As defenders, there are many times our priorities are being determined by forces outside of our control. We are being guided by urgent projects, never ending vulnerabilities, sensational headlines, and over promised technologies. Meanwhile, real attackers continue to try to exploit our IT infrastructure and our End Users. The sophistication level of an average attack on the enterprise environment is increasing by the day and the average burnout of a defender is increasing by the minute. At some point, you start asking yourself are we always just suppose to lose?
Read MoreThis last post in our phishing series walks through a real phishing campaign to really show the power behind this solution both in the ability to identify and remediate malicious emails quickly and efficiently.
Read MoreSo we are in a place where we are identifying phishing campaigns and attacks but how do we help defend the company? Let's start by using the data to remediate phishes and enabling controls to stop them from coming in.
Read MoreNow that the data is in Splunk and searchable, you can start to pattern phishing behavior. Based on the patterns we were seeing in our environment, we started creating searches to proactively spot campaigns prior to our users reporting them (or clicking and not reporting). We created a Phishing Insight dashboard to display our new searches.
Read MoreOver a 4 part series of posts we hope to outline what worked for us in reducing our infections as a result of phishing from 40% to less than 5% without any end user interaction. We know this sounds ridiculous but hang in there and you will see how a bit of creativity and grit can get similar results for you.
Part 1 is all about making email logs useful to enable our hunting efforts.
Read More