10 Ways URL Analysis & Enrichment Can Help Ease Your SOC’s Challenges in 2020
If you’re in the IT security space, you no doubt realize
that phishing remains a constant threat. Exploiting the human attack surface is
at the start and heart of most cybersecurity breaches, it often goes undetected
until too late, requires a big investment of time and money to defend, and it
can’t be stopped by single security measures, MFA, or phishing awareness
training for employees. It’s like The Terminator of security threats! It just
keeps coming.
With new phishing attack vectors, increased sophistication,
and more mobile workers, it’s no wonder organizations have put increased
emphasis on user awareness and training. For email phishing, many companies
train employees to report suspicious emails, even offering single-click forwarding
to an Abuse Inbox. This has created a costly burden on already stretched SOC
and IR teams: efficiently managing a rapidly swelling Abuse Inbox.
With more than 90% of suspicious emails being false
positives, quickly finding genuine threats can be time consuming and costly.
Many organizations are automating this phishing IR process with SOAR playbooks
for analyzing suspicious URLs and files. But URL analysis can be challenging.
With the increased use of shortened links, multiple re-directs, phishing pages
hosted on legitimate (not blacklisted) sites, and other evasion techniques, accurately
detecting phishing URLs requires more sophisticated methods of detection.
With our Phishing URL Analysis &
Enrichment solution, we can help ease your SOC
teams’ pain and challenges around Abuse Inbox management for 2020
and beyond. Here are ten ways SlashNext’s solution can help:
- Save
time and money by automating phishing IR. Save hundreds of hours vs. costly
manual research on suspicious URLs by fully automating URL analysis as part of
your Abuse Inbox playbook. No manual intervention required. Just submit URLs to
SlashNext cloud through automated playbook commands and get accurate, binary
verdicts plus forensics data on URLs submitted for analysis. - More
accuracy = more automation. SlashNext patented SEER technology sees
through evasion tactics to examine final destination pages and delivers
accurate, binary verdicts (not inconclusive risk scores) with near-zero false
positives. With highly accurate, definitive verdicts, you can automate next
steps rather dealing with additional manual work investigating inconclusive
“suspicious” verdicts. - Cut
false positive noise. With more than 90% of user reported emails being
false positives, SlashNext lets you quickly identify and dismiss them while
also accurately detecting genuine threats. The faster you identify and cut out
the false positive noise, the more time you can spend on IR for real phishing
threats. - Zero-hour
threat detection. Malware sandboxes are useful for analyzing malicious
binaries and files using virtual machines, but they are not designed for
analyzing phishing and social engineering webpages. SlashNext provides SOC and
IR teams with a scalable, cloud-based analysis engine which was purpose-built
for analyzing phishing URLs. It uses virtual browsers to dynamically analyze
page contents (images, text, etc.) and server behavior to detect previously
unknown, zero-hour threats missed by URL inspection and domain reputation
analysis methods. - Real-time
detection. By performing run-time analysis on URLs rather than just
checking known threat databases, SlashNext can detect previously unknown,
zero-hour phishing threats in real-time. This enables SOC and IR teams to catch
genuine threats near the start of the kill chain and reduce the chances of far
more costly downstream IR for breaches. - URL
enrichment with forensics data. Provides more than definitive verdicts
alone. Access to IoCs, screen shots, HTML, rendered text and more assists IR
teams in identifying and analyze phishing threats. This additional information
simplifies and helps complete phishing IR reporting, on-going vulnerability
management, and can even aid in on-going phishing awareness training and
testing with employees. - Overcomes
evasion tactics. Detects phishing pages hidden behind URL obfuscation
techniques and redirects, as well as phishing pages hosted on compromised
websites or legitimate hosting infrastructure. - Broader
detection. Detects all major phishing payload threats, not just credential
stealing. These include of course credential
stealing, but also rogue software and browser
extensions, document theft, money transfer scams, and scareware
tech support scams. - Fast
operationalization. SlashNext provides pre-built integrations for leading
SOAR, SIEM, and TIP platforms. Pre-packaged integrations with leading solutions
from Demisto, Splunk Phantom, ThreatConnect and more provides quick
operationalization for a variety of phishing IR playbooks. SlashNext even
provides sample playbooks to simplify implementation for different phishing IR
use cases, plus example scripts for teams that don’t use a SOAR platform. - Cloud
Scale. Operates at cloud scale, using millions of virtual browsers to
analyze many millions of suspicious webpages daily. Analyze thousands of
suspicious URLs on demand for bulk processing for phishing IR and automated
threat hunting from network or endpoint log data.
To find out how you can save time, money, and hassle by automating
your SOC team’s phishing IR efforts, contact us and request a demo
today.
*** This is a Security Bloggers Network syndicated blog from SlashNext authored by Lisa O'Reilly. Read the original post at: https://www.slashnext.com/blog/10-ways-url-analysis-enrichment-can-help-ease-your-socs-challenges-in-2020/