Wombat Security Launches PhishAlarm Analyzer for Email Security

By CIOReview | Wednesday, March 2, 2016

FREMONT CA: Security specialist Wombat rolled out its new product, PhishAlarm Analyzer, a software-based email phishing triage solution. The solution uses machine learning to check emails against multiple security sources to identify and prioritize reported phishing emails for incident response teams, reports Nathan Eddy for EWeek. “PhishAlarm Analyzer allows response teams to immediately act on the most dangerous and imminent threats within their networks," Al Himler, Senior Director of Product Management at Wombat.

The platform goes through reported emails and analyzes them based on standard security indicators of compromise, and the emails are then prioritized, and an HTML research report on the reported email is delivered to the incident response teams. This platform also enables Rapid identification and categorization which allows information security officers and security response teams to isolate and remediate suspected phishing messages, including zero-hour attacks.”Each email is classified based on its likelihood of being a phishing or spear phishing attack, and each message includes an HTML report that identifies the sources of the indicators of compromise (IOCs) found within the message,” explains Himler.

Wombat’s research report is designed to save time for the incident response team by performing much of the research in advance so that they get back more quickly to the reported threats. “We found it to be a natural add-on to our PhishAlarm email reporting button and an excellent opportunity to improve the identification and remediation process. Clearly, not every reported email has the same threat level; but without additional intelligence, there's no way for information security officers and security response teams to prioritize the reports without doing a good deal of research and legwork," describes Himler.

PhishAlarm Analyzer repeatedly gathers data about relevant attacks, threatening IP addresses, blacklisted entities, and other markers from a collection of reliable resources. "It's always learning and evolving, and it applies that knowledge when scanning and evaluating suspicious messages," Himler said. "Because our algorithms tap into data about real-world threats and attacks seen in the wild, even subtle changes in threats can be detected and communicated to security response teams for more effective remediation," added Himler.