Email has long been the major attack vector for adversaries wishing to reach users of your information system: phishing / credential collection operation, compromise of the workstation by a malicious payload in an attachment, fraud and identity theft.
Your email systems and user awareness are essential security measures against these threats. The CWATCH Mail Report solution complements your security measures by giving an active role to your users by allowing them to easily report a suspicious email, with all the technical data required for investigations, and to benefit from the expertise of the CWATCH CERT in their analysis.
The service helps to shorten detection times and enable effective responses, and can be complemented with SOC CWATCH managed services to enhance your organization’s security.
How does it work for users?
NB: The CWATCH Mail Report solution can also be used on its own and configured to send the reporting email to your security team, without CWATCH SOC / CERT services.
What are the advantages of the CWATCH Mail Report solution?
Using the reporting function is extremely simple for users, and unlike the common use of the “forward” function of an email to the internal IT support team, the use of CWATCH Mail Report ensures that all data relevant to the investigation (message headers including SPF, DKIM fields, sender IP address, etc.) are transmitted right from the start, without any round-trip with support or complex handling
Your IT support does not have to handle malicious emails with the risks that this implies: the analysis of emails is carried out by the experts of the CWATCH SOC / CERT Almond teams on our investigation platform, without risk for your information system, and allowing to control the content of the email, the attachments and the links.
The technical analysis is doubled by a human analysis allowing to identify cases of fraud or manipulation and to make a response adapted to the user + a notification towards your IT teams if the threat is proven with a recommendation of treatment.
If you allow it, the CWATCH SOC / CERT team can automate the deletion of malicious emails in your users’ mailboxes on your Office 365 email.
The CWATCH SOC / CERT team can help you measure the effectiveness of your user awareness by analyzing reports from phishing campaign tests.
What are the requirements for deploying the CWATCH Mail Report button?
What is the cost?
How to go further?
By subscribing to Almond SOC’s detection services, you can gain a more advanced automated detection and response capability, enabling, for example:
> Identify malicious emails that have been delivered through alerts generated by your email security solutions and proactively remove them before they become a problem.
> Identify when a user has actually clicked on a malicious link in an email and adapt the response.
> Proactively adapt filtering on your email gateways.