KnowBe4 PhishER
Identify and Respond to Email Threats Faster
KnowBe4 PhishER
Contact us for Pricing!
Get a Quote
KnowBe4's PhishER is a platform for managing potentially malicious emails reported by users. It automatically prioritizes reported emails.
With automatic prioritization for emails, PhishER helps your InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly.
Because phishing remains the most widely used cyber attack vector, most end users report a lot of email messages they "think" could be potentially malicious to your incident response team.
Whether or not you step employees through security awareness training doesn’t change the fact that your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic… can present a new problem!
With the firehose of spam and malicious email that attack your network, some 7-10% of these make it past your filters. With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you not only handle the high-risk phishing attacks and threats, but also effectively manage the other 90% of user-reported messages accurately and efficiently? Now, there is PhishER.
What is PhishER?
PhishER is the key ingredient of an essential security workstream. It's your lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate your threat response and manage the high volume of potentially malicious email messages reported by your users. And, with automatic prioritization of emails, PhishER helps your InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly.
Additionally, with PhishER you are able to automate the workstream of the 90% of reported emails that are not threats. Incident Response (IR) orchestration can easily deliver immediate efficiencies to your security team, but the potential value is much greater than that.
With the right strategy and planning, your organization can build a fully orchestrated and intelligent SOC that can contend with today’s threats. PhishER enables a critical workstream to help your IR teams work together to mitigate the phishing threat and is suited for any organization that wants to automatically prioritize and manage potentially malicious messages - accurately and fast! PhishER is available as a stand-alone product or as an add-on option for current KnowBe4 customers.
Why Choose PhishER?
PhishER is a simple and easy-to-use web-based platform with critical workstream functionality that serves as your phishing emergency room to identify and respond to user-reported messages. PhishER helps you prioritize and analyze what messages are legitimate and what messages are not - quickly. With PhishER, your team can prioritize, analyze, and manage a large volume of email messages - fast! The goal is to help you and your team prioritize as many messages as possible automatically, with an opportunity to review PhishER’s recommended focus points and take the actions you desire.
With PhishER Security Roles, you can easily distribute your team's workload of email analysis and dispositioning from within PhishER. Use Limited and Full access Security Roles to implement a multi-tiered incident response system based on the severity levels of your user-reported messages in PhishER.
Key Benefits
- Full integration with KnowBe4's Phish Alert Button allows automatic prioritization of emails that are not threats
- Cut through the IR-inbox noise and respond to the most dangerous threats more quickly and efficiently
- Free up IR resources to identify and manage the 90% of messages that are either spam or legitimate email
- See clusters or groups of messages based on patterns that can help you identify a widespread phishing attack against your organization
- Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
- Automated email response templates let you quickly communicate back to your employees about the emails they need in order to continue working
- Create custom workflows for tasks such as prioritization and alerting so that the IR team can focus on the right messages
- PhishML is a PhishER machine-learning module that analyzes every message coming into the PhishER platform and gives you info to make your prioritization process easier, faster, and more accurate
- PhishRIP is a PhishER email quarantine feature that integrates with Microsoft 365 and Google Workspace to help you remove, inoculate, and protect against email threats so you can shut down active phishing attacks fast
- PhishFlip is a PhishER feature that automatically turns user-reported phishing attacks targeted at your organization into safe simulated phishing campaigns - in real time
How PhishER Works
PhishER processes user-reported phishing and other suspicious emails by grouping and categorizing emails based on rules, tags, and
actions. PhishML, the custom machine-learning module, analyzes messages and generates confidence values which are used to tag
messages. PhishRIP helps you easily find and quarantine suspicious messages still sitting in mailboxes across your entire organization.
PhishFlip automatically turns defanged phishing emails into training opportunities by flipping them into simulated phishing campaigns.
Automatic Message Prioritization
PhishER will help you prioritize every reported message into one of three categories: Clean, Spam, or Threat. Through rules you set, PhishER helps you develop your process to automatically prioritize as many messages as possible without human interaction.
With automatic prioritization of emails that are not threats, PhishER helps your team respond to the most dangerous threats more quickly. PhishER easily integrates with KnowBe4's email add-in button, Phish Alert, and also works by forwarding to a dedicated mailbox. PhishER reviews attributes of reported messages and stack ranks the most critical messages based on priority.
PhishML
KnowBe4's PhishML is a PhishER machine-learning module that helps you identify and assess the suspicious messages that are reported by your users, at the beginning of your message prioritization process. PhishML analyzes every message coming into the PhishER platform and gives you the info to make your prioritization process easier, faster, and more accurate.
PhishML is constantly learning based on the messages that are tagged, not only by you but also by other members of the PhishER user community! That means that the learning model is being fed new data to constantly improve its accuracy and more messages can be automatically prioritized based upon PhishER's categorization, saving you even more time.
PhishRIP
KnowBe4’s PhishRIP is an email quarantine feature that integrates with Microsoft 365 and Google Workspace to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.
PhishRIP enables you to:
- Remove: Once PhishER has identified a threat, you have the option to remove the same or similar messages from all mail folders, including inbox, sent, or trash folders.
- Inoculate: Because you likely will have users that receive the same email threats and don't report it, PhishRIP helps you monitor and detect those un-reported email threats so you can report, quarantine and analyze.
