The UBC Cybersecurity team is leveraging artificial intelligence to stay ahead of phishing threats with two innovative tools: PhishSense and SNOWplow. Together, they automate the triage of phishing incidents, saving time and strengthening protection for the university community.
PhishSense
PhishSense is a machine learning solution developed at UBC to effectively classify emails as phishing, spam, or legitimate. By automating this process, the system helps cybersecurity analysts focus on the most urgent threats first to keep inboxes safer and reduce response times.
SNOWplow
During large-scale phishing campaigns, ticket queues can quickly become overwhelming. SNOWplow was designed to streamline this process by grouping and automatically processing related incidents, allowing analysts to concentrate on new and emerging threats. When paired with PhishSense, SNOWplow evolves from a cleanup tool into a powerful platform for proactive defense.
Beginnings to Now
What started as a simple script, SNOWplow, has grown into a mature application with features like Optical Character Recognition (OCR) and compatibility with third-party tools. These innovations have significantly reduced manual workload and improved response efficiency across multiple teams. PhishSense has already processed thousands of incidents, enabling faster prioritization and more accurate threat detection. Working in tandem, these tools represent a major step forward in UBC’s commitment to cybersecurity.
Future Direction
The next generation of these tools is already in development. PhishSense 2.0 will focus on delivering greater speed and accuracy, while SNOWplow 2.0 will incorporate AI-driven enhancements to expand capacity and improve precision. Together, these tools equip analysts with the insight and speed to contain phishing attacks before they claim victims.
Thank you to the Cybersecurity Information Security Management team for all the work they do to bring smarter, faster protection to the UBC community!
