Optimise phishing detection and response with LogRhythm and Office 365

Logo
Presented by

Randy Franklin Smith (UWS) | Greg Foss (LogRhythm)

About this talk

Today’s hackers often favour the phishing email as their weapon of choice. Phishing attacks are not only common, but are also very difficult to defend against. What if you could detect and mitigate a phishing attack before its intended target clicks on that fatal link or opens that malicious attachment? When your Exchange server is in the Office 365 cloud, solutions such as constant inbox scanning or relying on synchronous mail flow aren’t viable options. Instead, you can find a strong defence against phishing emails in the Message Tracking log in Exchange. The Message Tracking log is available in both on-prem Exchange and Office 365 Cloud’s Exchange Online. Message Tracking logs include valuable information about the client, servers, sender, recipients, message subject, and more. If you can access this information and know how to mine it, you can detect likely phishing emails. In this webinar, you’ll learn how to: - Recognise the format of message tracking logs - Pull message tracking logs from Office 365 using PowerShell’s Get-MessageTrackingLog cmdlet - Work through a list of checks to perform against message tracking events to detect phishing emails - Move suspect emails to a sandbox where you can use analysis tools like PhishTank, ThreatGRID, or OpenDNS - Remove copies of phishing emails from other recipients - Automatically detect and respond to phishing attacks with no analyst intervention - To optimise your phishing response efficiency, LogRhythm has introduced a new open-source Phishing Intelligence Engine (PIE). PIE is a PowerShell framework focused on phishing attack detection and response. Register for the webinar now to discover how you can use LogRhythm’s PIE and Office 365 to better detect and respond to phishing attacks.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (87)
Subscribers (19034)
We know your job isn’t easy. That’s why we combine log management, machine learning, SOAR, UEBA, and NDR to give you broad visibility across your environment so you can quickly uncover threats and minimise risk. But a mature SOC doesn’t just stop threats. With LogRhythm, you’ll easily baseline your security operations program and track your gains — so you can easily report your successes to your board. Hear best practices, see technology demos, listen to speaker panels on our European BrightTALK channel. Visit our website for more information: http://www.logrhythm.com/