PhishGuard
PhishGuard is a managed email security service that provides resources for end-to-end phish and targeted attack management and response. With PhishGuard, you can preemptively block phishing attacks ↗, malware ↗, Business Email Compromise (BEC) ↗, and vendor email fraud.
To use PhishGuard:
- Log in to Zero Trust ↗.
- Select Email security.
- Select PhishGuard.
The dashboard will display the following metrics:
- ROI Calculator
- Insider threat defense
- Email threat hunting
- Actions
- API Status
- Managed email security operations
- Reports
Use the ROI Calculator to compare triage durations and hourly rates to calculate PhishGuard’s return on investment.
The ROI Calculator displays:
- Total aggregated saved number in USD dollars.
- Triage duration: The amount of time in minutes spent triaging the message.
- Hourly rate.
An insider threat ↗ is a risk to an organization’s security stemming from someone associated with the organization.
Insider threat defense on the dashboard displays Insider leads and Insider reports generated. Insider leads displays the number of emails identified as potential insider threat email. Insider reports generated displays the number of reports created based on insider leads.
Email threat hunting displays previously unknown phishing attacks.
Email threat hunting displays Threat leads generated and Total reposts generated.
Actions allows you to review the most common actions taken by the PhishGuard team, such as escalations, threat hunts, and moves.
API Status allows you to monitor and configure the current status of API message auto-moves and directory integrations.
Select Message moves to configure auto-moves. Select Directory integration to configure directories.
Managed email security operations allows you to review the results of phish submissions reviewed by the PhishGuard team.
It displays the following:
- Total phish submissions
- Tracked incidents
- Median time to resolve
- Resolved track incidents
Under Reports, you can review reports of threats discovered and resolved by the PhishGuard team.
If you select the three dots, you can:
- View report details: Report Details gives you the following information about each report:
- Overview: An Overview of the report. This includes date and time of the report, type of attack performed, and more.
- Target and victimology: Company targeted.
- Details: Displays information such as delivery disposition, current disposition, ES Alert ID, Message-ID, Timestamp, Subject, and Attempted Fraudulent Amount.
- Indicators of compromise (IOC): Indicators of compromise (IOC) ↗ are information about a specific security breach that can help security teams determine if an attack has taken place.
- Preview email.
- Move email.