At Intezer, we’re committed to enhancing security operations efficiency and effectiveness. Today, we’re thrilled to announce the launch of our new feature: Automated Phishing Investigation. This capability is designed to automate the analysis and classification of suspected phishing emails (commonly, employee-reported phishing), saving your organization valuable time and resources.
The Challenge of Phishing Investigation
Investigating employee-reported phishing is one of the most time-consuming tasks for the majority of organizations. It requires significant resources and can distract from other critical security tasks. However, phishing remains the leading infection vector and one of the best places to detect and quickly respond to cyber attacks, particularly targeted attacks. With the rise of sophisticated phishing attacks, it’s more important than ever to investigate these reports thoroughly and promptly.
Introducing Automated Phishing Investigation
Our Automated Phishing Investigation feature addresses this challenge head-on. By integrating into any employee reported phishing workflows, such as a dedicated mailbox, Office 365 Report Phishing add-in and Proofpoint’s PhishAlarm, or any other way your employees report suspicious emails — Intezer streamlines the investigation of suspicious emails, notifying you only of items that require your attention.
For each suspicious email, Intezer provides a clear verdict, priority, classification (malware family or threat actor), and context. This allows you to quickly understand the nature of the threat and take appropriate action.
How It Works
Automated Phishing Investigation works by parsing raw email data, scanning attachments, analyzing URLs, and soon, using Large Language Models (LLM) to detect phishing manipulations within the email body. Each piece of evidence is investigated separately using our robust analysis engine. The results are then summarized into a single, clear, all-encompassing assessment for the entire email.
After the automatic investigation, we send notifications to your system of choice (email, SOAR, case management system and any system that supports webhooks) only on things that require attention. This ensures that you’re not overwhelmed with alerts and can focus on the most significant threats.
Easy Integration and Customizable Notifications
We’ve made it easy to integrate Automated Phishing Investigation into your existing processes, by offering several different options:
- You can set up a dedicated mailbox to forward all suspected phishing emails. This method also allows you to easily integrate with third party mailboxes and email security solutions (for example, integrate to Office 365 by configuring the dedicated mailbox in the Microsoft Report Phishing add-in).
- Submit raw phishing emails (.msg or .eml) directly through our API or via the Python SDK.
- Submit the suspicious email via Intezer’s SOAR integrations (Splunk SOAR, XSOAR, Chronicle SOAR, Azure Sentinel, …).
You can also configure the system to send information and notifications even for emails that weren’t marked as escalated by Intezer. This gives you the flexibility to tailor the system to your specific requirements.
Gaining Insights from Phishing Emails: Shaping Your Security Strategy
One of the most powerful aspects of our Automated Phishing Investigation is the ability to gain periodic insights from the phishing emails reported by your employees. By automatically classifying every suspicious email, you can identify trends in the threat landscape that may otherwise go unnoticed.
These insights can be invaluable in shaping your security strategy. For instance, you might notice an increase in phishing attempts related to a particular malware family or threat actor. This could indicate a targeted attack on your organization or an emerging threat in your industry. With this information, you can take proactive measures to strengthen your defenses and educate your employees about the specific threats they’re likely to encounter.
Furthermore, by understanding the tactics, techniques, and procedures (TTPs) used in these phishing attempts, you can better prepare your organization to recognize and respond to future threats. This proactive approach to security can significantly reduce your risk of a successful phishing attack.
In essence, the Automated Phishing Investigation feature doesn’t just help you respond to phishing attempts—it helps you anticipate them. By providing clear visibility into the threat landscape, it empowers you to stay one step ahead of the attackers.
Intezer’s Automated Phishing Investigation is a powerful tool that can significantly streamline your security operation processes, especially when paired with the automated endpoint alert triage. By automating the investigation process, it allows you to focus on the most significant threats and take action quickly, as well as gain insights to improve your security posture overtime.
Existing customers can easily get started. Please refer to our documentation to learn about the different options to set up your automated phishing investigation pipeline. Existing customers and users can request a dedicated email inbox by contacting email@example.com.
New customers can see the automated phishing investigation in action by booking a demo with us today, or alternatively sign up for a free account.