is relevant to their organization.
(Figure 2. PhishMe Intelligence Active Threat Reports)
With PhishMe Intelligence and ThreatQ, security analysts spend less time deducing and more time executing. TIPs emerged to help security analysts who are inundated with so much information and have a need to centrally manage it. TIPs have become a concentrated repository for security teams to ingest, de-duplicate, analyze, and act on the indicators received. PhishMe’s technical partnership with ThreatQuotient will help ensure that the quality of intelligence available related to indicators of phishing is second to none.
Think of it this way: Phish are caught in the “net” of PhishMe researchers and defenders share “TIPs” to ensure the phish are not biting the business!
Don’t forget to attend our joint Tech Session on September 19th where we will discuss our integration in detail, register here: http://phish.me/r9R530f5S9j