Partner Risk Assessment (Compromised Partners)
Organizations take measures to secure their users, collaboration applications, and emails. However, partners are one of the greatest threats to an organization. These are other companies that the organization maintains a business relationship with.
If one of the partners gets compromised, it is difficult for the email security solutions and the end users to detect these malicious and impersonated emails.
With Partner Risk Assessment in Harmony Email & Collaboration, you can proactively detect compromised partners.
Using the Partner Risk Assessment dashboard, you can view these:
-
All your organization's business partners
-
Risk indicators of partners that are possibly compromised.
To view the Partner Risk Assessment, click Analytics > Partner Risk.
Identifying a Partner
Harmony Email & Collaboration automatically identifies partners while inspecting the incoming and outgoing emails for threats and DLP.
To identify an organization as a partner, Harmony Email & Collaboration uses multiple methods like these:
-
External domain sending invoices to your organization's domain.
-
External domain with a significant volume of emails exchanged with your organization's domain.
Reviewing the Partners
Harmony Email & Collaboration shows the identified partners (compromised and uncompromised) in a table under the Partner Risk Assessment dashboard.
The Partners table has these columns:
|
Column Name |
Description |
||
|---|---|---|---|
|
Risk Score |
The severity of the detected Risk Indicators.
|
||
|
Partner Domain |
The partner's domain and its name.
|
||
|
Communication Volume |
An indicator of how many emails were exchanged with the partner in the last two weeks.
|
||
|
Internal Contacts |
The internal contacts that corresponded with the partner domain.
|
||
|
Partner Contacts |
The contacts from the partner domain that corresponded with your domain.
|
||
|
Risk Indicators |
A list of reasons a partner is considered potentially compromised. If Harmony Email & Collaboration detects a partner as uncompromised, it shows no indicators. For more information, see Risk Indicators. |
||
|
Last Risk Date |
Last time when a risk indicator was detected. |
Risk Indicators
Harmony Email & Collaboration detects different risk indicators and assigns them to partners. Each risk indicator has a risk score attached to it.
The risk indicators have these values:
|
Severity |
Risk Indicator |
Description |
|---|---|---|
|
Highest |
Phishing emails sent to your organization |
Check Point detected high-confidence phishing emails sent to your organization from this domain, and the sender was authenticated (SPF pass). |
|
High |
Phishing emails sent to other organizations |
Check Point detected high-confidence phishing emails sent to other Check Point customers from this domain, and the sender was authenticated (SPF pass). |
|
High |
Partner impersonation emails sent to your organization |
Check Point detected high-confidence phishing emails sent to your organization from this domain, but the sender was not authenticated (SPF fail). |
|
High |
Service being used to send phishing emails to your organization |
Check Point detected high-confidence phishing emails sent to your organization from this domain. This domain is a publicly available service that allows sending emails from it. |
|
Medium |
Partner impersonation emails sent to other organizations |
Check Point detected high-confidence phishing emails sent to other Check Point customers from this domain, but the sender was not authenticated (SPF fail). |
|
Medium |
Service being used to send phishing emails to other organizations |
Check Point detected high-confidence phishing emails sent to other Check Point customers from this domain, and this domain is a publicly available service that allows sending emails from it. |
Stop Considering a Partner as Compromised
When Harmony Email & Collaboration detects a partner as compromised, it adds the relevant risk indicator to the partner. This risk indicator remains valid only for the next 72 hours.
For example, Harmony Email & Collaboration detected a partner as compromised and added Phishing emails sent to your organization risk indicator. If no phishing emails from its domain are detected in the next 72 hours, Harmony Email & Collaboration removes the risk indicator.
When no risk indicators are available, the partner is considered uncompromised.
Removing a Partner from the List
Administrators can override the automatic identification of a partner and remove a partner from the list.
To do that, click the 
icon for the partner from the last column of the table and select Not a partner.
|
|
Note - If you remove a partner, you cannot add again. To add a removed partner, contact Check Point Support. |
Acting on Compromised Partners
Anti-Phishing Higher Sensitivity
By default, when Harmony Email & Collaboration detects a partner as suspicious, it inspects the emails from their domain with high sensitivity. This way, they are more likely to be found as phishing.
Investigating Emails from Compromised Partners
To view and investigate the emails from the partner domain, click the icon for the partner from the last column of the table and select Emails from partner.
Mail Explorer opens and, by default, shows the emails from the partner domain in the last seven days.
Impersonation of Partners
By default, the Anti-Phishing security engine treats emails from domains that resemble one of your partner's domains with more suspicion.
Administrators can select to trigger a specific workflow in these cases. For more information, see Impersonation of your Partners.