New: Email Triage & Threat Analysis with Scout Email Monitor

New: Email Triage & Threat Analysis with Scout Email Monitor

Email is central to many cyber and physical threats, it takes a new approach and analytics to mitigate the risk.

With all the layers of security available today, email still affords attackers a path to interact with an end-user on the inside of protected networks. Coupled with a world proliferated by social media, attackers leverage ample amounts of user-generated information to plan their campaigns. To avoid detection, cyber attacks delivered by email are increasingly being “trained” and perfected to evade security defenses and the suspecting eye. Crafted in elegant form, phishes are delivered to their unsuspecting victim with necessary context and personalization to click a url or open a document. Now phishing attacks use social engineering tactics with personalized messages utilizing company name, personal names, titles, etc. to deliver malicious documents. Lures to “click or open” are tailored to the target’s language based on location and are updated based on any reconnaissance information available to the attacker.

When an organization or individual receives a physical threat through email, analysts and critical stakeholders need detailed information about the threat immediately. While physical precautions are put into play, analysts need to triage all available electronic artifacts and deliver an analysis to decision makers. Analysts need to determine whether the threat is a real, where it came from, and who is behind the threat. If an organization is receiving multiple threats over certain period of time, forensic clues and language analysis will help determine if the threat is from the same source or a different threat actor. A detailed analysis of an archive of threats will help analysts recommend courses of action to decision makers to mitigate physical risks. There is also the risk of a false sense of security. As cyber security measures tighten down the flow of email, the hazard of a spam gateway quarantining a vulgar physical threat can lead to a dangerous blind spot.

With email being so prevalent in cyber and physical threats, we’re excited to announce a new capability in Scout – Email Monitor. Scout Email Monitor extends visibility into this critical data source required to manage & mitigate digital risk inside and outside the firewall.

Create a custom policy in Office365 Anti-spam settings to send emails to Scout Inbox.

Create a custom policy in Office365 Anti-spam Custom Settings or other mail and anti-spam gateways to forward high risk emails to your Scout inbox.

scout_email_monitor400

Centralize and perform analysis of social engineering, phishing and physical threat emails.

 

The following features are included in Scout Email Monitor:

  • Accept email from any source with a Scout inbox.
  • Real-time analysis of plain-text, html & header information in emails.
  • Cyber threat and physical threat detection with Intelligent Discovery.
  • Custom word-lists to trigger alerts based analyst preference.
  • Real-time cyber enrichment including, network intelligence and geo-location.
  • Automated named entity resolution of people, places and topics in content.
  • Automated sentiment analysis (very negative, negative, neutral, positive, very positive).
  • Publish annotated threat intelligence via REST API.

If you are an existing DigitalStakeout customer and have a question on how to deploy the Email Monitor feature or need help with a particular use case, we’re here to help. Please submit a ticket through the DigitalStakeout portal. If you not a current customer and would like to learn more about Email Monitor and other DigitalStakeout digital risk intelligence capabilities, please contact us here.

Thanks,

The DigitalStakeout Team