Gone are the days of the Nigerian prince promising fortune to unsuspecting email recipients. Attackers have stepped up their phishing game and evolved their tactics to entice employees to click links or open attachments, preying on the opportunity to spread persistent malware or compromise credentials. These threat actors relentlessly target employees — both at work and through personal email — in hopes of breaching corporate networks.

A form of social engineering, phishing has been used to steal sensitive and personal information for years, and security teams stay busy tracking and defending against these threats. Security operations center (SOC) analysts are often inundated with a barrage of incidents and must feverishly work to defend the enterprise as malware slips through defenses.

Organizations and their SOC teams continue to look for an effective solution to detect phishing threats and help speed incident response. While the security information and event management (SIEM) solutions in these SOC environments are expected to pinpoint phishing threats, very few do so effectively.

Register for the webinar series to learn more about optimizing your SOC

The Value of Phishing Intelligence

Phishing is one of the biggest risks organizations face, regardless of size and industry vertical. According to a report by security firm PhishMe, more than 90 percent of breaches begin with a phishing email. Security teams require timely, accurate, consumable and actionable threat intelligence to protect employees and corporate networks from phishing attacks.

To be actionable, phishing data has to be presented in machine-deliverable threat intelligence (MRTI) so security teams can determine which indicators pose the greatest risk based on their impact rating. Furthermore, the indicators must provide contextual details to understand why the exploits represent a risk to the business. Human-readable reports illustrate the details behind the attacker’s phishing emails. This visibility can then be used in companywide phishing simulations to ensure that employees are conditioned to recognize and report cybercriminal tactics.

Integrating Phishing Intelligence With SIEM

IBM Security understands the need for reliable phishing intelligence to combat ransomware attacks as the attackers operate their global criminal infrastructure. To help clients, IBM QRadar SIEM is partnering with PhishMe for the PhishMe Intelligence App, a 100 percent human-verified, machine-readable threat intelligence service.

Fundamentally, IBM QRadar SIEM processes the events from various log sources based on correlation rules to reveal the potential offenses. Correlation rules are developed to consider all possible signs of an advanced persistent threat (APT) and detect phishing attacks.

Now, with the PhishMe Intelligence App, QRadar analysts can leverage phishing intelligence that PhishMe researchers develop by vetting possible global phishing threats. This service dramatically reduces the time that analysts would otherwise spend to determine indicator severity and impact. As a result, SOC teams are able to respond quickly and confidently to disrupt the attackers before they can achieve their mission.

The PhishMe Intelligence App, available in the IBM Security App Exchange, consumes phishing source IPs, URLs, hostnames and malicious files hash values. With the app installed, QRadar ingests a credible source of intelligence, and analysts can take action based on indicator impact ratings. The app clearly outlines impact ratings for analysts, which can give them the insights they need to prioritize tasks in their response plan.

PhishMe correlates the criminal infrastructure attackers are using so that security analysts can visualize the overall hierarchy of malware campaigns. This is much more effective than random indicators that don’t offer analysts the insights they need to take action. Additionally, the PhishMe Intelligence app provides links to human-readable malware reports with executive and technical details about the malware campaign. These contextual reports provide security leaders and analysts with information to make informed decisions and defend the enterprise. Machine- and human-readable reports offer visibility into phishing campaigns that is efficiently consumed by QRadar and easily interpreted.

Spotting Phish in the Deep Blue Sea of Cybercrime

Phishing defense is a never-ending battle of criminal versus recipient, and there is no one-size-fits-all solution to this challenge. However, partnerships such as the one between IBM and PhishMe integrate industry-leading solutions and services to provide organizations with the support they need to protect their business. PhishMe’s human-focused solutions strengthen and complement existing security investments to protect against nefarious criminals.

If you want to better arm your organization to combat phishing, download the app from the IBM Security App Exchange and attend the Sept. 14 webinar to learn how to clearly see the phish through the murkiness of the cybercriminal underground.

View the infographic: Put your SOC in order, in short order

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today