SOAR renewal? Migrate to D3 for free

Learn More
Get a Demo

Phishing Attack

Investigate, Block & Respond to Phishing Incidents

Phishing is one of the leading attack vectors used by everyone from basic scammers to APT groups to gain a foothold into your organization. Sophisticated adversaries employ spearphishing and whaling techniques to gain persistence and pull off data theft. Even a high volume of phishing incidents from unsophisticated attackers can overwhelm your SOC. D3’s fully automated phishing incident response and threat detection playbooks prevent breaches and costly downtime.

Steps for Phishing Incident Response

Step 1:

A suspicious email is detected by an email protection tool or manually reported to D3 by a user.

Step 2:

D3 parses out the elements of the email and assesses risk. Attachments are sent to a sandbox, external IPs and URLs are checked against threat intelligence sources, and email authenticity is determined.

Step 3:

If the attachment is found to be malicious, D3 finds hosts that have been affected by the files and quarantines them. A ticket is also created to re-image the hosts.

Step 4:

 If the external IP or URL is found to be high-risk, D3 blocks them on the network and firewall.

Step 5:

D3 then blocks the phishing email, removes it, and finds any users who received the same email. If there is a larger phishing campaign, D3 will send an email to notify users of the threat.

Benefits of Phishing Response Automation

Investigate Every Attempt

By automating the majority of the process, D3 users have the time to properly investigate every suspected phishing incident.

Block Malicious Files and URLs

If an attached file or linked URL is checked against a threat intelligence sources or sandbox and found to be malicious, you can use D3 to orchestrate blocking it on your network and firewall, saving time and preventing further damage.

Find the Extent of the Damage

When one phishing email is detected, D3 can search across corporate inboxes, endpoints, and user accounts to find who else was targeted, what computers downloaded the attached files, and whose credentials may have been compromised.

Group Incidents for Efficient Response

Phishing emails are often sent to hundreds of people at once, so it doesn’t make sense to respond to each email as a separate incident. With D3, all related phishing events are grouped together in a single incident to eliminate redundant work and give investigators all the information they need.

New to Smart SOAR?

Learn how Smart SOAR outperforms conventional SOAR tools in every aspect of threat detection, analysis, and incident response.

Get Started