Security awareness, email sandboxes and 2FA all help reduce the risk phishing poses to enterprises. However, an abuse inbox, where employees and customers can report suspicious emails, is an indispensable resource, providing vital insight into on-going and emerging phishing attacks. Tines allows end-to-end automation of phishing response and abuse inbox management.
Collect from multiple sources
Use the Tines IMAP Agent to read email directly from an inbox. Use the HTTP Request Agent to fetch suspicious emails from quarantines in GSuite, O365, and other secure gateways. Schedule regular, company-wide searches for emails potentially related to CEO-fraud and W2 scams.
Analyse URLS and attachments
Tines' ability to perform an unlimited number of steps means you can analyze URLs and attachments across multiple sandboxes and threat intelligence services, to reliably determine if the email represents a legitimate threat.
When a legitimate threat is detected, Tines can quickly perform remediative actions such as machine isolation, email deletion, password resets and cease and desist issuance to hosters. Use Tines to help identify additional victims by searching firewall and web proxy logs.
Close the loop
Promote positive user behaviour by responding to reporters of suspicious emails. Include detailed results of the email analysis. Where a user clicked a malicious link or opened a malicious attachment, provide contextually-relevant security awareness tips.
Iteratively improve controls
After responding to a threat, use Tines to improve preventative and detective controls. Use the HTTP Request Agent to update watchlists on SIEM and IDS/IPS, DNS blackhole malicious domains to prevent further victims. Share malicious URLs with trusted peers and SIGs.
Start your free trial today!
The Tines security automation platform helps the world's leading security teams automate any manual task.
Making them more effective and efficient.