Neustar International Security Council launched ... » LONDON, UK: Neustar, Inc. has announced the launch of the Neustar International Security Council (NI... RiskIQ Digital Threat Management Platform Recognis... » LONDON, UK: RiskIQ has been recognised in an Ovum Research “On the Radar” report for providing orga... ExtraHop introduces new professional services fo... » UK: Today at Interop ITX has announced new professional services for cloud migration, datacenter mig... MIKE SMITH BECOMES NEW ECA PRESIDENT » A highly respected electrical engineer and businessperson – Mike Smith of SES Engineering Services –... Patriot One obtains purchase agreement with rese... » TORONTO:  Patriot One Technologies Inc. has announced a reseller agreement with Information Technolo... TDSi and LITESTAR announce new partnership in Si... » Poole: TDSi has announced a new partnership with Singapore-based installation specialist LITESTAR Te... FSA 10TH BIRTHDAY TOPS THE BILL AT IFSEC SHOW » Fire and security business representatives are being urged to attend the Fire & Security Association... Intercede announces Secure Login for WordPres... » Lutterworth, England/Reston, VA: Recently, digital identity and credentials expert, Intercede announ... Senior Intelligence Official Ron Moultrie joi... » NEW YORK, NY: Balabit has announced today that the former Director of Operations at the National Sec... Luke Kleszcz joins security manufacturer as Fina... » Poole: Integrated has announced the growth of its Finance team with the appointment of its new Finan...

CLICK HERE TO

SOCIAL BOOKMARK

Most of us have been in an airport and heard the announcement over the loud speaker; “If you see something, say something.” The airport has security personnel; however, their agents cannot be everywhere at once. They collectively rely on travelers passing through the airport to be their eyes and ears in places agents cannot be. In this way, as an airport traveler, you are a “sensor” watching for, detecting, and alerting on suspicious behavior such as unoccupied luggage.

 

What does this have to do with information security? Just as passengers can help prevent an incident in the airport by reporting suspicious activity, employees can help prevent a data breach by reporting suspicious email. The key to unlocking this valuable source of threat intelligence is to simplify the reporting process for employees, and to measure the results of your program to prioritize reports from savvy users.

Last year we released our PhishMe Reporter™ solution, which streamlines the reporting process and provides invaluable data about user reporting habits, enabling customers to measure the point when employees move from passive recognition of phishing attacks to becoming active participants in detecting and reporting them.

Improve Incident Response by Simplifying the Reporting Process

Most organizations already have a process in place for users to follow to report a suspicious email – but how often is it being followed? Does your process include many steps that may be foreign to a non-technical user such as viewing full headers or sending a message as “an item?” How Reporter=Buttonconfident are you that your users can correctly follow this process each time?

Reporter simplifies all of this by installing a button on each user’s email toolbar that enables users to rapidly report suspicious emails to your security team or Computer Incident Response Team (CIRT) with just the click of a button. The packaging of the email is always consistent, which ensures that the metadata, body, and any attachments included in the original phish, are all provided for forensic analysis. With a consistent reporting format and identical fields every time, Reporter provides a painless use-case mapping into an existing SIEM and/or logging solution you may be operating.

The results of analysis will be used to help determine which technical controls and mitigations a CIRT may undertake as they dissect the content for potentially malicious links/attachments. Quick response by the CIRT and supporting teams can reduce the cost, duration, and potential data loss that may result from an active phishing incident.

Measure Reporting and User Response to Simulated Phishing Events

In addition to improved IR capabilities, using Reporter gives our customers the ability to track user reporting habits and answer questions such as::

How many users reported a specific email?

How much time elapsed between launch of a PhishMe scenario phish and first user to report?

What are a specific individual’s reporting habits?

What happened first, undesirable actions or user reports?

During PhishMe scenarios, Reporter answers these questions and neatly integrates the data for each scenario, cleanly overlaying Reporter metrics with phishing scenario metrics. For emails from unknown sources, it provides a mechanism for the rapid detection and reporting of potentially malicious emails that can target your users at any time.

By focusing on providing users with positive reinforcement during teachable moments, we enable improved recognition of potentially malicious messages.

 

Enable Employees to Become Phishing Intrusion Detection Systems

Over time, an organization that uses Reporter will create a culture that emphasizes safe email use. Since Reporter tracks user response history, the CIRT can prioritize reports from users with solid reporting histories. Additionally, as reports of emails come in and are positively identified as malicious, the CIRT can begin to recognize patterns and take preventive action. Just as passengers have become cognizant of the risks associated with air travel and have learned to recognize and report suspicious activity in an airport, your employees can learn about the risks associated with email and learn to report suspicious email.