Security specialist Wombat launched PhishAlarm Analyzer, a software-based email phishing triage solution that uses machine learning to check emails against multiple security sources to identify and prioritize reported phishing emails for incident response teams.
Rapid identification and categorization allows information security officers and security response teams to isolate and remediate suspected phishing messages, including zero-hour attacks.
The platform scans reported emails and examines them based on standard security indicators of compromise, and the emails are then prioritized, and an HTML research report on the reported email is delivered to the incident response teams.
The research report is designed to save time for the incident response team by performing much of the research in advance so that they respond more quickly to the reported threats.
“We saw the need for additional analysis and categorization of reported emails—almost a second filter, if you will,” Al Himler, senior director of product management at Wombat, told eWEEK. “We found it to be a natural add-on to our PhishAlarm email reporting button and an excellent opportunity to improve the identification and remediation process. Clearly, not every reported email has the same threat level; but without additional intelligence, there’s no way for information security officers and security response teams to prioritize the reports without doing a good deal of research and legwork.”
Himler explained PhishAlarm Analyzer does that research and legwork on every reported message; each email is classified based on its likelihood of being a phishing or spear phishing attack, and each message includes an HTML report that identifies the sources of the indicators of compromise (IOCs) found within the message.
“This allows response teams to immediately act on the most dangerous and imminent threats within their networks,” he explained.
PhishAlarm Analyzer is a companion to Wombat’s PhishAlarm email reporting button, which is a component of the company’s ThreatSim simulated phishing assessment tool.
PhishAlarm Analyzer continuously pulls data about known attacks, dangerous IP addresses, blacklisted entities, and other markers from a multitude of reliable resources.
“It’s always learning and evolving, and it applies that knowledge when scanning and evaluating suspicious messages,” Himler said. “Because our algorithms tap into data about real-world threats and attacks seen in the wild, even subtle changes in threats can be detected and communicated to security response teams for more effective remediation.”
The platform is currently being trialed by customers and will be generally available during the second quarter of 2016.