Blastin and Castin - Part 2

Now that the data is in Splunk and searchable, you can start to pattern phishing behavior. Based on the patterns we were seeing in our environment, we started creating searches to proactively spot campaigns prior to our users reporting them (or clicking and not reporting). We created a Phishing Insight dashboard to display our new searches.

Read More
Blastin and Castin - Part 1

Over a 4 part series of posts we hope to outline what worked for us in reducing our infections as a result of phishing from 40% to less than 5% without any end user interaction. We know this sounds ridiculous but hang in there and you will see how a bit of creativity and grit can get similar results for you.

Part 1 is all about making email logs useful to enable our hunting efforts.

Read More