cyber security

PhishAlarm and PhishAlarm Analyzer: Features and Benefits

Phishing Email Reporting and Analysis > PhishAlarm and PhishAlarm Analyzer: Key Features and Benefits

PhishAlarm Key Features and Benefits

Simplified Reporting

PhishAlarm simplifies the process users follow to report phishing and other suspicious messages to abuse boxes. Users do not need to know how to capture header information or other technical details; they simply click to report.

Reduced Helpdesk Calls

PhishAlarm reduces or eliminates IT helpdesk calls by allowing employees to route suspicious emails directly to a monitored inbox.

Faster Response Times

PhishAlarm makes it easier for employees to report suspicious messages, allowing them to alert IT teams in a quick, efficient manner. This helps to shorten the phishing delivery-recognition-response window for information security analysts. 

Multiple Integrations

PhishAlarm integrates with: 

  • Microsoft Outlook for Windows (2010, 2013, 2016) 

  • Microsoft Outlook 2016 for Mac 

  • Browser-based Office 365 

  • Browser-based Gmail available as a G Suite Marketplace app 

  • Outlook Web Access (OWA) for iPhone/iPad and Android 

  • Outlook Mobile for iOS and Android

Customizable Notifications

PhishAlarm supports multiple end-user notifications, all of which are completely customizable: 

  • Challenge/prompt message – This appears when the reporting button is clicked, giving users the option to change their mind about reporting a message. 

  • Phish notification – Users receive this message (via a pop-up window or email) when reporting a potential phish or a simulated attack. The standard text thanks users for taking the action and asks them to remain vigilant to suspicious messages in the future. 

  • Whitelist notification – This message (received via a pop-up window or email) notifies users that an email they reported was actually a safe message from an address/domain that was whitelisted by your organization. 

  • Training notification – This response (displayed in a pop-up window or sent via email) alerts users that they reported a safe message that included a training assignment. 

Multinational Support

PhishAlarm notifications are available in 35 languages to support the needs of multinational organizations.

Flexible Configuration Options

PhishAlarm offers a number of configuration options for administrators that make the tool more flexible and efficient for individual organizations. Key administrative features include the following: 

Whitelist Email – This patent-pending feature allows administrators to filter based on domain, subject, and/or email headers. This reduces the number of emails that require evaluation, allowing infosec response teams to cut through the clutter and focus on actual potential threats. 

Customization of the PhishAlarm button – Administrators can choose from multiple button layouts and customize various labels in order to create a look and feel that support their corporate brand. 

Tailored system and forwarding actions – Administrators will have the option to tailor system actions (e.g., deleting or moving to Junk folder) and reporting actions (e.g., forwarding to specific inboxes) based on the following notification settings: 

  • Reported a simulated phishing attack 

  • Reported a potential phish 

  • Reported a potential phish with an attachment 

  • Reported a whitelisted email 

  • Reported a training assignment 

Business Intelligence

PhishAlarm features powerful reporting that allows you to easily access and share valuable business intelligence, including the following information: 

  • The users who reported emails 

  • The types of emails reported (potential phish vs. simulated attacks) 

  • The number and types of reported threats identified over time (hours, day, weeks, months, quarters) 

  • This type of data can help you gauge how successful your security awareness training program has been, and how well users are retaining the best practices they are being taught. 

PhishAlarm Analyzer Key Features and Benefits

Identification of Advanced Threats

PhishAlarm Analyzer delivers highly responsive identification of phishing attacks in real time (i.e., zero-hour attacks). Emails reported via PhishAlarm are accessed, analyzed, and categorized, and they are immediately available to your response teams. 

Intelligent Prioritization with Proofpoint Threat Intelligence

Reported messages are automatically analyzed and enriched using multiple Proofpoint Threat Intelligence and reputation systems in addition to dedicated sandboxing of URLs and attachments in the messages. Proofpoint Threat Intelligence has access to:

  • 5+ billion emails a day
  • 300,000 malware samples
  • 200 million social media accounts

We use this insight to deliver more timely and accurate information to your incident response team to more quickly classify and take action on reported emails from end-users. If you’re interested in automated remediation of these messages, you can learn more about our Closed-Loop Email Analysis and Response (CLEAR) solution.

Proofpoint Threat Intelligence and Sandboxing

PhishAlarm Analyzer constantly evolves and adapts to new email threat patterns. Tens of billions of emails from Proofpoint threat intelligence are scanned each week and used to protect against increasingly sophisticated techniques, including spear phishing and business email compromise attacks. Dedicated sandboxing of URLs and attachments in reported messages help prevent time-delayed and brand new threats.

Delivery of Actionable Information

Each prioritized message contains a report that includes links to leading security intelligence sources. Security analysts can quickly and easily dig deeper into the threat(s) associated with the reported email. This is a great timesaver for security professionals who are facing an ever-increasing workload.

Consolidation of Email Notifications

When similar email messages are reported through PhishAlarm, the resulting PhishAlarm Analyzer notifications can be grouped to eliminate redundancies, reduce clutter, and improve productivity. Threshold alerts can let response teams know when the number of similar notifications has reached a level that could indicate an emerging threat or organization-wide attack. In addition, once that threshold has been passed, PhishAlarm Analyzer will automatically escalate the classification of similar reported emails to “Likely a Phish” because this could be an indication that an organization is under attack.

Targeted Routing of Reports

You can choose up to 25 recipients (including bulk inboxes) for each reported email category. In addition, reported emails can be routed to specific inboxes based on classification. This allows administrators to eliminate the likelihood of threats falling through the cracks and enables remediation efforts to be assigned based on severity level.

Easy-to-Use Interface

Our intuitive graphical user interface makes it easy to set up and activate your account. Highly customizable settings can be monitored and adjusted using our web-based PhishAlarm Analyzer management console.

Valuable Business Intelligence

PhishAlarm Analyzer reports include aggregated data on reported emails and their categories, as well as more in-depth data about the users who reported the emails. Administrators can see at a glance how incoming emails are classified and the changes compared to the prior month.