KnowBe4 PhishER Extension — PhishRIP
Release Date: 29/09/2020
Author: Andrew Weston
PhishRIP was released earlier this year, and is available to all PhishER customers at no extra charge. PhishRIP is a new email quarantine feature that integrates with Microsoft Office 365 to help Remove, Inoculate, and Protect organisations against email threats so that phishing attacks can be shut down fast.
I have been looking at the benefits of PhishER for my organisation — what’s the additional benefit of PhishRIP?
When your users use the Phish Alert Button to send suspicious emails to PhishER they are categorised as Clean, Spam or Threat based upon your configuration settings. At this point PhishRIP will take over and search and optionally quarantine similar messages across all your user’s mailboxes. Any messages identified are then ready for further analysis, quarantine or permanent deletion by your incident response team.
What actions can I configure within PhishRIP?
Basically, PhishRIP gives you much more control over how you handle messages. You can customise your search to find messages by key items including sender, attachment or subject. You can quickly and easily search, find and remove messages across all folders and find out whether messages have been read or not. PhishRIP also gives you the ability to automatically quarantine or simply report the result of your query. Specifically, PhishRIP allows you to:
Remove: Once PhishER has identified a threat, you have the option to remove the same or similar messages from all mail folders, including inbox, sent, or trash folders.
Inoculate: Because it is likely that you will have users that receive the same email threats and don’t report it, PhishRIP helps you monitor and detect those un-reported email threats so you can report, quarantine and analyse.
Protect: Once any immediate threats are handled, you now have time to analyse threat details for continued protection in the future. With PhishRIP, you can send messages to your affected users, delete messages from your users’ mailboxes, keep them quarantined, or restore messages that are identified as legitimate.
Can you run me through the PhishER and PhishRIP workflow?
Below is a diagram showing the PhishER workflow. The PhishER platform can help you identify potential email threats through the automated process of rules, tags and actions. If an email threat is identified, PhishRIP provides you with the option to remove the threat from all your users’ inboxes.