By Need
Dealing with the management of user-reported phishing emails, sifting through the information to determine what’s a legitimate threat and what’s not, and acting accordingly is a necessary, but extremely time consuming, process. Do it in seconds with ThreatConnect®.
Set-up a mailbox for centralized reporting of potential phishing emails from all sources, including both humans and technologies like Email Security Gateways. When the mailbox receives a message, the rest of the Playbook is triggered to automate the analysis and corresponding response efforts.
Reported emails are parsed for indicators which are extracted from the email. Those indicators are automatically correlated against threat intelligence within ThreatConnect that has been aggregated by third party feeds and our CAL™ (Collective Analytics Layer). If indicators are found to be malicious, appropriate response efforts are seamlessly kicked-off.
Emails containing malicious indicators trigger response efforts such as user and administrator notifications, as well as communicating with other technologies such as firewalls and secure web gateways. If the email is deemed safe, the user is appropriately notified and it can be marked as a false positive for future considerations.