The Real-Time Threats (RTT) service gives immediate visibility into potential malicious emails arriving in your organization and enables them to create phishing simulations and targeted nudges for security awareness programs.
By leveraging live threat data, organizations can deliver highly relevant, timely and contextual interactions with employees and take an unprecedented proactive stance in raising awareness of ongoing attacks.
Bridging the gap between real security data streams and awareness content creation is essential. This capability ensures programs can adapt in real time, equipping employees to recognize and respond to emerging threats as they unfold.
For further information on the usage and operation of the Real Time Threats feature, see here.
The configuration of the Real Time Threats feature will differ depending on how your users are reporting suspicious phishing messages in your organization. Follow one of the sections below accordingly.
Option 1. OutThink’s Phishing Reporting Add-In for Outlook
If you have deployed OutThink’s Phishing Reporting Add-In for Outlook, the Real Time Threats service can be simply enabled from the OutThink Reporting PlugIn configuration screen in the Command Center.
Sign In to the OutThink Command Center and navigate to the Settings menu.
Ensure that the correct Organization is selected in the drop-down on the left hand-side, then select the Integrations item in the left-hand menu. Next, click on the Outlook Reporting Plugin panel on the right-hand side.
Ensure that the option Forward emails for Real-Time Threats nudges is enabled, then Save.
Once these settings are configured, reported emails from Outlook will start to flow into the system. Follow the remaining usage guidance from the user documentation here.
Option 2. OutThink’s Phishing Reporting Add-On for Gmail
If you have deployed OutThink’s Phishing Reporting Add-On for Gmail, the Real Time Threats service can be simply enabled from the Gmail Reporting Add-On configuration screen in the Command Center.
Sign In to the OutThink Command Center and navigate to the Settings menu.
Ensure that the correct Organization is selected in the drop-down on the left hand-side, then select the Integrations item in the left-hand menu. Next, click on the Gmail Reporting Add-On panel on the right-hand side.
Ensure that the option Forward emails for Real-Time Threats nudges is enabled, then Save.
Once these settings are configured, reported emails from Gmail will start to flow into the system. Follow the remaining usage guidance from the user documentation here.
Option 3. Microsoft Outlook’s native Phishing Reporting Button
If your organization has deployed Microsoft Outlook’s native Phishing Reporting button, enablement of the Real Time Threats feed can be achieved by following the dedicated integration documentation available here.
Once configured, reported emails using the native Microsoft button will start to flow into the system. Follow the remaining usage guidance from the user documentation here.
Option 4. Other 3rd Party Phishing Reporting Platforms
Most third-party phishing reporting platforms can be accommodated into OutThink’s Real Time Threats workflow, provided:
- The platform has the ability to directly forward reported emails to a specific OutThink mailbox address.
OR
- Reported emails can be captured in an internal SOC inbox or equivalent, that you control, AND
- You have the abilty to configure transport rules, or auto-forwarding rules, which copy or forward the original reported email from your internal SOC inbox onwards to the specific OutThink mailbox address.
It is advisable to refer to the transport rule setup outlined for Microsoft integration here, as these can be adapted to be used for most other third party providers. For assistance, contact your Customer Success Manager.
Appendix: Privacy and personal data protection
Each organization has a dedicated inbox that is created in the same geographic region as the company’s OutThink tenancy. This inbox will be in receipt of any reported messages from your users.
Whilst it is not expected that legitimate or company confidential emails are ever reported as suspicious, OutThink does however put in place safeguards and protections to guard against the impacts of this.
- Any email content received is stored on encrypted storage volumes, with a level of protection that is equal to that across the rest of the platform. All email storage volumes are contained within, and treated as an integral part of the OutThink production environment.
- Any email forwarded to a customer’s dedicated inbox will undergo a PII redaction process in-flight. This will remove any personal data (such as names and email addresses) and will replace them with randomized and representative data, to preserve the context and integrity of the suspicious message.
- All email headers are removed after analysis, and the email body content converted to a benign graphical format.
- The redacted email is permanently removed from storage immediately after processing. It typically takes several seconds for an email to be processed in the real-time threats workflow, from the time it is received to the time it is deleted.
Was this helpful?
4 / 0