Email Security Blog

Powerful New Agari Phishing Defense Integration Comes to Cortex XSOAR

Brent Sleeper April 29, 2021 Email Security

As we expand our integrations with industry leaders, we’re very excited to highlight a new Agari integration with Palo Alto Networks Cortex XSOAR that helps security teams improve email threat visibility and accelerate their ability to respond to phishing attacks.

This new integration is welcome news for security teams who are feeling pummeled by a never-ending onslaught of phishing attacks. According to a recent study from Palo Alto Networks, 86% of enterprise security teams report getting hit by phishing attacks during the past 12 months. Another 63% point to state-sponsored threat actors as the culprits. Meanwhile, Gartner notes that the velocity and creativity of new email attacks continue to grow–with threat actors exploiting a variety of new tools, tactics, and techniques to achieve a wider array of nefarious goals.

Keeping ahead of these bad actors is a daunting prospect for security operations centers (SOCs). Too many incident response workflows rely on manual processes—gathering forensics from relevant systems, taking action in others, reporting in yet some other tool. It’s an inefficient, tedious process. And too often, the disconnects mean SOC teams don’t even have the visibility to connect the dots. A lack of actionable email threat intel can create blind spots that limit analysts’ ability to ensure effective prioritization, forensic analysis, triage, remediation, and reporting.

Working Smarter Against a Costly Threat

Faced with an ever-growing challenge of mitigating cyberattacks, many SOC teams are deploying solutions such as Palo Alto Networks’ Cortex XSOAR (formerly known as Demisto) to improve threat visibility and to manage incident response processes more efficiently and effectively.

Cortex XSOAR is a comprehensive Security Orchestration, Automation, and Response (SOAR) platform that unifies threat intelligence aggregation, scoring, and sharing with playbook-driven automation to accelerate incident response across cloud, hybrid, and on-premises environments.

Now, Agari has brought our industry-leading email threat data and defense to the Palo Alto Networks Cortex XSOAR ecosystem with a powerful and flexible anti-phishing integration. The Agari integration with Cortex XSOAR leverages the platform’s native mechanisms to provide additional data insight, enrichment, and automated incident response for phishing and other malicious emails directly within the XSOAR environment.

Integrated Email Threat Data

Agari Phishing Defense has the proven ability to prevent phishing and advanced email threats from ever reaching employee inboxes by scoring every message flowing into and within the organization to defend against everything from large-scale phishing campaigns to low-volume, highly-targeted identity deception-based email attacks. And our cloud-first solutions are built with open APIs to deliver better security, reduce costs, and support a dynamic and agile environment.

Our product uses machine learning—combined with knowledge of an organization’s email environment to assess inbound email traffic. Each message received by Agari is scored and plotted in terms of email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships.

Now, with the Agari Phishing Defense integration for Cortex XSOAR, teams easily gain a granular level of visibility into the email threats that can be incorporated into their analytical playbooks and dashboards to orchestrate protection processes and safeguard the entire infrastructure.

For the attack categorization analysis, we leverage anonymous aggregate scoring data that automatically breaks out identity deception-based attacks that bypass upstream Secure Email Gateways (SEGs) into distinct threat categories, including display name deception, compromised accounts, and more.

The integration of Agari Phishing Defense with Cortex XSOAR enables security teams to leverage our unrivaled email threat intelligence faster and easier than ever before. Key capabilities include:

  • Take Agari Phishing Defense enforcement actions directly from within Cortex XSOAR
  • Enable fast, active sharing of threat intelligence into Cortex XSOAR to identify related or unique events
  • Operationalize threat data directly from Agari as part of an automation or playbook, without the need to transform syslog or STIX TAXXI feeds
  • Create dashboards to enable quick visual inspection and identity policy hits on top attacks, attack recipients, partner domains spoofed, untrusted messages, and more

These scenarios are great examples of how the actionable data and playbooks available with this integration make it easy to connect Agari email threat data to Cortex XSOAR—improving visibility into email threats, accelerating incident response, and driving SOC efficiency.

Arming SOCs for the Threats Ahead

SOCs need all the help they can get. Phishing threats grow ever more serious, with multinational criminal organizations and even nation-state actors mounting extraordinarily sophisticated attacks. There are simply too many alerts to handle, too many threat feeds to monitor, and too many manual processes to manage.

Together, Agari Phishing Defense and Cortex XSOAR are changing the balance of power, with more automation of incident response and more actionable threat intelligence to help SOC teams save time, speed up triage, and reduce the number of steps required for threat mitigation. Agari is proud to help Cortex XSOAR users optimize their strategic security and technology investment with a platform that is quickly becoming foundational in the fight against advanced email threats.

Learn more about the Agari integration with Palo Alto Networks Cortex XSOAR in our solution brief.

Agari Blog Image

July 7, 2021 Chris Sestito

Catching Lookalike Domains with Image-Based Analysis

Reading is like riding a bicycle:  once you master it, it feels easy and automatic,…

Agari Blog Image

April 28, 2021 Seth Knox

Frost Radar Names Agari as a Leader in Email Security

Three months ago, when I joined Agari as the Chief Marketing Officer, I knew that…

Agari Blog Image

April 14, 2021 Patrick Peterson

Protecting Digital Communications During the Digital Transformation: A Look Back at Trust 2021

While we’re all Zoomed, Webexed and Teamed out after thirteen months of the pandemic, cybercriminals…

Agari Blog Image

April 6, 2021 Brent Sleeper

Agari Azure Sentinel Data Connector Automates Triage for Phishing Attacks Targeting Office 365 Email

Building on a long partnership and tradition of innovation with Microsoft, Agari is excited to…

Agari Blog Image

January 24, 2021 Art Chavez

Email Security: Agari Delivers a Whole New Level of Actionable Insight to Outpace Threat Actors

CISOs and their teams are about to get some serious performance enhancers in their high-stakes…

mobile image