Automated phishing response
Security awareness, email sandboxes and 2FA all help reduce the risk phishing poses to enterprises. However, an abuse inbox, where employees and customers can report suspicious emails, is an indispensable resource, providing vital insight into on-going and emerging phishing attacks.
Tines allows end-to-end automation of phishing response and abuse inbox management.
Collect from multiple sources
Use the Tines IMAP Agent to read email directly from an inbox. Use the HTTP Request Agent to fetch suspicious emails from quarantines in GSuite, O365, and other secure gateways. Schedule regular, company-wide searches for emails potentially related to CEO-fraud and W2 scams.
Analyse URLs and attachments
Tines' ability to perform an unlimited number of steps means you can analyze URLs and attachments across multiple sandboxes and threat intelligence services, to reliably determine if the email represents a legitimate threat.
For real time analysis and classification of suspicious URLs you can use commercial services like phish.ai
to true positives
When a legitimate threat is detected, Tines can quickly perform remediative actions such as machine isolation, email deletion, password resets and cease and desist issuance to hosters.
Use Tines to help identify additional victims by searching firewall and web proxy logs. Perform deeper response by fetching and analyzing passive DNS logs associated with the malicious URL.
Close the loop
Promote positive user behaviour by responding to reporters of suspicious emails. Include detailed results of the email analysis.
Where a user clicked a malicious link or opened a malicious attachment, provide contextually-relevant security awareness tips.
After responding to a threat, use Tines to improve preventative and detective controls. Use the HTTP Request Agent to update watchlists on SIEM and IDS/IPS, DNS blackhole malicious domains to prevent further victims. Share malicious URLs with trusted peers and SIGs.