Optimize Phishing Detection and Response with LogRhythm and Office 365

Presented by

Randy Franklin Smith (UWS) | Greg Foss (LogRhythm)

About this talk

Today’s hackers often favor the phishing email as their weapon of choice. Phishing attacks are not only common, but are also very difficult to defend against. What if you could detect and mitigate a phishing attack before its intended target clicks on that fatal link or opens that malicious attachment? When your Exchange server is in the Office 365 cloud, solutions such as constant inbox scanning or relying on synchronous mail flow aren’t viable options. Instead, you can find a strong defense against phishing emails in the Message Tracking log in Exchange. The Message Tracking log is available in both on-prem Exchange and Office 365 Cloud’s Exchange Online. Message Tracking logs include valuable information about the client, servers, sender, recipients, message subject, and more. If you can access this information and know how to mine it, you can detect likely phishing emails. In this webinar, you’ll learn how to: - Recognize the format of message tracking logs - Pull message tracking logs from Office 365 using PowerShell’s Get-MessageTrackingLog cmdlet - Work through a list of checks to perform against message tracking events to detect phishing emails - Move suspect emails to a sandbox where you can use analysis tools like PhishTank, ThreatGRID, or OpenDNS - Remove copies of phishing emails from other recipients - Automatically detect and respond to phishing attacks with no analyst intervention - To optimize your phishing response efficiency, LogRhythm has introduced a new open-source Phishing Intelligence Engine (PIE). PIE is a PowerShell framework focused on phishing attack detection and response. Register for the webinar now to learn how you can use LogRhythm’s PIE and Office 365 to better detect and respond to phishing attacks.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (94)
Subscribers (8163)
Notice: LogRhythm APJ channel has moved! Please note that this channel will not be updated with new content from 31 December 2020. We invite you to our new and improved LogRhythm channel, which can be accessed here: https://www.brighttalk.com/channel/12099/ At LogRhythm, we strive to provide our users and subscribers with the latest security tips & tricks available on-demand. Check out our latest talk: How to build an effective security program with limited resources: https://www.brighttalk.com/webcast/12099/460817