KnowBe4 PhishER/PhishER Plus

I use KnowBe4 PhishER as a Security Orchestration, Automation and Response (SOAR) to manage, analyse, respond to the very high volume of emails potentially dangerous reported by my company users with the "Phish alert button." Thanks to this platform I was able to automate 90% of the workstream linked to the reported emails by end users, as the platform automatically analyse the message and classify it as a threats, spam or clean. Based on this classification and based also on tags assigned I'm able to identify the dangerous emails and react to prevent threats. Very useful is the ability to create rules and actions, so I can give an immediate response to the user that report the email as suspicious and confirm if is a threats, spam or not dangerous, in this way I improve also the ability of the users to recognise a phishing and spot it. I use this platform every day and few times a day to monitoring email reported to identify spear phishing, massive spam or massive phishing email, this allow me to take action to prevent threats and avoid that others users that receive similar r email click on dangerous link or enter credential. The platform is easy to implement and can be integrated with other service providers like Microsoft for example the possibility to activate the PhishRIP allow the deletion of dangerous email in the user recipient for example before they read it and take an action that can be dangerous if is not able to spot that is a threat.

The school has implemented the PhishER add-on for easily reporting suspicious emails. PhishER’s tools analyze these reports, reducing the workload on IT staff. PhishER streamlines the process of identifying, reporting, and responding to phishing attempts, thus saving valuable IT resources. PhishER is integrated into the school’s Gmail and IT security systems to prevent attacks through end user awareness and reporting.

We use it to automate the response and quarantine of phishing emails in conjunction with Office 365. This has greatly reduced the workload and response time of our security team. This has also helped improve the response to phishing emails to users to improve their awareness of what is and what is not a phishing email. One other use is the integration of webhooks to Microsoft Sentinel allow us to investigate incidents from Email

My goal was tight integration with Microsoft 365 and quick blocking of phishing campaigns. Previously, blocking was a manual process, but with KnowBe4 PhishER - I wanted reporting of real threats to trigger protective action.

Phishing is a constant battle. PhishER helps augment our security team by giving us the ability to automate tasks. We're able to use the built-in AI and ML to review reported or suspected phishing messages and take action on them without the need for a Security Analyst to review each report individually.

Our organization utilizes PhishER in several ways. We utilize PhishML to assist with our research of messages and our prioritization of the messages we deem as "Vaild". We utilize PhishRIP to assist our O365 quarantining of new incoming messages so that our users experience less spam. We have integrated the Phish Alert button across all our Office 2016 users as well as into our Office 365 users so that they can reported suspected phishing emails to our team. We have also started using PhishFLIP to replace active Phishing attempts into simulated spoofs to test user responses.

We had a fairly serious phishing problem and needed to combine some awareness training along with simulated phishing and quarantine capability and PhishER from KnowBe4 checked all the boxes.