Identify and Respond to Email Threats
Faster with KnowBe4's PhishER

Date: 08/09/2022

Author: Andrew Weston

Introduction

PhishER helps security teams analyse, prioritise and manage emails that employees have reported as suspicious. With PhishER, Information Security teams can identify the most dangerous threats faster and more efficiently. The platform also helps Information Security teams quickly process the emails that have been reported as suspicious but are actually legitimate and need to be actioned or responded to by the employee.

Phishing remains the most widely used cyber-attack vector. In the region of 7 to 10 percent of current spam and malicious emails make it past currently installed email filters.

Companies who have invested in training their employees with the latest forms of security awareness training, including simulated phishing tests and have deployed the free KnowBe4 Phish Alert Button can still run into problems accurately identifying a spam email versus a phishing email or other type of malicious email.

Many of these emails are reported by employees to Information Security teams and require review as quickly as possible. Since each message requires some level of analysis and possible human intervention to prioritise, companies with limited security resources need a quick and easy way to respond to and mitigate these emails.

Incident response orchestration can deliver immediate efficiencies to an Information Security or Security Operations team. With the right strategy and planning, a company can build a fully orchestrated and intelligent SOC that can contend with today’s threats. PhishER is a critical element to help Incident Response and Information Security teams work together to mitigate the phishing threat.

Our Information Security and Security Operations teams spend a significant amount of time and resources checking suspected Phishing emails. Can PhishER help me?

PhishER is a lightweight Security Orchestration, Automation and Response platform designed to orchestrate your threat response and manage the high volume of potentially malicious email messages being reported by your employees.
With automatic prioritisation for emails, PhishER helps Information Security and Incident Response teams cut through the email noise and respond to the most dangerous threats more quickly.

Additionally, with PhishER you are able to automate the management of the 90% of reported emails that are not threats. Incident Response orchestration can easily deliver immediate efficiencies to your Information Security team, but the potential value is much greater than that.
With the right strategy and planning, your company can build a fully orchestrated and intelligent Security Operations Centre that can contend with today’s threats. PhishER is a critical element to help your Information Security and Incident Response teams work together to mitigate the phishing threat and is suited for any company that wants to automatically prioritise and manage potentially malicious messages – accurately and fast.
PhishER is available as a stand-alone product or as an add-on option for existing KnowBe4 customers.

So, I understand the benefits that PhishER can bring to my company – but how does it actually work?

PhishER is a simple web-based platform with critical functionality that serves as your phishing emergency room to identify and respond to employee-reported messages. PhishER helps you quickly prioritise and analyse which messages are legitimate and which messages are not. With PhishER, your team can prioritise, analyse, and manage a large volume of emails – fast! The key goal is to help you prioritise as many messages as possible automatically, with an opportunity to review PhishER’s recommended focus points and take the actions you desire.

PhishER processes user-reported phishing and other suspicious emails by grouping and categorising emails based on rules, tags, and actions. PhishML, the custom machine-learning module, analyses messages and generates confidence values which are used to tag messages. PhishRIP helps you easily find and quarantine suspicious messages still sitting in mailboxes across your entire organisation. PhishFlip automatically turns defanged phishing emails into training opportunities by flipping them into simulated phishing campaigns.

This all makes sense, but can you provide some more information on how the prioritisation, rules and tagging work?

Automatic Message Prioritisation:

PhishER will help you prioritise every reported message into one of three categories: Clean, Spam, or Threat. Through rules you set, PhishER helps you develop your process to automatically prioritise as many messages as possible without human interaction.
With automatic prioritisation of emails that are not threats, PhishER helps you respond to the most dangerous threats more quickly. PhishER easily integrates with KnowBe4’s email add-in button, Phish Alert, and also works by forwarding to a dedicated mailbox. PhishER reviews attributes of reported messages and stack ranks the most critical messages based on priority.

Simple and Advanced Rule Creation:

You can create custom rules, use the built-in YARA-based system rules, or edit existing YARA rules. Using PhishER’s YARA Basic Editor, you can easily create strings and conditions for your rules.

PhishML™:

KnowBe4’s new PhishML is a PhishER machine-learning module that helps you identify and assess the suspicious messages that are reported by your employees, at the beginning of your message prioritisation process. PhishML analyses every message coming into the PhishER platform and gives you the information to make your prioritisation process easier, faster, and more accurate.
PhishML is constantly learning based on the messages that are tagged, not only by you but also by other members of the PhishER user community. That means that the learning model is being fed new data to constantly improve its accuracy and more messages can be automatically prioritised based upon PhishER’s categorisation, saving you even more time.

Emergency Rooms:

PhishER features “Emergency Rooms” to help you identify similar messages reported by your employees. Emergency Rooms consist of pre-filtered views of your messages that are unresolved in your PhishER inbox. These messages are dynamically grouped by commonalities and include system pre-filtered views for messages by Top Subject Lines, Top Senders, Top Attachments, and Top URLs.

Each room is interactive, allowing you to drill down into filtered inbox views of the messages and take action across all associated messages at the same time. The overview of the Emergency Rooms allows you to immediately prioritise which room contains the most messages and is in need of attention.

Get Notified for New Blogs:

We post regularly on the platforms below, notifying our audience when we publish new pieces.

All views expressed on this blog are the author’s own and do not represent the opinions of any entity whatsoever with which the author 
has been, is now or will be affiliated, inc. this organisation whose website the blog is hosted on, or any partner of this organisation.

Scroll to Top