How Modern Day SOC Teams Defeat Phishing

Phishing is a big problem that’s only getting bigger. The volume of phishing messages grew 41% in 2018, reaching 3.4 billion messages per day. Eighty-three percent of global infosec professionals reported phishing attacks last year. And those attacks are becoming more stealthy. They’re less likely to include malware attachments, which would make them easier to detect. They’re using HTTPS, redirects, and free domain services, slipping past many email defense services to trick users into clicking on dangerous links. And usually someone does click, often within 16 minutes of the phishing attack being unleashed.

Phishing creates three major problems for any Security Operations Center (SOC).

  • Real threatsWhen phishing attacks work, they can be devastating. In its 2018 Data Breach Investigations Report, Verizon found that phishing was involved in 93% of data breaches. Through phishing, attackers can gain access to login credentials, which they can use to access systems, install malware, steal data, and take other malicious actions.
  • Lost timeDiscerning whether a suspicious email is truly a phishing attack takes valuable time from a security analyst—typical several minutes per email. Even when the analysis is straightforward, the sheer volume of suspicious emails requiring review ensure that phishing triage consumes too much of any analyst’s time. Instead of proactively investigating threats, analysts spends hours per day sorting through emails forwarded to a special inbox or collected in a quarantined folder for review.
  • Lost knowledgeEven if security analysts learn to do an excellent job discerning phishing attacks from innocent email, there’s usually no way for them to capture that expertise in a way that can be shared, automatically applied, and built on in the future.

Security threats overall are multiplying, and the cost of data breaches is going up. No SOC can afford to spend its most valuable asset—the attention of highly trained analysts—on something as time-consuming as phishing triage.

Fortunately, security automation can help.

LogicHub Phishing Triage is a security automation solution for the triage of reported phishing emails. Powered by Machine Learning (ML), LogicHub Phishing Triage rapidly and accurately analyzes emails and classifies them according to a SOC’s email threat categories, such as malicious, safe, or needs further review. An intuitive interface lets security analysts quickly review results and kick off response workflows with a click. In typical customer scenarios, LogicHub is able to achieve 97% accuracy and reduce the number of phishing alerts requiring human analysis by 75% or more.

Phishing Triage delivers these important benefits to overworked SOCs:

  • Dramatic reduction in the time required for analyzing suspicious emails, enabling analysts to spend more time on proactive threat-hunting and other strategic activities
  • ML-powered analysis that becomes only more accurate over time, applying results from analyzing real-life phishing scenarios
  • Integration with other security tools for implementing automated workflows and responses
  • Acceleration of responses to phishing threats, reducing the risk of data breaches and other types of security attacks

To learn more about LogicHub Phishing Triage, read our Phishing Triage Use Case or contact a LogicHub sales representative today.

Try Phishing Triage yourself! Forward a suspicious email to our phishing triage demo account:, and we’ll automatically send you a free analysis of the email within 5 minutes.


Related Posts

September 13, 2022 Kumar Saurabh

Why No Code Solutions Are a Double-Edged Sword

Most out-of-the-box security automation is based on a simple logic — essentially, if “this”...

Learn More

August 16, 2022 Willy Leichter

Understanding MDR, XDR, EDR and TDR

A program with proper threat detection and response (TDR) has two key pillars: understanding the...

Learn More

August 9, 2022 Willy Leichter

Intuition vs. Automation: What Man and Machine Bring to Data Security

Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven...

Learn More

August 2, 2022 Anthony Morris

Using AI/ML to Create Better Security Detections

The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...

Learn More

July 26, 2022 Willy Leichter

How to Select the Right MDR Service

It can be difficult to understand the differences between the various managed detection and...

Learn More

July 21, 2022 Willy Leichter

The Evolving Role of the SOC Analyst

As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...

Learn More

July 19, 2022 Kumar Saurabh

Life, Liberty, and the Pursuit of Security

As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....

Learn More

July 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: July 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

July 12, 2022 Willy Leichter

Security Tools Need to Get with the API Program

No cloud API is an island The evolution of cloud services has coincided with the development of...

Learn More

July 6, 2022 Willy Leichter

Why the Rush to MDR?

LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...

Learn More