Fishing stories are notoriously exaggerated: “You should have seen this one, it was as big as the boat and took three days to reel in!”
Unfortunately, that is not the case with phishing. Phishing is arguably the most prominent cybersecurity threat organizations face today and takes advantage of their greatest vulnerability: people. The criminal activity is based on deception, using disguised email as a weapon in hopes of luring an employee to open an attachment or click on a malicious link that appears to be sent from a trusted source, such as a colleague or trusted third-party.
Through phishing, attackers can gain access to login credentials, which they can use to access systems, install malware, steal data, commit financial fraud and take other malicious actions. Big phish stories are so common these days that Verizon’s Data Breach Investigations Report 2019 tells us phishing is the top threat action in the entirety of data breach activity, involved in 32 percent of confirmed breaches and 78 percent of cyber-espionage incidents.
This is precisely why we are thrilled to announce the release of LogicHub Autonomous Phishing Triage. The groundbreaking functionality of Autonomous Phishing Triage is built upon the recently enhanced LogicHub SOAR+ platform, and is now readily available to all LogicHub customers.
Traditional Phishing Challenges
The widely acknowledged skill and staff shortages facing modern SOC teams are the greatest asset to attackers throwing bait -- and greatest challenge to organizational security. It’s virtually impossible for understaffed SOC teams to manually investigate and discern whether every suspicious email is a phishing attack or not. By attempting to do so, analysts spend hours per day sorting through quarantined emails instead of proactively investigating threats.
In addition to hours lost, analysts historically have no way of capturing valuable information revealing what an actual phishing attack does or does not look like, and leveraging it for future use, until now.
The Modern Solution
What if all this heavy lifting could be passed off to a machine to not only flag an email as a catch-of-the-day, but recommend the next best steps for analysts and learn from prior email interaction to improve future classification and triage capabilities? This is exactly what Autonomous Phishing Triage delivers by leveraging LogicHub’s first-of-its-kind decision engine.
Autonomous Phishing Triage automatically and accurately analyzes and classifies emails with 97 percent accuracy, reducing the number of alerts requiring human analysis by more than 75 percent. The solution, part of the LogicHub SOAR+ platform, is currently available as an application and as a customizable environment for building and editing your own workflows and playbooks.
The unique qualities of the LogicHub decision engine enable Autonomous Phishing Triage to connect to any mailbox and automatically prioritize emails with the highest suspicion, and recommend analyst decisions. This autonomous functionality greatly reduces response times for overworked, understaffed SOC teams.
Autonomous Phishing Triage operates by reading and parsing email from a phishing mailbox, incorporating best practices in phishing email analysis and triage. From there, at machine speed, LogicHub rapidly assembles context by analyzing multiple email components, including links and attachments, sender and header metadata, and keywords in the email body.
Autonomous Phishing Triage then enriches the contextual information with built-in and external threat intelligence data, combines the results of the analysis and provides a final score based on a formula or machine learning model, and performs response and remediation steps depending on the final score.
Want to give Autonomous Phishing Triage a try? Just send your suspicious emails to firstname.lastname@example.org and we’ll send a report within five minutes.
To learn more about LogicHub Autonomous Phishing Triage, please visit https://www.logichub.com/phishing.