Supercharge Your Anti‑Phishing Defenses With PhishER Plus
Advanced Protection for Evolving Threats
Email threats get more sophisticated every year. Worrying percentages make it past your secure email gateway (SEG) and into your users’ inboxes. Social engineering attacks increasingly target your high-risk users. The 2023 Verizon Data Breach Investigations Report shows email alone is the highest cause of data breaches. Researchers at ArmorBlox recently reported that 56% of all attacks bypass your legacy security filters. The upshot? Legacy email security layers let these digital time bombs slip into the inboxes of your users.
Revolutionary, Proactive Anti-Phishing Defense
PhishER Plus is the most powerful anti-phishing protection available in the world. PhishER Plus is powered by a unique KnowBe4 global threat feed. This triple-validated phishing threat feed automatically blocks phishing attacks before they make it into your users’ inboxes using:
KnowBe4's global network of over 10 million highly trained end-users and their PhishER Administrators
PhishML, a unique AI-model trained on phishing emails that all other filters missed
Human-curated threat intel by KnowBe4’s Threat Research Lab
KnowBe4 sees things no one else can. Users report all the attacks that make it through every other filter out there. These in-the-wild threats are the most dangerous, real-time social engineering attacks at any given point in time.
How PhishER Plus Works
PhishER Plus was developed to help you supercharge your organization’s email security defenses and is an additional final layer after your existing SEG and other cybersecurity layers fail.
PhishER Plus enables a critical workstream to help your IR teams work together to mitigate the phishing threat and is suited for any organization that wants to automatically prioritize and manage potentially malicious messages—accurately and fast! PhishER Plus is available as a stand-alone product or as an add-on option for KnowBe4 customers.
PhishER processes user-reported phishing and other suspicious emails by grouping and categorizing emails based on rules, tags and actions.
PhishML, the custom machine-learning module, analyzes messages and generates confidence values which are used to tag messages.
PhishRIP helps you easily find and quarantine suspicious messages still sitting in mailboxes across your entire organization.
PhishFlip automatically turns defanged phishing emails into training opportunities by flipping them into simulated phishing campaigns.
Key Benefits
Block email threats that have bypassed all other email security filters or systems before they reach your users’ inboxes with the Global Blocklist.
Isolate malicious emails that already bypassed your mail filters through automated quarantine with Global PhishRIP.
Save time and money by reducing the volume of remediation efforts handled by your SOC team.
Cut through the IR-inbox noise and respond to the most dangerous threats more quickly and efficiently..
See clusters or groups of messages based on patterns that can help you identify a widespread phishing attack against your organization.
Full integration with KnowBe4’s Phish Alert Button allows automatic prioritization of emails that are not threats.
Proactive Anti-Phishing Protection
There is strength in numbers. Leverage the power of the KnowBe4 Threat Research Lab and KnowBe4’s end-user network around the world to help protect against new and evolving phishing and social engineering attacks.
With the PhishER Plus Global Blocklist feature, it’s easy to create your organization’s unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER Plus console. Blocklist entries of validated threats crowdsourced from 10+ million trained users are leveraged to automatically block matching new incoming messages from reaching your users’ inboxes.
This continually updated threat feed is managed by KnowBe4 and syncs with your Microsoft 365 mail server. Alternatively, you can utilize your own private blocklist for Microsoft 365 instead of crowdsourcing.
Global PhishRIP is an email quarantine feature that integrates with Microsoft 365 and Google Workspace so your incident response team can quickly and easily remediate.
Global PhishRIP enables you to remove an identified threat from all user mailboxes, inoculate unreported threats, and protect from future threats by deleting, quarantining or restoring legitimate email. Messages that match an identified phishing threat other PhishER Plus customers have “ripped” from their organization’s mailboxes are then validated by the KnowBe4 Threat Research Lab. These messages are automatically quarantined by removing them from all of your users’ inboxes.
PhishER Plus helps you prioritize every reported message into one of three categories: Clean, Spam or Threat. Using YARA rules, you assign what’s most important to you and PhishER Plus helps develop a process to automatically prioritize as many messages as possible without human interaction. PhishER Plus helps your team respond to the most dangerous threats more quickly by reviewing the attributes of reported messages and ranking the most critical messages based on priority.
Emergency Rooms help you identify similar messages reported by your users. PhishER Plus groups these messages by commonalities and includes pre-filtered views for messages by Top Subject Lines, Top Senders, Top Attachments and Top URLs. Each Emergency Room is interactive, allowing you to drill down into filtered inbox views and take action across all related messages.
With PhishER Plus’ API integration and support for multiple syslog destinations, you can connect PhishER Plus with your existing security stack products to push data into popular email security, threat intelligence, ticketing and SIEM platforms. Additionally, you can send events from PhishER Plus and add them to your users’ timelines in your KnowBe4 platform. You can use these events to help tailor specific phishing and training campaigns that enable your users to better identify and report suspicious emails through the Phish Alert Button. PhishER Plus also integrates with external services like VirusTotal to help analyze attachments and malicious domains.
PhishML is a PhishER Plus machine-learning module that helps you identify and assess the suspicious messages that are reported by your users, at the beginning of your message prioritization process. PhishML analyzes every message coming into the PhishER Plus platform and gives you the info to make your prioritization process easier, faster, and more accurate.
PhishML is constantly learning based on the messages that are tagged, not only by you but also by other members of the PhishER Plus user community! That means that the learning model is being fed new data to constantly improve its accuracy. More messages can be automatically prioritized based upon PhishER Plus categorization, saving you even more time.
PhishFlip is a PhishER Plus feature that automatically turns user reported phishing attacks targeted at your organization into safe simulated phishing campaigns in your KnowBe4 platform. With PhishFlip, you can now immediately “flip” a dangerous attack into an instant real-world training opportunity for your users.
PhishER Plus Threat Intel is a new feature added to KnowBe4's PhishER Plus, providing users with instant internet reputation data to enable smart and automated responses to web threats.