Analysing Suspicious Emails
Incidents of email-based attack are reported in three ways to the Keepnet Incident Response Platform (IRP).
By end-users (using our plugin technology),
SOC team members,
Third-party IOC feeds
Once received, the IRP analyses the header, body and attachments using our proprietary technology in addition to a number of integrated, best-in-class services for Anti-Spam, URL Reputation, Anti-Virus, Malware Sandboxing etc.
The platform will also integrate and automate other threat analysis services you may have, such as Fireeye, Bluecoat or Palo Alto, saving you time and reducing your technical dependency. It is a simple process to create custom rules, playbooks and workflow to ensure Keepnet IRP responds to threats in ways that suit your specific policies.
On completion of the analysis, Keepnet IRP delivers detailed results, with industry-leading certainty, to the SOC team for further investigation and response.
INCIDENT INVESTIGATION & RESPONSE
A unique feature and major benefit of the platform's IRP is all investigation is done directly on the user’s inbox instead of at the server exchange, giving you maximum agility and reducing response time.
After finding all instances of an attack, the platform's IRP offers a suite of response options. Malicious messages can be flagged with a warning in the user’s inbox, and they can be deleted from the inbox, or we can call a custom API to perform another action, e.g. call the user’s phone.
Additionally, the platform's IRP will generate SNORT and YARA alarm signatures to update your other cyber-security technologies.
Last updated