How Modern Day SOC Teams Defeat Phishing
Phishing is a big problem that’s only getting bigger. The volume of phishing messages grew 41% in 2018, reaching 3.4 billion messages per day. Eighty-three percent of global infosec professionals reported phishing attacks last year. And those attacks are becoming more stealthy. They’re less likely to include malware attachments, which would make them easier to detect. They’re using HTTPS, redirects, and free domain services, slipping past many email defense services to trick users into clicking on dangerous links. And usually someone does click, often within 16 minutes of the phishing attack being unleashed.
Phishing creates three major problems for any Security Operations Center (SOC).
- Real threats
When phishing attacks work, they can be devastating. In its 2018 Data Breach Investigations Report, Verizon found that phishing was involved in 93% of data breaches. Through phishing, attackers can gain access to login credentials, which they can use to access systems, install malware, steal data, and take other malicious actions.
- Lost time
Discerning whether a suspicious email is truly a phishing attack takes valuable time from a security analyst—typical several minutes per email. Even when the analysis is straightforward, the sheer volume of suspicious emails requiring review ensure that phishing triage consumes too much of any analyst’s time. Instead of proactively investigating threats, analysts spends hours per day sorting through emails forwarded to a special inbox or collected in a quarantined folder for review.
- Lost knowledge
Even if security analysts learn to do an excellent job discerning phishing attacks from innocent email, there’s usually no way for them to capture that expertise in a way that can be shared, automatically applied, and built on in the future.
Security threats overall are multiplying, and the cost of data breaches is going up. No SOC can afford to spend its most valuable asset—the attention of highly trained analysts—on something as time-consuming as phishing triage.
Fortunately, security automation can help.
LogicHub Phishing Triage is a security automation solution for the triage of reported phishing emails. Powered by Machine Learning (ML), LogicHub Phishing Triage rapidly and accurately analyzes emails and classifies them according to a SOC’s email threat categories, such as malicious, safe, or needs further review. An intuitive interface lets security analysts quickly review results and kick off response workflows with a click. In typical customer scenarios, LogicHub is able to achieve 97% accuracy and reduce the number of phishing alerts requiring human analysis by 75% or more.
Phishing Triage delivers these important benefits to overworked SOCs:
- Dramatic reduction in the time required for analyzing suspicious emails, enabling analysts to spend more time on proactive threat-hunting and other strategic activities
- ML-powered analysis that becomes only more accurate over time, applying results from analyzing real-life phishing scenarios
- Integration with other security tools for implementing automated workflows and responses
- Acceleration of responses to phishing threats, reducing the risk of data breaches and other types of security attacks
Try Phishing Triage yourself! Forward a suspicious email to our phishing triage demo account: email@example.com, and we’ll automatically send you a free analysis of the email within 5 minutes.