PhishMe’s Phishing Incident Response Platform Update Improves Usability for SOCs and IRs

PhishMe has made several updates to its phishing incident response platform, PhishMe Triage. PhishMe Triage is a phishing incident response management solution for security operations and incident responders that automates the identification, remediation, and sharing of new phishing threats. The solution provides visibility into email-based phishing attacks in near real-time, and analyzes and prioritizes threats reported by employees using PhishMe Reporter.

Triage identifies commonalities between user-reported threats to create a cluster of reports that can be used to identify campaigns against an organization. Thanks to the clustering, responders can reduce the volume of reports they need to process, ensuring a faster response to phishing attacks.

The platform has proved popular with security teams, although the updates will make use of the platform even easier, allowing information to be accessed and shared with the security team more rapidly.  The updates make it much easier for incident responders (IRs) and security operations centers (SOCs) to automate the prioritization, analysis and response to phishing threats.

Users can view detailed information on emails, attachments, clusters, reporters, and health stats more easily, and can improve integration across response teams. PhishMe Triage also has new REST API capability, allowing PhishMe Triage to be queried at set intervals, ensuring response teams can be notified as soon as a new phishing threat is detected. The APIs can also be used to quickly send information to second line team members to ensure swift remediation of a phishing threat. Users can also create custom dashboards showing historical data, and the update makes it easier to track phishing defense progress.

PhishMe has also expanded support for syslog alerts. Syslog alerts can be shared with the response team, allowing threat intelligence to be distributed much more quickly. Syslog alerts can be generated for clustering, performance, ingestion health, and triage recipe monitoring.

Audit logs are also created to give administrators greater visibility into the actions of users. The logs track more than 145 Event ID’s across PhishMe Triage. Logs can be exported or viewed through PhishMe Triage.

PhishMe has also improved security, adding two-factor authentication that works with Microsoft Authenticator, Google Authenticator, Duo and others.

“The latest enhancements to PhishMe Triage makes it easier for IR and SOC teams to act upon the collective work of their employees – ensuring that the collaboration between all departments plays a meaningful part in stopping phishing attacks before a breach occurs,” said Aaron Higbee, co-founder and CTO of PhishMe.

Author: NetSec Editor