The Problem

Phishing remains the most widely used cyber attack vector. Organizations that have trained their users through simulated phishing tests and security awareness training, and have armed them with the Phish Alert Button can run into a new problem. With the firehose of spam and malicious email that attack your network, some 10-15% of these make it past your filters.

Many of those emails are reported by users to your security response team – and they have to handle them as quickly as possibel . The sheer volume of potential malicious email reported by your users can get overwhelming. Since each message requires some level of analysis and possibly human intervention to prioritize, organizations with limited Incident Response staff need a simple and effective way to respond to and mitigate these reported messages.

With only approximately 1 in 10 user-reported emails being verified as actually malicious in some form, how do you not only handle the phishing attacks and threats—and just as portantly—effectively manage the other 90% of user-reported messages accurately and efficiently?

Specific Problems That IT Admins Face:

  • Training your users is paying off, but training creates cautious users and an influx of potentially thousands of user-reported messages that must be analyzed and prioritized.
  • Your team has operational SLAs to analyze potentially malicious messages within a certain amount of time, how do you filter through the IR-inbox noise quickly and efficiently?
  • 90% of messages reported to your security response team are not phishing or malicious but need to be handled fast so the important messages get back to your users.

Managing The Problem

With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you not only handle the high-risk phishing attacks and threats, but also effectively manage the other 90% of user-reported messages accurately and efficiently? PhishER.

Identify and respond to email threats faster with PhishER.

PhishER is a simple and lightweight SOAR platform with critical functionality that serves as your email emergency room to identify and respond to user-reported messages. PhishER helps you analyze and prioritize what messages are legitimate and what messages are not – quickly.

PhishER reviews message attributes of reported messages from KnowBe4’s Phish Alert Button and stack ranks the most critical messages based on severity. By identifying similarities between user-reported threats, PhishER helps you see clusters or groups of messages based on patterns that can help you determine real phishing attacks against your organization. Using built-in YARA-based system rules, PhishER helps you analyze messages faster with recommended focal points (Emergency Rooms) where you have the opportunity to review and take the actions you desire.

With automatic identification of emails that are not threats, PhishER helps your InfoSec and security operations teams cut through the IR-inbox noise. With PhishER, you are able to identify the most dangerous threats more quickly by helping you automate the prioritization of the 90% of reported emails that are not threats.

With PhishER, your team can analyze, prioritize and manage threats. With data enrichment services and an intelligent engine technology process, PhishER helps you analyze a large volume of email messages fast. The goal is to help you and your team prioritize as many messages as possible automatically, with an opportunity to review PhishER’s recommended priority status and take the actions you desire.

Positioning Statement

PhishER is an easy-to-use web-based SOAR platform with critical functionality that serves as your Incident Response team’s emergency room to identify, prioritize and respond to user-reported email messages – accurately and fast.

PhishER serves as your phishing emergency room to help your internal (or external) InfoSec and SOC teams to identify the most dangerous threats more quickly and at the same time help you automate the handling of the 90%o f reported emails that are not threats.

IR orchestration can easily deliver immediate efficiencies to your security team, but the potential value is much greater than that. With the right strategy and planning, your organization can build a fully orchestrated and intelligent SOC that can contend with today’s threats. PhishER is a critical element to help your IR teams work together to mitigate the phishing threat.

Product Description

PhishER is your platform for managing the high volume of potentially malicious email messages reported by your users. This highly critical functionality serves as your phishing emergency room to identify and respond to the most dangerous email threats or attacks. At the same time, PhishER helps free up incident response resources to identify and manage the 90% of messages that are either spam or legitimate email so your employees can quickly continue to respond to legitimate email messages.

PhishER is an optional add-on for KnowBe4 customers that want to automatically prioritize and manage potentially malicious messages that were reported through the KnowBe4 Phish Alert Button accurately and fast!