Gone are the days of the Nigerian prince promising fortune to unsuspecting email recipients. Attackers have stepped up their phishing game and evolved their tactics to entice employees to click links or open attachments, preying on the opportunity to spread persistent malware or compromise credentials. These threat actors relentlessly target employees — both at work and through personal email — in hopes of breaching corporate networks.

A form of social engineering, phishing has been used to steal sensitive and personal information for years, and security teams stay busy tracking and defending against these threats. Security operations center (SOC) analysts are often inundated with a barrage of incidents and must feverishly work to defend the enterprise as malware slips through defenses.

Organizations and their SOC teams continue to look for an effective solution to detect phishing threats and help speed incident response. While the security information and event management (SIEM) solutions in these SOC environments are expected to pinpoint phishing threats, very few do so effectively.

Register for the webinar series to learn more about optimizing your SOC

The Value of Phishing Intelligence

Phishing is one of the biggest risks organizations face, regardless of size and industry vertical. According to a report by security firm PhishMe, more than 90 percent of breaches begin with a phishing email. Security teams require timely, accurate, consumable and actionable threat intelligence to protect employees and corporate networks from phishing attacks.

To be actionable, phishing data has to be presented in machine-deliverable threat intelligence (MRTI) so security teams can determine which indicators pose the greatest risk based on their impact rating. Furthermore, the indicators must provide contextual details to understand why the exploits represent a risk to the business. Human-readable reports illustrate the details behind the attacker’s phishing emails. This visibility can then be used in companywide phishing simulations to ensure that employees are conditioned to recognize and report cybercriminal tactics.

Integrating Phishing Intelligence With SIEM

IBM Security understands the need for reliable phishing intelligence to combat ransomware attacks as the attackers operate their global criminal infrastructure. To help clients, IBM QRadar SIEM is partnering with PhishMe for the PhishMe Intelligence App, a 100 percent human-verified, machine-readable threat intelligence service.

Fundamentally, IBM QRadar SIEM processes the events from various log sources based on correlation rules to reveal the potential offenses. Correlation rules are developed to consider all possible signs of an advanced persistent threat (APT) and detect phishing attacks.

Now, with the PhishMe Intelligence App, QRadar analysts can leverage phishing intelligence that PhishMe researchers develop by vetting possible global phishing threats. This service dramatically reduces the time that analysts would otherwise spend to determine indicator severity and impact. As a result, SOC teams are able to respond quickly and confidently to disrupt the attackers before they can achieve their mission.

The PhishMe Intelligence App, available in the IBM Security App Exchange, consumes phishing source IPs, URLs, hostnames and malicious files hash values. With the app installed, QRadar ingests a credible source of intelligence, and analysts can take action based on indicator impact ratings. The app clearly outlines impact ratings for analysts, which can give them the insights they need to prioritize tasks in their response plan.

PhishMe correlates the criminal infrastructure attackers are using so that security analysts can visualize the overall hierarchy of malware campaigns. This is much more effective than random indicators that don’t offer analysts the insights they need to take action. Additionally, the PhishMe Intelligence app provides links to human-readable malware reports with executive and technical details about the malware campaign. These contextual reports provide security leaders and analysts with information to make informed decisions and defend the enterprise. Machine- and human-readable reports offer visibility into phishing campaigns that is efficiently consumed by QRadar and easily interpreted.

Spotting Phish in the Deep Blue Sea of Cybercrime

Phishing defense is a never-ending battle of criminal versus recipient, and there is no one-size-fits-all solution to this challenge. However, partnerships such as the one between IBM and PhishMe integrate industry-leading solutions and services to provide organizations with the support they need to protect their business. PhishMe’s human-focused solutions strengthen and complement existing security investments to protect against nefarious criminals.

If you want to better arm your organization to combat phishing, download the app from the IBM Security App Exchange and attend the Sept. 14 webinar to learn how to clearly see the phish through the murkiness of the cybercriminal underground.

View the infographic: Put your SOC in order, in short order

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…