Page 100 - Cyber Warnings
P. 100
to create a repository of captured phishing mails so that the tactics and techniques of the
adversary can be learned. Things like who is being targeted by the emails, what personal or
confidential information was used for social engineering and what actions the email wanted a
user to take can all be used to train SOC teams what to expect in the next wave.
Once a sufficient quantity of phishing emails has been collected, they can be used as a training
tool, not so much for users who may be a lost cause, but for the SOC teams who need to
respond to the threats phishing enables. The one good thing about phishing attacks is that they
leave behind a lot of data, and sometimes actual program code that can be analyzed and
defended against in the future – if you have the right tools to capture and study that information.
3) Know Where the Phish are Biting
All that data collected in step two can be used for another valuable purpose: predictive analysis.
While you may not be able to train every user to defeat every phishing attack, you can
selectively warn certain groups who are being targeted. Perhaps your finance group is being
targeted by a phishing email that appears to come from the CFO. Or your human resources
employees are being sent malicious email packages from fake prospective new employees.
Knowing that can be a huge advantage. Being able to collect and analyze phishing emails can
unmask trends and active ongoing campaigns against your organization. In that case, giving a
specific warning to targeted employees or groups can be highly successful, and might just stave
off your next unexpected phishing trip.
About the Author
Travis Rosiek serves as the Chief Technology Officer (CTO) of Tychon,
where he is responsible for product innovation and professional services.
With nearly 20 years of experience in the security industry, Travis is a highly
accomplished cyber defense leader having led several Commercial and
U.S. Government programs. He is known for developing and executing
strategic plans to build the technical capacity of a company across product
development, quality assurance, technical marketing, professional services,
and sales engineering.
Prior to his work with Tychon, Travis held several senior roles with prominent security
companies including CloudHASH Security, McAfee, and Defense Information Systems Agency
(DISA). He also served as the Federal CTO at FireEye. A proud graduate from West Virginia
University, receiving his M.S. in Electrical Engineering and dual B.S. in Computer and Electrical
Engineering, Travis is also an ISC2 Certified Information Systems Security Professional
(CISSP) and a member of multiple task forces and advisory committees.
Travis can be reached via LinkedIn and at our company website: Tychon.io
100 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
