In today's threat landscape, companies employ various solutions to protect against phishing attacks. Ideally, phishing emails should get detected and blocked by those solutions and never reach an end user's inbox.
But there are always new phishing campaigns which employ novel methods such as embedded HTML files and multi stage approaches. So, unfortunately, there will always be emails which make it past the protection. It is then the end user who is the last line of defense.
Here is an example of a type of email which users currently often receive:
Many end users will be unsure what to do with this kind of email. Ideally, they should know immediately how to report this email and find out if it is legit or yet another phishing email.
So how can you make it easy for them to report those emails?
This is where Joe Sandbox Mail Monitor comes into play. It provides you with a custom email address to which users can forward suspicious emails.
The contents of the email will then be analyzed automatically by Joe Sandbox, providing a profound verdict and deep malware analysis reports.
Your SOC will be instantly notified about these submissions, and receive further notifications on the detection as well as links to the analysis reports.
Here is an example for such a notification, relating to the email above:
Configuration options
In addition, Joe Sandbox lets you customize many aspects of the Mail Monitor feature, such as:
Here is a screenshot of the full configuration panel:
Reports
When receiving a new notification, SOC experts can follow the links in the notification to the Deep Malware Analysis reports and learn more about the details of the sample and its dynamic behavior, e.g.:
Here is a very nice example for a report of a phishing email we analyzed recently:
Overview
Here is a graphical overview of how it all works together:
To summarize, Joe Sandbox Mail Monitor is a tool that enables your end users to easily report suspicious emails and submit them for automated analysis to Joe Sandbox.
You can integrate Mail Monitor into your existing workflows and achieve faster detection of and reaction to novel threats, stopping phishing campaigns before they can wreak havoc.
If you are already a Cloud Pro customer with a Windows or Ultimate account, you can directly try out Mail Monitor and explore all the options it offers.