New CLEAR Solution: Automation from Email Reporting through Remediation

September 04, 2018
Mark Guntrip

We’re excited to announce, thanks to Proofpoint’s recent acquisition of Wombat, the availability of the Closed-Loop Email Analysis and Response (CLEAR) solution, our industry’s first complete closed-loop approach to instant end-user email reporting, analysis, and remediation. This innovative solution helps organizations more effectively target a soft spot in defense-in-depth security strategies (malicious emails that pass through perimeter defenses).

CLEAR combines our email client add-in and PhishAlarm Analyzer email prioritization tool with Threat Response Auto Pull (TRAP) to streamline end-user reporting of—and security response to—potential phishing attacks. CLEAR allows users to quickly and easily report suspicious emails directly from their desktop or mobile device. Once reported, CLEAR automatically analyzes messages against multiple intelligence and reputation systems, reducing an organization’s typical threat triage time from days to minutes without requiring additional work from human analysts.

Automation Advantages for Time-Strapped Remediation and Response Teams

A security-conscious employee can be your last line of defense against a cyberattack—particularly in the case of zero-day attacks and other phishing emails that evade perimeter defenses. CLEAR empowers end users and response teams, offering organizations the shortest path from reporting to remediation:

  • PhishAlarm eliminates the need for manual end-user email reporting processes—and the helpdesk phone calls that often accompany them. The email reporting button can be embedded within desktop and mobile email clients, allowing users to send suspected phishing attacks directly to an abuse box with headers and attachments intact.
  • CLEAR minimizes alerts with automatic filtering of whitelisted emails and phishing tests sent via our ThreatSim® Phishing Simulations tool. This keeps noise to a minimum, enabling response teams to better prioritize their work.
  • PhishAlarm Analyzer provides the first layer of threat intelligence, categorizing messages based on their likelihood of containing malicious content and passing that information to TRAP.
  • TRAP automatically analyzes reported messages against multiple intelligence and reputation systems and shares this information with messaging and security responders. This positive feedback loop replaces the uncertainty of ignoring messages; with this insight, security teams can either delete or quarantine verified threats with a single click.
  • Relevant and timely metrics provide a comprehensive review of an organization’s responsiveness to targeted phishing attacks. Security analysts receive an auditable history of actions taken, including a list of reported messages and dashboards of key indicators about the remediation process.

“Email fraud and phishing have cost organizations billions of dollars,” said Joe Ferrara, Wombat Security General Manager. “CLEAR boosts the visibility of phishing campaigns and automatically processes employee-reported malicious messages within minutes, underscoring the positive and direct impact that informed employees can have on improving the security posture of an organization.”

To learn more, download the CLEAR solution brief here.