This real-life threat report filed by researchers at Armorblox is a true example of a multi-stage, multi-environment attack at large. The innocuous looking email is unfortunately also one of the most vicious attacks that enterprises need to defend against. It starts with a socially engineered email impersonating a known brand to initiate a phishing attack. The attack progresses to spoof a well-known social media application to download a malicious payload on the end user's endpoint device. Upon successful propagation of the threat the corporate infrastructure is compromised with the installation of a malware. This malware acts as a Windows application (as a browser Ad service) bypassing User Account Control in the endpoint–setting the stage for the worst nightmare for any SecOps professional.
How do you prevent, investigate and respond to threats like these?
AI based joint solution from Armorblox and SentinelOne
To defend against threats like the above you need a modern architecture that leverages AI and ML to bring observability and automation to cyber defense across the enterprise technology stack. Armorblox’s natural language understanding-based AI models are specifically designed to prevent such socially engineered email attacks. SentinelOne’s industry leading XDR platform and Armorblox’s email security platform bridges two critical attack surfaces - emails and endpoints. With the integration of the two platforms, customers can benefit from the automation and precision to prevent attacks, investigate hidden threats, and respond across these surfaces.
The Armorblox and SentinelOne joint solution is built using open standards and APIs supported by both platforms, and is validated and certified by the rigorous guidelines set by the SentinelOne Singularity marketplace program.
- The SentinelOne and Armorblox integration is easily configurable for customers by sharing the appropriate API key.
- Once the API connection has been set up, Armorblox behavioral-based protection provides SentinelOne with email-based indicators of compromise and threat enrichment.
- Detected threats are enriched with actionable context from Armorblox user and threat detail and directly integrated within the SentinelOne console. Email Account Compromise indicators, provided by Armorblox, empower joint customers to kill malicious processes or network quarantine endpoints across an ecosystem.
Armorblox Benefits Security Operations Teams
By deploying Armorblox for email security and integrating it with SentinelOne, customers stand to gain the following benefits:
- Improve detection with email threat intelligence - Create new detections every time you match between intel and what is seen in Deep Visibility.
- Investigate threats by correlating incidents between email and endpoints - Enrich SentinelOne incidents with contextual information about a user and related email alerts.
- Automate response to file-based threats - Take immediate and automated response action when there is a matching file hash, such as network quarantine or killing malicious file processes, to block across email and endpoint.
Read more on how Armorblox is joining the SentinelOne Marketplace.