Build a Phishing Monitoring program
The threat analysts and phishing experts at Novacoast are ready to help implement a structured program of filtering, monitoring, tuning, and response procedures to protect your organization against attacks that prey on user curiosity.
Engaging Novacoast with Phishing Monitoring
The security analysts at Novacoast live in the phishing landscape daily and are constantly reviewing the latest methods and tactics to break filters and deceive users.
While Novacoast generally associates phishing monitoring with our grander scope of managed security services, it can also be a standalone service apart from MSS.
Getting started can include a knowledge transfer from the customer and a briefing on any tools already in use.
Some recommendations and actions that may come from our group:
- We can advise when to block a trouble domain and why.
- We can help identify users in the organization who have clicked phishing links and subsequently recommended or require password resets for those accounts.
- We can contain phishing outbreaks by using incident response procedures to lock down compromised accounts and their access.
- We can recommend network level mitigation such as firewall/proxy blocks.
What We Do
An important element of a phishing monitoring program is verifying it’s actually working. Novacoast provides reporting at a set interval to show that phishing attacks are being intercepted and if none are being caught, the reasons why. See more on reporting below.
If no email security toolset is currently in place, we can help the customer determine which tool is a good fit based on an evaluation of needs.
At the very least, our analysts can set up a honeypot of sorts called an "abuse inbox" to identify incoming attacks if there's no specialized toolset in place.
Some organizations are beholden to compliance regulations that require phishing training. This involves using a specially tailored toolset to launch a simulated phishing attack against employees to help them learn how to identify or avoid falling for very realistic tactics. Novacoast can advise on this training or conduct the sessions for you.
Reporting and Health Checks
Metrics on phishing mitigation are useful in that they tell you the success of the tool or just how many emails you didn't have to worry about during a time period. It can be considered a health check of the system too. If data is being recorded, it's likely working.
Additionally, some aggregations of certain metrics can be useful. Some examples:
- Top reporters — these are the users who manually reported phishing emails that made it through filters into inboxes. It's good to reward these users.
- Top recipients — This is more of an intel-oriented metric. Why are these users getting phished? It may reveal risky behavior or exposure.
- Top clickers — These are the users who are having a difficult time identifying phishing. If it's frequent, the behavior should be admonished, reprimanded, or potentially even termination for repeated offenses. Phishing is a major security risk to an organization.