Investigate, Block & Respond to Phishing Incidents
Phishing is one of the leading attack vectors used by everyone from basic scammers to APT groups to gain a foothold into your
organization. Sophisticated adversaries employ spearphishing and whaling techniques
to gain persistence and pull off data theft. Even a high volume of phishing incidents from unsophisticated attackers can overwhelm
your SOC. D3’s fully automated phishing incident response and threat detection playbooks
prevent breaches and costly downtime.
Watch this 2-minute video to get an overview of how NextGen SOAR empowers your
security team to thwart phishing attacks and reduce corporate risk.
Steps for Phishing Incident Response
A suspicious email is detected by an email protection tool or manually reported to D3 by a user.
D3 parses out the elements of the email and assesses risk. Attachments are sent to a sandbox, external IPs and URLs are checked against threat intelligence sources, and email authenticity is determined.
If the attachment is found to be malicious, D3 finds hosts that have been affected by the files and quarantines them. A ticket is also created to re-image the hosts.
If the external IP or URL is found to be high-risk, D3 blocks them on the network and firewall.
D3 then blocks the phishing email, removes it, and finds any users who received the same email. If there is a larger phishing campaign, D3 will send an email to notify users of the threat.
Benefits of Phishing Response Automation
Investigate Every Attempt
By automating the majority of the process, D3 users have the time to properly investigate every suspected phishing incident.
Block Malicious Files and URLs
If an attached file or linked URL is checked against a threat intelligence sources or sandbox and found to be malicious, you can use D3 to orchestrate blocking it on your network and firewall, saving time and preventing further damage.
Find the Extent of the Damage
When one phishing email is detected, D3 can search across corporate inboxes, endpoints, and user accounts to find who else was targeted, what computers downloaded the attached files, and whose credentials may have been compromised.
Group Incidents for Efficient Response
Phishing emails are often sent to hundreds of people at once, so it doesn’t make sense to respond to each email as a separate incident. With D3, all related phishing events are grouped together in a single incident to eliminate redundant work and give investigators all the information they need.
Get Started with D3 Security
One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.