Many enterprise phishing solutions today rely on known static threat libraries and AI analytics to identify suspicious patterns of behavior.
When email gateway detection results are inconclusive, a small percentage of malicious and damaging emails still manage to get through into the enterprise.
In large Enterprises with hundreds or even thousands of mailbox recipients, the number of potentially harmful phishing attacks reported by end-users can quickly reach unmanageable quantities.
VMRay’s safe detonation and Machine Learning (ML) driven phishing analysis provides a definitive verdict with greater visibility into an email’s malicious actions.
Best-in-class reputational, static, and dynamic analysis of phishing and credential harvesting related email attacks.
VMRay’s deep content inspection, recursive link analysis, file attachment verdicts, Smart Link, and other detected web objects can quickly identify emails with malicious intent.
Automated responses to end-user submissions reduces phishing related calls to the SOC and speeds the triage process without utilizing critical SOC team resources.
VMRay’s Abuse Mailbox enables SOC teams to create a dedicated mailbox hosted by VMRay, allowing each organization’s employees to become part of the “detection fabric” of the enterprise.
User Reported Phishing helps organizations identify malicious emails that have bypassed their perimeter email security or point phishing solution. Through a combination of end-user education and technology, malicious emails can be identified and forwarded by the end-user to an Abuse Mailbox.
The difference between VMRay’s User Reported Phishing and other vendor solutions stops there. Other vendor solutions require a SOC Analyst to then manually triage the email to identify if it is malicious or not. The results of the process may take hours or days depending on the volume of emails received by the Abuse Mailbox.
VMRay differentiates against other solutions by automatically triaging and analyzing the email threat to determine if it is malicious or benign. If malicious, the SOC team is notified along with the analysis and extracted IOCs to mitigate the threat within minutes and the end-user informed. All without using SOC Team resources.
Integrating with an EDR/XDR/SOAR solution is the easiest way to implement Abuse Mailbox automation. Email threats that have bypassed perimeter email security and phishing solutions can be identified by end users educated in spotting email threats.
Once forwarded to the Abuse Mailbox and analyzed by VMRay, the EDR/XDR/SOAR integrated with VMRay can take automated response actions based on predefined playbooks or workflows if the reported email is a legitimate threat.
The IOCs extracted from the analysis can be used to create email policies, firewall rules, and detection signatures to mitigate current and any subsequent attacks.
The VMRay platform is hardened against direct attacks and constantly assessed for vulnerabilities and exposures that would allow a bad threat actor to penetrate the system. The VMRay Platform allows customers to create a completely isolated environment for analyzing advanced phishing threats, without the risks posed by open-source tools and services. With On-Premises deployments, customers can ensure their data never leaves the network.
VMRay offers two data center locations, one in the EU and the other in the US, to our customers. While located in different regions, both are ISO27001 compliant, meet GDPR and California Data Privacy Act standards for data protection and privacy, and meet the Singapore Monetary Authority guidelines for cloud services for the financial sector. Our customer data is protected in accordance with some of the strictest data privacy laws in the world.
Abuse Mailbox is compatible with any email system. Reported emails are forwarded to an Abuse Mailbox on the VMRay platform and automatically analyzed upon receipt. The results of the email attack analysis are then sent to the SOC team in addition to a notification of malicious or benign sent to the end user, typically within minutes.
Phishing attacks are responsible for 91-94% of successful breaches according to many industry leaders. Malware authors have developed many different methods to bypass static detection controls or methods that exceed the capabilities of vendor phishing solutions. For example, recursive embedded links in documents that go many levels deeper than the default settings of the detection control is a common tactic. Using QR-Codes that when scanned, lead to malicious websites with malware booby-trapped webpages.
VMRay’s Labs team work hard to keep up with the constantly changing threat landscape and the attack chain methods used by bad threat actors. Once a new Advanced phishing attack method is identified, VMRay updates YARA rules and Machine Learning engines to accurately identify these threats.
