If you are in the field of computer security, you undoubtedly realize
that phishing remains a constant threat. Exploiting the human attack surface is
at the start and at the heart of most cybersecurity breaches, it often goes unnoticed
until too late, requires a large investment of time and money to defend itself, and it
cannot be stopped by single security measures, MFA authentication or phishing awareness
training for employees. It’s like the Security Threat Terminator! It’s just
keep coming.
With new phishing attack vectors, increased sophistication,
and more mobile workers, it’s no wonder organizations have put
emphasis on user awareness and training. For email phishing, many companies
train employees to report suspicious emails, even offering one-click forwarding
to an abuse inbox. This created an expensive burden on an already stretched SOC
and IR teams: effectively managing a rapidly inflated abuse inbox.
With over 90% of suspicious emails being fake
positive, finding real threats quickly can be time consuming and expensive.
Many organizations automate this IR phishing process with SOAR playbooks
to scan for suspicious URLs and files. But URL parsing can be difficult.
With the increased use of shortened links, multiple redirects, phishing pages
hosted on legitimate sites (not blacklisted) and other evasion techniques, with precision
detecting phishing URLs requires more sophisticated detection methods.
With our phishing URL analysis and
Enrichment solution, we can help you facilitate your SOC
the pain and challenges of teams around handling the abuse inbox for 2020
and beyond. Here are ten ways SlashNext’s solution can help you:
- To safeguard
time and money automating IR phishing. Save hundreds of hours against costly
manual search for suspicious URLs by fully automating URL analysis as part of
your Abus Inbox playbook. No manual intervention required. Just submit URLs to
SlashNext cloud via automated playbook controls and get accurate binary
verdicts and forensic data on URLs submitted for analysis. - Following
precision = more automation. SlashNext’s patented SEER technology sees
through escape tactics to review final landing pages and deliver
Accurate binary verdicts (inconclusive risk scores) with a false close to zero
positive. With very precise and final verdicts, you can automate the next one
steps rather than facing additional manual labor
“suspect†verdicts. - To cut
false positive noise. With over 90% of emails reported by users
false positives, SlashNext allows you to quickly identify and reject them while
also accurately detect real threats. The faster you identify and cut
false positive noise, the more time you can spend on IR for real phishing
threats. - Zero hour
threat detection. Malware sandboxes are useful for analyzing malware
binaries and files that use virtual machines, but they are not designed for
analyze phishing and social engineering web pages. SlashNext provides SOC and
IR teams with a scalable, cloud-based analytics engine that has been specially designed
to analyze phishing URLs. It uses virtual browsers to dynamically analyze
page content (images, text, etc.) and server behavior to be detected beforehand
unknown threats, missed zero-hour URL inspection and domain reputation
analytical methods. - Real time
detection. By performing runtime analysis on URLs rather than just
by checking databases of known threats, SlashNext can detect so far unknown,
real-time zero hour phishing threats. This allows SOC and IR teams to catch
real threats at the start of the destruction chain and reduce the risk of
More expensive downstream IR for violations. - Url
enrichment with forensic data. Provides more than final verdicts
alone. Access to IoCs, screenshots, HTML, rendered text, and other IR helpers
teams to identify and analyze phishing threats. This additional information
simplifies and helps complete IR phishing reports, current vulnerability
management, and can even help with ongoing phishing awareness training and
testing with employees. - Overcomes
escape tactics. Detects phishing pages hidden behind URL obfuscation
techniques and redirects, as well as phishing pages hosted on compromised sites
legitimate websites or hosting infrastructure. - Wider
detection. Detects all major phishing payload threats, not just credentials
flight. These of course include credentials
theft, but also malicious software and browsers
extensions, document theft, money transfer scams and scareware
tech support scams. - Fast
operationalization. SlashNext provides prebuilt integrations for
SOAR, SIEM and TIP platforms. Pre-packaged integrations with cutting-edge solutions
from Demisto, Splunk Phantom, ThreatConnect and more provides
operationalization for a variety of IR phishing playbooks. SlashNext same
provides sample playbooks to simplify implementation for different phishing IRs
use cases, as well as sample scripts for teams that don’t use a SOAR platform. - Cloud
Ladder. Works cloud-scale, using millions of virtual browsers to
analyze several million suspicious web pages daily. Analyze thousands of
Suspicious URLs on demand for bulk processing for IR and automated phishing
Hunting threats from network or endpoint log data.
To find out how you can save time, money and hassle by automating
your SOC team’s IR phishing efforts, contact us and request a demo
today.
*** This is a syndicated Security Bloggers Network blog from SlashNext written by Lisa O’Reilly. Read the original post at: https://www.slashnext.com/blog/10-ways-url-analysis-enrichment-can-help-ease-your-socs-challenges-in-2020/
