Automate Phishing Detection and Response with LogRhythm Phishing Intelligence Engine (PIE)

Modern cybercriminals frequently turn to the phishing email as a means of gaining access to a victim’s network. Phishing campaigns are among the most common and damaging cyberattacks. Despite how common and successful phishing attacks are, often organizations and their employees are ill-prepared to handle these threats.

In this on-demand webinar, Greg Foss, LogRhythm manager of global security operations, Paul Asadoorian, Security Weekly CEO and founder, and John Strand, Black Hills Information Security owner and security analyst, discuss phishing attacks and how you can protect your organization. Additionally, the three go on to discuss how LogRhythm’s Phishing Intelligence Engine (PIE) can help streamline and automate the entire process of tracking, analyzing, and responding to phishing emails.

PIE is an open-source PowerShell framework that integrates with the LogRhythm NextGen SIEM Platform to provide phishing attack detection and response. Built around Office365, PIE continuously evaluates Message Trace logs for malicious content and dynamically responds as threats are identified or emails are reported.

The PIE framework consists of multiple PowerShell scripts that work together with the LogRhythm NextGen SIEM Platform to automate detection and response to phishing cyberattacks. These scripts can be used with or without LogRhythm.

Office 365 Message Trace Logging is at the core of the PIE infrastructure, allowing for the ingestion and dynamic analysis of email as these messages traverse your environment. Integrating this data with LogRhythm allows for quick and easy searching across all email data within your environment, via dashboards and drill-down analyst views.

PIE uses a weighted scoring mechanism to determine the risk of the email in question. Assuming the email passes the defined threshold of risk, PIE can act on malicious emails and automatically quarantine the email from all recipients within the company, documenting every step of this process within the LogRhythm case. In doing so, PIE helps your organization identify and remove copies of phishing emails from additional recipients and automatically detect and respond to phishing attacks without analyst intervention.

Watch the on-demand webinar now to learn how LogRhythm is helping to automate the detection and response to phishing attacks.