Free community edition

Request a demo

Next-Generation Email Security Meets World-Class Automation Power with Gmail and DFLabs

Back to all articles

The sophistication used in today’s phishing campaigns requires a more sophisticated level of detection and response tools then previously utilized to ensure that an attack does not lead to a breach. User education and strong email filters alone can no longer provide the complete protection an organization needs.

The Problem

Phishing attacks continue to be one of the most successful tactics for attackers to use to penetrate an organization’s defenses. These malicious emails require advanced detection mechanisms and the ability to quickly respond in the case one should get through. Between unpredictable end-user behavior and the level of sophistication in today’s email schemes, it’s no wonder why this attack vector continues to be highly exploited.

Security teams today, more than ever before, need to be able to find effective ways to overcome this growing phishing epidemic and are often faced with these difficult questions:

  • How can my organization protect itself against phishing attacks which continue to be the top successful intrusion tactic?

  • How can my organization defend itself against the unpredictability of end-user behavior?

  • How can my organization quickly respond to a phishing attack?

The DFLabs and Gmail Solution

DFLabs’ SOAR solution combined with Gmail gives organizations the confidence that their business communications are protected by industry-leading machine learning algorithms to detect known and unknown phishing techniques, and provides them with the pure automation power to quickly contain an incident where the unpredictability of user behavior can fail an organization’s defenses.

This combination reduces the false positive rate and the chances that an adversary will conduct a successful attack. By automating response efforts network defenders can contain a threat within seconds, rather than the numerous hours it takes to contain and remediate a breach.

About Gmail

Gmail is a free email service developed by Google. Users can access Gmail on the web and using third-party programs that synchronize email content through POP or IMAP protocols. With Gmail, user’s email is stored safely in the cloud which means that it can be accessed from any computer or device with a web browser. With its application of machine learning, Gmail can identify phishing and scam emails with 99.9% accuracy

Use Case

Now let’s look at a simple use case in action to see exactly how these two tools work together.

A user suspects that they accidentally opened a potentially malicious attachment. They forward the suspected email to the security team for review. Upon receipt of the email, DFLabs’ IncMan SOAR platform begins to execute its R3 Rapid Response Runbook for phishing activity.

The R3 Runbook automatically extracts the email’s attachment, checks its reputation and runs the email domain through a domain reputation checker. Once the file and domain has been evaluated, the R3 Rapid Response Runbook comes to its first set of conditional statements.

These conditions look for either the file or email domain to have a risk score greater than 50.

If the risk score for the file is greater than 50, IncMan will query Gmail for any additional accounts which have received the malicious file. If additional accounts are found to have received the file, those accounts will be added to the incident as an artifact, the priority will be upgraded to high, the host will be tagged for follow up, the file hash will be banned, and a new ticket will be created in the organization’s ticketing system and sent to the security team.

If additional hosts are not found, the original host will be tagged for follow up, the file hash will be banned, and a new ticket will be created for the security team’s review. Finally, if the domain’s risk score was also found to be malicious, the R3 Runbook will add the domain to the organization’s blocklist.

eVxs1UxcFs3huLrfBOxCPjc4swAFPbsFjlBqfIjKb79mpXHIb94ttGtw3rMrHBzG8jjfNAShE02shcVYlVpcZ6W8jHDMmZXUQyAOg4I6nCRcBwFz5E-_nxJI6RAwB8RK5Fop-V6e

Summary

More advanced tool sets are required to aid the detection of today’s sophisticated phishing attacks. With automated response tools now available, organizations can reduce the effectiveness of a successful phishing attempt. By supplementing user training with advanced detection and automated response organizations can be armed with complete protection from phishing attacks.

DFLabs’ integration with Gmail brings organizations the next level of phishing protection by combining Gmail’s machine learning algorithms for malware and spam detection with DFLabs’ automation and orchestration capabilities, to provide the protection an organization needs to stay ahead of their adversaries.

If you would like to see more, request a personalized demo, or see first-hand yourself the features and capabilities of IncMan SOAR in our free Community Edition.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo