Message platform for automated threat simulation, reporting, detection, and remediation
摘要
說明書
An operator may then review the suspicious message and generate a simulated phishing message based on that suspicious message, but modified to as to remove aspects that could compromise the security of a recipient of the simulated phishing message.
The modified message may then be added to a simulated message generator configured to allow a user to select messages that have bypassed the email gateway so as to be received by the email server and made available to one or more users. In some embodiments, the operator may be presented with an interface for selecting among multiple simulated phishing messages based on suspicious messages having been received through multiple email gateways.
Smart Clustering
Clusters can be considered to be aggregations of messages. Messages can be clustered based on the application of rules to messages that have been reported as suspicious. As non-limiting examples, similarities for grouping purposes could be based on parameters such as message attachment name, time, hash of the attachment, a fuzzy hash, or any combination of parameters. Similarities can be identified based on application of YARA rules to messages. Parameters can be weighted and clusters formed based on weighted parameters. For example, as described above, users have reputation scores and messages can be clustered according to reputational similarity. The reputation score for use in clustering can be a cumulative average. Clustering can also be done according to the reputation or credibility score of a source. In some embodiments, the system can use a plagiarism detection system, n-gram analysis, or comparable system to identify similar phishing stories, flag corresponding messages as suspicious, and cluster messages so identified as embodying a similar phishing story.
