PhishMe Triage TM improved with integrations, collaboration, ability to crowdsource threat rules and malicious attachment preview tool
Leesburg, Va, June 23, 2016– PhishMe, a global provider of phishing-defense and intelligence solutions for the enterprise, has today confirmed it has bolstered its phishing threat management and incident response platform – PhishMe Triage. Enhancements include further integrations with third parties including PhishMe Intelligence and improved collaboration with a crowdsourced YARA Rule Exchange and PhishMe Community to help save analyst time and improve response efficiency.
“Even with all the processes and technology in place within organizations, phishing attacks containing ransomware and other malware continue to penetrate defenses. Over 91% of all network attacks begin with a successful phishing attempt, meaning organizations need an efficient and effective phishing incident response plan,” explains Aaron Higbee, CTO and Co-Founder of PhishMe. “PhishMe Triage allows organizations to quickly identify and remediate attacks in progress and reduce phishing threat analysis from hours to minutes. By utilizing human-led intelligence, from both within your organization and combined with the wider PhishMe Community, Triage frees up the manual resources previously needed to process the thousands of emails reported by employees so time and effort is focused on the actual threats that can cause damage.”
In order to optimize phishing incident response, PhishMe Triage integrates with a host of security technologies like sandboxes, SIEMs, URL analysis solutions, and more.
The latest enhancements to Triage include features for better collaboration and integrations:
- YARA Rule Exchange – all Triage customers are encouraged to share Yara rules through the Triage Community Exchange, which are verified by PhishMe’s own research team. This combined intelligence provides a robust library of battle-tested rules that improves the readiness of all Triage customers to help identify new threats in their environment and protect organizations from sophisticated phishing campaigns.
- PhishMe Community – this centralized hub for PhishMe customers helps build a collaborative knowledge base, offering technical tips and tricks, and the ability to engage with peers to share new ideas. This threat attack information and attack prevention strategy extends an organizations internal resources, leveraging the experience and intelligence from a larger group of people
- In-platform OpenDNS Integration – allows Triage to list domains that are known to be malicious, suspicious, or benign, warning customers of potential dangerous sites.
- Integration with PhishMe Intelligence – The PhishMe Intelligence team create human-verified, high-fidelity YARA rules for Triage that encapsulate indicators from confirmed, in the wild, phishing attacks to stay on top of new threats.Attachment Viewer – renders attachments as images, permitting the operator to safely preview the content and analyze the risk factors of a file without triggering any active content, nor wasting time opening an attachment in a separate sandbox environment to preview its content. When used with YARA rules that can identify potentially dangerous attachments, the Attachment Viewer provides enhanced analysis capabilities to Triage operators.
Aaron concludes, “Phishing attacks often target groups of people across an enterprise, so employees quickly become the front line of defence and organizations owe it to their workforce to ensure they’re properly prepared. PhishMe Triage helps by providing a mechanism to collect reports from the front line humans in the organization, combines this with intelligence from PhishMe’s research team and the wider PhishMe community, which together identifies the phishing emails that made it in. Every suspicious email reported helps prevent others from being caught in a malware trap.”