At this point you’d be hard pressed to find someone who hasn't heard of phishing. But despite increased awareness and a wide range of solutions specifically designed to detect and prevent phishing attacks, it’s still one of the biggest threats to any organization. To put it into perspective:

  • 75% of organizations in 2020 experienced a phishing attack in some form (Proofpoint)
  • More than 80% of reported security incidents are phishing related (CSO Online)
  • And according to Verizon’s 2020 DBIR, phishing was used in 22% of all breaches

The end result is that an estimated $17,700 is lost due to phishing attacks every minute (CSO Online).

So why is phishing still such a problem when every security org is aware of it and most have access to solutions specifically designed to stop it?

While anti-phishing tools are typically designed to detect and prevent known attacks, attackers are continually coming up with new ways to bypass them. That means the security team is on the hook to detect and respond to everything else, which is a time consuming, typically manual process that can eat up hours every day. To overcome this problem, security teams are increasingly turning to automation platforms. But for that to be successful, there are challenges that need to be addressed.

Every team follows a different set of processes, often dictated by a combination of the size of their staff, available skill sets, and the tools that they have access to. And it’s not uncommon for those processes to be poorly documented, if at all. In order to implement automation though, you need to be able to tell the platform what you want to do and how to do it. Which means you need to answer a couple of key questions before you choose a platform.

Does it work with your tech stack?
While this seems obvious, there’s more to the question than whether or not the platform can accept emails from your mail server. The more ways that the platform can use to triage a potential phishing email, the more accurate the results. And in today’s SOC, false positive reduction is critical. Among the integrations you should consider are:

  • Threat Intelligence (open source feed and/or commercial platform)
  • SIEM
  • Sandbox
  • Firewall
  • Active Directory/LDAP
  • EDR
  • 3rd party trouble ticketing system

The first thing you should do is see if the integrations already exist. For common solutions the answer is probably yes, but you also need to account for future updates to your stack. Which means you need to know how long it will take to add new integrations and how hard that process is if you need to add your own.

Who’s going to build out the content?
One of the biggest reasons that new solution deployments fail is an inability to implement. That’s often because of a lack of awareness about what it will take and failure to allocate the necessary resources in advance. This is particularly true with automation, where a failure to anticipate the need for adequate resources to plan and build automation playbooks stalls many projects from the very beginning. A big part of this problem is because promised “out-of-the-box” content rarely works without a fair amount of customization to account for your specific processes and technology. If you haven’t accounted for that, your phishing triage playbook is dead on arrival.

So what’s the answer?
If you have the time and resources to plan and implement your phishing alert triage program, you’re ready to go. But if you’re like many organizations, the resources needed for planning and execution may be out of reach, even something that seems so straightforward. That’s where LogicHub’s phishing triage-as-a-service comes in.

How does it work?
To start with, LogicHub is built on an enterprise SOAR platform, which means it can be quickly adapted to fit your requirements, without any effort on your part. You simply point us at your inbox and you’re done. We’ll handle integrations, configuration and any playbook modifications from there.

And once it’s up and running (a quick process) the majority of the process is fully automated, making it faster and more accurate than a human analyst, delivering 24x7 phishing detection, investigation, and triage at a fraction of the cost of doing it on your own. But we also maintain a “human in the loop” to review and streamline processes and content, ensuring that nothing falls through the cracks. The platform learns from expert input over time, making it more accurate and efficient.

We’re so confident that we can deliver the value you need at a price you can afford, we offer risk free trials. Let us know if you want to give it a try and we’ll be happy to get started immediately.

Blog

Related Posts

May 20, 2022 Willy Leichter

Automating Threat Detection: Three Case Studies

Demystifying the technology with case studies of AI security in action Many automation tools, such...

Learn More

May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...

Learn More

May 6, 2022 Kumar Saurabh

Let Humans Be Humans and AI Be AI

LogicHub’s unique decision automation technology can build clients the ultimate security playbook...

Learn More

May 3, 2022 Kumar Saurabh

How to Build a Threat Detection Playbook In 15 Minutes or Less

Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for...

Learn More

April 29, 2022 Tessa Mishoe

Integrating Better: What Can Integrations Do For Me?

Introduction Within the realm of security, there are many different toolsets and opinions on what...

Learn More

April 27, 2022 Willy Leichter

Beyond No-Code: Using AI for Guided Security Automation

SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small...

Learn More

April 21, 2022 Willy Leichter

Goodbye Lonely SIEM, Hello MDR

When updating your systems from a pure Security Information Event Management (SIEM), choosing the...

Learn More

April 15, 2022 Tessa Mishoe

LogicHub Security Roundup: April 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More