How to Investigate a Phishing Incident

How to Investigate a Phishing Incident [Video Series]

Published
July 08, 2019

Author
Pramod Borkar

Phishing remains the most common and successful way for cybercriminals to steal data. This video shows how to conduct a phishing incident investigation using a legacy SIEM vs. a modern SIEM.

In early 2018, Legacy Health, a Portland, Oregon-based hospital group, announced it had suffered a data breach. The medical records of 38,000 patients were taken after a successful phishing attack against one of its employees. Phishing attacks typically involve social engineering, which is the use of deception to manipulate individuals into divulging their credentials, clicking a weaponized link, or opening a malicious attachment. For example, a bogus call from the IT helpdesk, where the user is asked by the attacker to confirm their username and password, is a common technique. Triaging phishing emails can be a major drain on SOC resources due to the volume of alerts that teams receive.

In this video, we simulate a phishing incident investigation with legacy SIEM tools using logs collected in Exabeam Data Lake and then compare it with a modern SIEM’s approach by using Exabeam Advanced Analytics to perform the same investigation. The key advantages of conducting a phishing investigation with Exabeam Advanced Analytics include:

  • Improved phishing threat detection via behavior analysis (UEBA) of email data and email security alerts alongside data from other security solutions
  • Reduced time required to investigate phishing incidents using Exabeam Smart Timelines which automatically stitch together both normal and abnormal behavior into machine-built incident timelines
  • Improved mean time to detection and response resulting from automated investigation, containment, and mitigation playbooks powered by security orchestration, automation, and response (SOAR)

Watch the video below for a step-by-step walkthrough of a phishing incident investigation using a modern SIEM. 

Recent Information Security Articles

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More

Exabeam Successfully Completes the Annual System and Organization Controls SOC 2 Type II Audit

Read More



Recent Information Security Articles

SIEM Gartner: Get the 2021 Magic Quadrant Report

Read More

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More