PhishGuard

Triage phishing.
Faster than the attack.

PhishGuard turns every employee into a tripwire. Reports land in your SOC, verdicts come back in seconds, and your team acts before a campaign spreads.

Request accessHow it works
Built for security teamsMulti-factor authenticationReal-time threat intelPlugs into your SIEM

// A real tool

0s

seconds to verdict

From the moment a user reports, the engine returns a verdict suggestion — fast enough to act on.

0%

percent less noise

Same-campaign reports collapse into one item, so analysts triage the email, not the inbox volume.

0%

percent auditable

Every report, every verdict, every change — recorded. You can prove what happened, when, and who.

// Phishing 101

How do you spot a phishing attack?

Phishing — also called email-based social engineering — is a cyberattack built on impersonation. Attackers pose as a brand the recipient already trusts (a bank, a phone carrier, an internal IT desk) and ask for credentials, payment details, or one-click access to a malicious page.

Their goal is to push the user into revealing something they would never hand over on purpose: a password, a banking ID, a card code, a national ID number. Phishing remains the most common entry point for breaches — roughly three-quarters of recorded cyberattacks each year start with a malicious email.

Five signals that should slow you down

  • 01Check spelling and grammar — small mistakes are still the biggest tell.
  • 02Read the sender address, not just the display name.
  • 03Look at the logo carefully — stretched, low-res, or off-brand colors leak through.
  • 04Ask whether the request makes sense — urgency and unusual asks are deliberate.
  • 05Hover every link before you click — the URL preview rarely lies.

// Benefits

Make phishing the easy attack to defend.

Identify

See your real human-risk level: who reports, who clicks, which departments are exposed. Decisions based on data, not assumptions.

Accompany

Close the feedback loop. Every reporter learns whether they were right — so suspicion turns into instinct over time.

Empower

Your security team becomes the visible, responsive function — not the team people avoid until something breaks.

// The problem

Phishing is still where the breach starts.

Roughly nine out of ten cyber incidents begin with a phishing email. Your people often see it coming — but the gap between "I think this is suspicious" and "the SOC has acted" is exactly where attackers win.

Suspicious-email reports get buried in shared mailboxes.

Analysts re-triage the same campaign dozens of times.

Standard mail filters miss targeted spear-phishing.

False positives waste hours your team doesn't have.

When something slips through, there's no clear audit trail.

Your SIEM sees logs — not the reported emails themselves.

// Product

How PhishGuard works

01

Report

Users flag a suspicious email with one click — no training required, no inboxes to share.

02

Analyze

The report is enriched against threat-intelligence feeds and screened in seconds. Risk signals, indicators, and a suggested verdict come back ready to review.

03

Respond

Your analyst confirms the verdict. The reporter is notified automatically. Your SIEM and SOAR pick up the event in real time.

// Product

Outcomes your SOC team can measure

Faster verdicts

Triage that used to take an hour gets resolved in minutes. Your SLA stops being a wishlist.

Less noise

When a phishing campaign hits 50 employees, your queue still shows one item.

Zero training for users

A single button in their inbox. No portal, no password, no learning curve. Adoption is immediate.

Real accountability

Every report, every verdict, every change has an actor and a timestamp. Audit a quarter in minutes.

Drops into your stack

Real-time events out to any SIEM, SOAR, or XSOAR pipeline. No data lock-in, no proprietary protocol.

Multi-client by design

Run one PhishGuard, serve many clients. Strict isolation between tenants is the default, not a feature.

Closed-loop feedback

When the verdict lands, the reporter knows. Your users feel heard; your detection rate keeps climbing.

Bigger evidence than logs

Investigators see the actual reported message, headers, and attachments — not a one-line SIEM entry.

Quiet by design

No flashing dashboards, no all-hands alerts. Just the right item in front of the right analyst.

phishguard.socshield.dz / emails

// NAVIGATION

01DASHBOARD
02EMAIL QUEUE
03IOC LIST
04ACCOUNTS
05TEAM
06API
07AUDIT
ALLPENDINGPHISHING
92/100Urgent: please verify your invoiceattacker@fake-microsoft.coPHISHING
78/100Action required — your accountno-reply@suspicious.netPHISHING
45/100Re: package deliverytracking@dhl-delivery.infoSUSPICIOUS
22/100Re: Q4 budget reviewfinance@partner.comCHECKED
12/100Weekly product updatenewsletter@vendor.comCLEAN

// Built to stand up to your customers' security review.

Security posture

Strict tenant isolation

Every client's data lives in its own scoped boundary. One tenant's queries never reach another's rows.

Multi-factor authentication

Time-based one-time codes are required at every admin login — a stolen password alone gets nobody in.

Encrypted credentials

Stored secrets are encrypted at rest in a hardened vault. They are never logged, never echoed in plaintext, never exposed via API.

Signed outbound events

Every webhook we send is cryptographically signed so your SIEM can prove the payload is genuinely from us.

Append-only audit trail

Every meaningful action — verdicts set, keys created, settings changed — is recorded. Nothing is editable after the fact.

Role-based access control

Owners, managers, analysts, viewers — each tier sees and does exactly what its role allows. Privilege boundaries are server-enforced.

// THREAT INTELLIGENCE

Powered by Global Threat Intelligence.

Every reported email is cross-checked against industry-standard threat-intelligence feeds the moment it lands.

Integrated01

VirusTotal

File + URL reputation, 70+ scanners

Integrated02

AbuseIPDB

Crowd-sourced abusive-IP reports

Integrated03

AlienVault OTX

Community indicators of compromise

Integrated04

PhishTank

Verified phishing URL database

Integrated05

Google Safe Browsing

Live malware + social-engineering signals

// No self-service tiers. Every deployment is scoped to the team using it.

Tailored for your environment

Volume, retention, integration depth, on-prem options, SLA — we build the plan around your SOC, not the other way around. One conversation with our team gets you a written proposal.

Contact sales

// FAQ

FAQ

No. They report straight from their existing inbox with one click — no portal to learn, no password to manage.

Anything mainstream — Gmail, Outlook, Microsoft 365, and any standard IMAP host. If your team uses email, it works.

Most clients are live the same day. We provision your workspace, you install the add-on, and the first report fires within minutes.

Real-time events out to any HTTP receiver — Splunk, Sentinel, XSOAR, n8n, your own listener. Configure once, then forget about it.

Pricing is built per deal because every SOC has different volume and integration needs. Tell us what you're running and we'll quote in writing.

The interface is built around the SOC workflow analysts already know, so onboarding is usually under an hour. We can run a deeper walkthrough on request.

Yes — private cloud and on-prem deployments are available for enterprise contracts.

The reporter gets a branded summary email immediately, your SIEM receives a signed event in real time, and the action is written to the audit log. No manual follow-up needed.

Big files are uploaded directly into encrypted storage outside the request path. There's no practical size limit on what your users can report.

// Tell us about your SOC.

Talk to sales

We'll get back within one business day with next steps, pricing context, and a deployment timeline.

phishguard@socshield.dz

Protected by reCAPTCHA · Google Privacy / Terms