At this point you’d be hard pressed to find someone who hasn't heard of phishing. But despite increased awareness and a wide range of solutions specifically designed to detect and prevent phishing attacks, it’s still one of the biggest threats to any organization. To put it into perspective:
- 75% of organizations in 2020 experienced a phishing attack in some form (Proofpoint)
- More than 80% of reported security incidents are phishing related (CSO Online)
- And according to Verizon’s 2020 DBIR, phishing was used in 22% of all breaches
The end result is that an estimated $17,700 is lost due to phishing attacks every minute (CSO Online).
So why is phishing still such a problem when every security org is aware of it and most have access to solutions specifically designed to stop it?
While anti-phishing tools are typically designed to detect and prevent known attacks, attackers are continually coming up with new ways to bypass them. That means the security team is on the hook to detect and respond to everything else, which is a time consuming, typically manual process that can eat up hours every day. To overcome this problem, security teams are increasingly turning to automation platforms. But for that to be successful, there are challenges that need to be addressed.
Every team follows a different set of processes, often dictated by a combination of the size of their staff, available skill sets, and the tools that they have access to. And it’s not uncommon for those processes to be poorly documented, if at all. In order to implement automation though, you need to be able to tell the platform what you want to do and how to do it. Which means you need to answer a couple of key questions before you choose a platform.
Does it work with your tech stack?
While this seems obvious, there’s more to the question than whether or not the platform can accept emails from your mail server. The more ways that the platform can use to triage a potential phishing email, the more accurate the results. And in today’s SOC, false positive reduction is critical. Among the integrations you should consider are:
- Threat Intelligence (open source feed and/or commercial platform)
- SIEM
- Sandbox
- Firewall
- Active Directory/LDAP
- EDR
- 3rd party trouble ticketing system
The first thing you should do is see if the integrations already exist. For common solutions the answer is probably yes, but you also need to account for future updates to your stack. Which means you need to know how long it will take to add new integrations and how hard that process is if you need to add your own.
Who’s going to build out the content?
One of the biggest reasons that new solution deployments fail is an inability to implement. That’s often because of a lack of awareness about what it will take and failure to allocate the necessary resources in advance. This is particularly true with automation, where a failure to anticipate the need for adequate resources to plan and build automation playbooks stalls many projects from the very beginning. A big part of this problem is because promised “out-of-the-box” content rarely works without a fair amount of customization to account for your specific processes and technology. If you haven’t accounted for that, your phishing triage playbook is dead on arrival.
So what’s the answer?
If you have the time and resources to plan and implement your phishing alert triage program, you’re ready to go. But if you’re like many organizations, the resources needed for planning and execution may be out of reach, even something that seems so straightforward. That’s where LogicHub’s phishing triage-as-a-service comes in.
How does it work?
To start with, LogicHub is built on an enterprise SOAR platform, which means it can be quickly adapted to fit your requirements, without any effort on your part. You simply point us at your inbox and you’re done. We’ll handle integrations, configuration and any playbook modifications from there.
And once it’s up and running (a quick process) the majority of the process is fully automated, making it faster and more accurate than a human analyst, delivering 24x7 phishing detection, investigation, and triage at a fraction of the cost of doing it on your own. But we also maintain a “human in the loop” to review and streamline processes and content, ensuring that nothing falls through the cracks. The platform learns from expert input over time, making it more accurate and efficient.
We’re so confident that we can deliver the value you need at a price you can afford, we offer risk free trials. Let us know if you want to give it a try and we’ll be happy to get started immediately.
