KnowBe4 Launches PhishER to Improve Email Security

KnowBe4 is looking to make it easier for organizations to analyze and manage phishing alerts in a bid to improve email security.


Security firm KnowBe4 announced its new PhishER offering on Dec. 18, providing organizations with a new way to analyze and manage suspected phishing emails.

PhishER is positioned by KnowBe4 as being a security orchestration automation and response (SOAR) platform for email security and phishing threats. Phishing is an all too common occurrence where an attacker attempts to lure, or "phish," a victim into clicking on a malicious link sent via email. The PhishER technology integrates with KnowBe4's existing Phish Alert Button, which enables users to alert their email administrators if they think they have received a phishing email.

"The Phish Alert Button has become extremely popular, and if employees are using it, you get a boatload of emails that are potentially suspicious, leaving you to analyze hundreds of emails every day," Stu Sjouwerman, CEO of KnowBe4, told eWEEK. "This becomes another problem. PhishER is a huge time saver when it comes to the analysis of potential email threats."  

The KnowBe4 platform provides cyber-security training as well as simulation tools to improve awareness at organizations, which is a growing business. The company announced on Oct. 4 that its year-over-year sales for the third quarter of 2018 nearly doubled. 

KnowBe4 announced its Virtual Risk Officer (VRO) platform on Oct. 8, providing capabilities that enable organizations to determine cyber-risk. Sjouwerman said that currently there isn't direct integration between VRO and the new PhishER offering, but that is something that KnowBe4 is thinking about.

How It Works

There are two ways organizations can integrate the PhishER technology into an email system, Sjouwerman said. First is via the free KnowBe4 Phish Alert Button, which is an add-in for Outlook and several other email systems. Second, is that PhishER can also ingest reports from employees as a simple email address that they can forward messages to. 

"The Incident Response team that uses PhishER can create YARA rules that they can use to filter/analyze incoming messages," Sjouwerman said. "PhishER comes with a set of system rules as well."

YARA (Yet Another Recursive Acronym) provides a set of rules and queries that security researchers can use to look for and identify patterns that can help identify potential malware.

There are different types of phishing attacks that organizations face, among them an attack vector commonly referred to as Business Email Compromise (BEC). In BEC attacks, criminals trick unsuspecting organizations into paying fraudulent invoices. In a July 2018 report, the FBI warned that losses from BEC attacks between October 2013 and May 2018 were estimated at $12.5 billion globally. Sjouwerman said PhishER can have a role in limiting BEC attacks.

"The messages are reported by employees to the IR team, so if a user reports a BEC attack, PhishER's YARA rules can immediately spot these and tag them as a threat that needs to be immediately addressed," Sjouwerman said.

Looking forward into 2019, Sjouwerman said KnowBe4 has 12 months of cool features and products mapped out. 

"Here's a quick preview: We will put a particular focus on the end-user experience with localization, we're going to expand machine-learning enriched user-driven analysis, and we will add customer-supplied training module hosting," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.