Phish Focus is an Email Triage Solution with comprehensive threat analysis and built-in automation to help you detect and remediate real phishing threats that hit the Inbox, within minutes. Prioritise resources whilst keeping your organisation and people cyber safe.
Reminders :
- To get Phish Focus functionality up and running, it is mandatory to configure Phish Reporter settings.
- Phish Focus : Reports gives Admins more insights on the details and specifics of the emails reported.
- Read through this guide for the Phish Focus : Learner Experience
Snapshot of the challenges your Security Team faces daily
Using a shared inbox to manage suspected phishing (and spam) emails is inefficient and a drain on resources.
Hundreds of emails, each taking several minutes for an analyst to investigate.
Difficult for analysts to find and prioritise the most severe phishing alerts each day
Manual playbooks make it impossible to investigate every alert, leading to analyst fatigue and inconsistencies in triage
Difficult to retain learned threat intelligence and improve institutional knowledge
What makes Phish Focus stand out?
Customise the automation rules to suit your needs such as allowing auto-replies to staff who report emails, based on the category of the email (threat, non-threat, etc).
Ability to gain an understanding of the emails landing in your email environment which have not been stopped by your mail filtering systems.
Automatically scan and prioritise reported emails based on risk level.
Purge dangerous emails from other users' inboxes upon threat confirmation with Phish Clear.
Add confirmed threats to a Block List to prevent future attacks from a domain.
Phish Focus Workflow
What can you do within Phish Focus?
| Feature / Action | Description |
|---|---|
|
|
This allows the system to automatically action emails in the workflow and respond to Learners with immediate feedback. |
|
|
Actions Menu provides the action an Admin can take on the reported messages. |
|
|
This allows Admins to search reported messages in the Inbox. |
|
|
This allows Admins to customise the Email Reply sent to the reporter of the email. |
|
|
This gives Admins the ability to define custom rules that override scan results for specific attributes found in reported emails. |
|
|
Provides Company Admins the data and details of reported emails. The Reports are split into Attachment, Reported By, Sender, Domain and URL. |
|
|
Allows a Phriendly Phishing Admin to connect Phish Focus to your MS tenant and easily update the Block List from within Phish Focus. |
|
|
Allows Admins to inspect the header of the messages that was sent through. Admins can view suspected issues with DMARC, SPF, DKIM and ARC records. |
|
|
Allows a Phriendly Phishing Admin to use a company domain as the Sender From for in Phish Focus. |
|
|
Allows a Phriendly Phishing Admin to search for reported emails across all of mailboxes tied to your Microsoft 365 instance and remove potential email threats from the Inbox across the organisation. |
|
|
Allows a Phriendly Phishing Admin to turn a reported email from a Learner into an Email template in your Phriendly Phishing email library. |
|
|
This feature displays the results of automatic checks against multiple resources or services in identifying potential threats in user reported emails. |
Comments
Please sign in to leave a comment.