QuoLab Use Case: E-mail Investigation

19. November 19

QuoLab, our collaborative and investigative security operations platform, was designed to be the one-stop shop for security professionals. It provides those tasked with securing and defending an organization with a unified, agile platform integrating operational data sources and analytical tools enabling them to contextualize and prioritize their security and incident response operations to identify and eliminate threats.

QuoLab’s core features include:

  • Collaboration
  • Investigation
  • Intelligent Information Discovery
  • Adaptive Automation
  • Workflow Integration

There are countless ways to use any or all of these features to protect your organization’s digital assets from the growing number of digital threats of any kind. In the second installment of our blog series focusing on use cases where QuoLab’s capabilities can be applied in the most effective way possible, we present you the e-mail investigation use case, as one of the most common and straightforward applications of the platform.

 

Investigating Suspect Malicious Emails

Malicious emails are among the most common attack vectors used by various threat actors. People might feel that malicious emails are very easy to spot, but they have become quite sophisticated and much more harmful than they used to be. Considering the widespread use of spam email as a means of attack, being able to detect and contain this type of threat should be regarded as a top priority for organizations when it comes to cyber security.

The capability to perform a quick and effective spam analysis without it being a major burden on your organization’s security team is paramount in this fast-paced environment of constant and diverse cyber threats, and that’s exactly what QuoLab, among many other things, provides.

 

Rapid Extraction of Data and Making Sense of It with QuoLab’s Magic Tool and Fact Tool

Determining whether an email contains malicious content without wasting too much time can be tricky, because phishing emails nowadays are very well masked and appear completely legitimate, even to a trained eye. That’s why having a tool at hand that can speed up that process and provide a reliable assessment on whether a suspicious email is indeed spam or not, can save you a lot of valuable time and keep you from making the mistake of opening malicious content and jeopardizing your device and possibly the entire network of your organization.

This is where QuoLab’s Magic Tool and Fact Tool features come in. Spam analysis is just one of the many use cases that these two features were created for, and they can be an asset for any organization that needs to reinforce its digital defense and enhance its ability to mitigate cyber-attacks.

 

Creating Spam Emails Cases

Analyzing suspicious emails with the Magic Tool is simple and straightforward and provides reliable results. QuoLab allows you to create spam email cases, where you can paste the data you have extracted from a suspicious email, which you will use the Magic Tool for, as it will make sure you only retrieve the artifacts from the email header that are relevant to your case. The tool will enrich the artifacts from cyber intelligence feeds for a thorough analysis in the next stage.

That’s when you can use the Fact Tool to analyze the extracted data, and it will tell you everything you need to know about it, such as the IP addresses of the sender and the network they belong to, as well as the malware families or scam domains they are associated with, if applicable.

On top of all that, you can easily share your findings with the cyber community in a STIX or MISP format, which is another capability that truly highlights the collaborative nature of QuoLab.

You can watch the E-mail Investigation Analysis demonstration to learn more about QuoLab’s spam analysis use case and how it can help protect your organization against these types of cyber-attacks.

Germany:

Radilostrasse 43
60489 Frankfurt am Main

USA:

6700 Alexander Bell Drive, Suite 200, Columbia, MD 21046

Singapore:

049213, 1 Fullerton Road, #02-01 One Fullerton