For threat analyses, the company uses a central mailbox to which more than 3,000 active IT users can forward potential phishing emails via an integrated Outlook plug-in. Security specialists perform detailed analyses on this basis. However, false positives make up a large proportion of the information forwarded. For the implementation of a whitelisting based on dynamic rules, a prototype is created, which represents the technical feasibility as a technological proof-of-concept within the framework of IT-technical restrictions and presents a reasonable operating concept in the form of an intranet system.
For this purpose, PTA is creating a rough design of all involved system components based on the existing technical requirements. In addition, a concrete design for the implementation of the required whitelist management is developed on the basis of editable rule collections, which are to be applied to incoming hazard reports via RuleEngine in later use. The prototype is based on .NET 6 technology, ASP MVC Core as an intranet application.
With the help of the proposed process extension for automated filtering out messages that can be identified as false positives, security analysis is to be simplified. The reduced quantitative volume of elements to be analyzed is to be used in favor of increased qualitative examination, thus leading to an increase in overall security against threats from phishing attacks.