Attackers Evading Technical Controls
As technology evolves to defend against threats, the attackers’ creativity enables them to find ways into the employees’ inbox hoping they will open the attachment or click the link. Employees conditioned to recognize and report suspicious email contribute valuable human intelligence that may otherwise go unnoticed for an extended period of time.
Security teams are hesitant to trust their sources of
intelligence for fear of disrupting the business. Correlation
and prioritization of security events and the confidence
to deny the communication is absolutely critical when
seconds matter in blocking the threat.
Too many threat intelligence feeds are full of false
positives that distract security analysts. Excessive alerts
only exasperate overwhelmed analysts with a finite
amount of time.
Cofense Intelligence indicators provide security teams
with visibility into phishing criminal infrastructure. Analysts
operationalize their response workflow against phishing URLs,
IPs, domains, files, command and control (C2), payload, and
exfiltration sites, when they configure NetWitness to alert on
activity matching the indicators.Additionally, human-readable
contextual executive and technical reports that illustrate the
phishing infrastructure produced by PhishMe are available.
Security teams are much more confident in the action they
take based on thorough indicator report analysis when
NetWitness correlates activity across their configuration rules.
PhishMe Intelligence reports not only identify the security
risk, butexplicitly state why indicators are malicious so that
analysts don’t have to do additional research. Armed with
human-verified phishing intelligence indicators and verbose
reports that can be associated with events captured by
How It Works
Cofense Intelligence ingested into RSA NetWitness software
connect and optimize the workflow. The phishing indicators
in machine-readable threat intelligence (MRTI) correspond to
risk-based threat ratings enabling security teams to quickly
identify the latest phishing attacks bypassing their perimeter.
The human-verified intelligence from PhishMe affords analysts opportunity to prioritize and decisively respond to events with high fidelity data. Analysts can then navigate to PhishMe’s portal with access to human-readable Active Threat Reports with detailed insight into the attacker TTPs. These reports start with an executive overview and then describe the attack vector used to gain access to your employee’s computer. The PhishMe Intelligence service includes enriched IOC event data such as:
With the powerful combination of internally-generated
attack intelligence, 100% human-verified threat intelligence,
and incident response event data made visible and
actionable in NetWitness, security teams can respond
quickly and with confidence to mitigate identified threats.
RSA® Business-Driven Security™ solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and reduce business risk, fraud and cybercrime. RSA protects millions of users worldwide and works with more than 90 percent of the Fortune 500.