- Protect: Once any immediate threats are handled, you now have time to analyze threat details for continued protection in the future. With PhishRIP, you can send messages to your affected users, delete messages from your users' mailboxes, keep them quarantined, or restore messages that are identified as legitimate.
Microsoft 365 Blocklist
With the PhishER Blocklist feature, it’s super easy to create your organization’s unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console. You can now use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users!
Data Enrichment Intelligence
PhishER integrates with external services like VirusTotal to help analyze attachments and malicious domains. Using URL Unwinding, PhishER automatically expands shortened URLs to help see the potential threat level of the final destination.
PhishFlip
PhishFlip is a PhishER feature that allows you to respond in real time and turn the tables on cybercriminals. With PhishFlip, you can now immediately 'flip' a dangerous attack into an instant real-world training opportunity for your users. PhishFlip enables you to take your user-reported phishing email threats identified by PhishER and turn what was an active phishing attack into a safe simulated phishing campaign.
PhishFlip takes those real email threats removed by PhishRIP and creates a defanged look-alike version of that message. Then, PhishFlip automatically kicks off a simulated phishing campaign within your KnowBe4 console, and immediately replaces those real phishing emails sitting in your users' mailboxes with a defanged phishing security test. That's about as real-world as you can get!
Emergency Rooms
PhishER features "Emergency Rooms" to help you identify similar messages reported by your users. Emergency Rooms consist of pre-filtered views of your messages that are unresolved in your PhishER inbox. These messages are dynamically grouped by commonalities and include system pre-filtered views for messages by Top Subject Lines, Top Senders, Top Attachments, and Top URLs.
Each room is interactive, allowing you to drill down into filtered inbox views of the messages and take action across all associated messages at the same time. The overview of the Emergency Rooms allows you to immediately prioritize which room contains the most messages and is in need of attention.
What is SOAR?
Security Orchestration, Automation and Response defined: a coordination of automated security tasks across connected security applications and processes. Even for the most skilled security team, speed is not easy to achieve. Certain aspects of cybersecurity can be slow, e.g. copying and pasting information from one tool to another.
Instead of focusing on identifying threats and prioritizing response efforts, IR teams and SOCs are scrambling to try to keep up with the ever-growing pile of simple, repetitive tasks. This, at best, slows your team down or frustrates them. At worst, it allows threats to fall through the cracks.
- Orchestration - Security orchestration is the connecting and integrating of various security applications and processes together.
- Automation - Security automation is the automatic handling of a task in a machine-based security application that would otherwise be done manually by a cybersecurity professional.
SIEM Integrations
With PhishER’s API integration, you can connect PhishER with your existing security infrastructure and maximize your security investments. Leverage seamless, bi-directional API integration into your current security stack: SIEM, detection tools, ticketing systems, and more.
PhishER also integrates into your organization by pushing data into popular SIEM platforms such as Splunk and QRadar. With support for multiple syslog destinations available it's also possible to push data into as many other systems as you like.
Service Pricing Levels
With automatic prioritization for emails, PhishER helps your InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly. PhishER is a simple and easy-to-use web-based platform with critical functionality that serves as your phishing emergency room to identify and respond to user-reported messages.
With PhishER, your team can prioritize, analyze, and manage a large volume of email messages-
fast! This will save them so much time!
Features | |
---|---|
Automatic Message Prioritization Set rules to prioritize messages Clean, Spam, or Threat. |
|
Emergency Rooms Pre-filtered views of messages unresolved in PhishER inbox |
|
KnowBe4's Email Add-in Button PhishER integrates with KnowBe4’s Phish Alert Button, and also works by forwarding to a dedicated mailbox. |
|
Simple and Advanced Rule Creation Create custom rules, use the built-in YARA-based rules, or edit existing YARA rules. |
|
Custom Workflows Create custom workflows for prioritization and alerting tasks. |
|
Security Roles Create different user roles to assign custom permissions for the exact incident response roles you need in your organization. |
|
PhishML A PhishER machine-learning module that analyzes messages to give you info to make prioritization fast and accurate. |
|
PhishRIP PhishRIP is a PhishER email quarantine feature that integrates with Microsoft 365 or G Suite and is included with your PhishER subscription. |
|
PhishFlip PhishFlip enables you to take your user-reported phishing email threats and turn an active phishing attack into a safe simulated phishing campaign in real time. PhishFlip is included with your PhishER subscription and works with your KnowBe4 training and phishing subscription. |
|
PhishER Blocklist for Microsoft 365 Add user-reported email threats to your M365 blocklist. Create your organization's unique list of blocklist entries and dramatically improve your M365 email filters without leaving your PhishER console. |
|
Data Enrichment Intelligence PhishER integrates with external services like VirusTotal, URL Unwinding to help analyze attachments and domains. |
|
SIEM Integrations Push data into popular platforms such as Splunk and QRadar. Support for multiple syslog destinations is also available. |
Our SaaS subscription is a monthly per seat price, billed annually.
Ask for our non-profit and competitive upgrade discounts.
KnowBe4 offers attractive discounts for a 3-year contract. Get started today by filling out the form on the right. Find out how surprisingly affordable this is.
Find out how affordable this is.
Get a quote now.
Call Us
(02) 9388 1741
Email Us
[email protected]
Looking for more KnowBe4 Products?