How to Investigate a Phishing Incident

How to Investigate a Phishing Incident [Video Series]

Published
July 08, 2019

Author

Reading time
2 mins

In early 2018, Legacy Health, a Portland, Oregon-based hospital group, announced it had suffered a data breach. The medical records of 38,000 patients were taken after a successful phishing attack against one of its employees. Phishing attacks typically involve social engineering, which is the use of deception to manipulate individuals into divulging their credentials, clicking a weaponized link, or opening a malicious attachment. For example, a bogus call from the IT helpdesk, where the user is asked by the attacker to confirm their username and password, is a common technique. Triaging phishing emails can be a major drain on SOC resources due to the volume of alerts that teams receive.

In this video, we simulate a phishing incident investigation with legacy SIEM tools using logs collected in Exabeam Data Lake and then compare it with a modern SIEM’s approach by using Exabeam Advanced Analytics to perform the same investigation. The key advantages of conducting a phishing investigation with Exabeam Advanced Analytics include:

  • Improved phishing threat detection via behavior analysis (UEBA) of email data and email security alerts alongside data from other security solutions
  • Reduced time required to investigate phishing incidents using Exabeam Smart Timelines which automatically stitch together both normal and abnormal behavior into machine-built incident timelines
  • Improved mean time to detection and response resulting from automated investigation, containment, and mitigation playbooks powered by security orchestration, automation, and response (SOAR)

Watch the video below for a step-by-step walkthrough of a phishing incident investigation using a modern SIEM. 

Tags:

Similar Posts

The New CISO Podcast: Management Tools

Exabeam News Wrap-up – Week of June 13, 2022

One Week of Gartner Security & Risk Summit 2022 in 10 Minutes




Recent Posts

Exabeam in Action: Stopping Lapsus$ in Their Tracks

Ransomware: Bigger, Better, and Still Going Strong

The Benefits of UEBA Technology with Industry Experts at the Helm

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!