• Post category:Phishing

10 Ways URL Analysis & Enrichment Can Help Ease Your SOC’s Challenges in 2020

If you’re in the IT security space, you no doubt realize that phishing remains a constant threat. Exploiting the human attack surface is at the start and heart of most cybersecurity breaches, it often goes undetected until too late, requires a big investment of time and money to defend, and it can’t be stopped by single security measures, MFA, or phishing awareness training for employees. It’s like The Terminator of security threats! It just keeps coming.

With new phishing attack vectors, increased sophistication, and more mobile workers, it’s no wonder organizations have put increased emphasis on user awareness and training. For email phishing, many companies train employees to report suspicious emails, even offering single-click forwarding to an Abuse Inbox. This has created a costly burden on already stretched SOC and IR teams: efficiently managing a rapidly swelling Abuse Inbox.

With more than 90% of suspicious emails being false positives, quickly finding genuine threats can be time consuming and costly. Many organizations are automating this phishing IR process with SOAR playbooks for analyzing suspicious URLs and files. But URL analysis can be challenging. With the increased use of shortened links, multiple re-directs, phishing pages hosted on legitimate (not blacklisted) sites, and other evasion techniques, accurately detecting phishing URLs requires more sophisticated methods of detection.

With our Phishing URL Analysis & Enrichment solution, we can help ease your SOC teams’ pain and challenges around Abuse Inbox management for 2020 and beyond. Here are ten ways SlashNext’s solution can help:

  1. Save time and money by automating phishing IR. Save hundreds of hours vs. costly manual research on suspicious URLs by fully automating URL analysis as part of your Abuse Inbox playbook. No manual intervention required. Just submit URLs to SlashNext cloud through automated playbook commands and get accurate, binary verdicts plus forensics data on URLs submitted for analysis.
  2. More accuracy = more automation. SlashNext patented SEER technology sees through evasion tactics to examine final destination pages and delivers accurate, binary verdicts (not inconclusive risk scores) with near-zero false positives. With highly accurate, definitive verdicts, you can automate next steps rather dealing with additional manual work investigating inconclusive “suspicious” verdicts.
  3. Cut false positive noise. With more than 90% of user reported emails being false positives, SlashNext lets you quickly identify and dismiss them while also accurately detecting genuine threats. The faster you identify and cut out the false positive noise, the more time you can spend on IR for real phishing threats.
  4. Zero-hour threat detection. Malware sandboxes are useful for analyzing malicious binaries and files using virtual machines, but they are not designed for analyzing phishing and social engineering webpages. SlashNext provides SOC and IR teams with a scalable, cloud-based analysis engine which was purpose-built for analyzing phishing URLs. It uses virtual browsers to dynamically analyze page contents (images, text, etc.) and server behavior to detect previously unknown, zero-hour threats missed by URL inspection and domain reputation analysis methods.  
  5. Real-time detection. By performing run-time analysis on URLs rather than just checking known threat databases, SlashNext can detect previously unknown, zero-hour phishing threats in real-time. This enables SOC and IR teams to catch genuine threats near the start of the kill chain and reduce the chances of far more costly downstream IR for breaches.
  6. URL enrichment with forensics data. Provides more than definitive verdicts alone. Access to IoCs, screen shots, HTML, rendered text and more assists IR teams in identifying and analyze phishing threats. This additional information simplifies and helps complete phishing IR reporting, on-going vulnerability management, and can even aid in on-going phishing awareness training and testing with employees.
  7. Overcomes evasion tactics. Detects phishing pages hidden behind URL obfuscation techniques and redirects, as well as phishing pages hosted on compromised websites or legitimate hosting infrastructure.
  8. Broader detection. Detects all major phishing payload threats, not just credential stealing. These include of course credential stealing, but also rogue software and browser extensions, document theft, money transfer scams, and scareware tech support scams.
  9. Fast operationalization. SlashNext provides pre-built integrations for leading SOAR, SIEM, and TIP platforms. Pre-packaged integrations with leading solutions from Demisto, Splunk Phantom, ThreatConnect and more provides quick operationalization for a variety of phishing IR playbooks. SlashNext even provides sample playbooks to simplify implementation for different phishing IR use cases, plus example scripts for teams that don’t use a SOAR platform.
  10. Cloud Scale. Operates at cloud scale, using millions of virtual browsers to analyze many millions of suspicious webpages daily. Analyze thousands of suspicious URLs on demand for bulk processing for phishing IR and automated threat hunting from network or endpoint log data.

To find out how you can save time, money, and hassle by automating your SOC team’s phishing IR efforts, contact us and request a demo today.

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.