At this point you’d be hard pressed to find someone who hasn't heard of phishing. But despite increased awareness and a wide range of solutions specifically designed to detect and prevent phishing attacks, it’s still one of the biggest threats to any organization. To put it into perspective:

  • 75% of organizations in 2020 experienced a phishing attack in some form (Proofpoint)
  • More than 80% of reported security incidents are phishing related (CSO Online)
  • And according to Verizon’s 2020 DBIR, phishing was used in 22% of all breaches

The end result is that an estimated $17,700 is lost due to phishing attacks every minute (CSO Online).

So why is phishing still such a problem when every security org is aware of it and most have access to solutions specifically designed to stop it?

While anti-phishing tools are typically designed to detect and prevent known attacks, attackers are continually coming up with new ways to bypass them. That means the security team is on the hook to detect and respond to everything else, which is a time consuming, typically manual process that can eat up hours every day. To overcome this problem, security teams are increasingly turning to automation platforms. But for that to be successful, there are challenges that need to be addressed.

Every team follows a different set of processes, often dictated by a combination of the size of their staff, available skill sets, and the tools that they have access to. And it’s not uncommon for those processes to be poorly documented, if at all. In order to implement automation though, you need to be able to tell the platform what you want to do and how to do it. Which means you need to answer a couple of key questions before you choose a platform.

Does it work with your tech stack?
While this seems obvious, there’s more to the question than whether or not the platform can accept emails from your mail server. The more ways that the platform can use to triage a potential phishing email, the more accurate the results. And in today’s SOC, false positive reduction is critical. Among the integrations you should consider are:

  • Threat Intelligence (open source feed and/or commercial platform)
  • SIEM
  • Sandbox
  • Firewall
  • Active Directory/LDAP
  • EDR
  • 3rd party trouble ticketing system

The first thing you should do is see if the integrations already exist. For common solutions the answer is probably yes, but you also need to account for future updates to your stack. Which means you need to know how long it will take to add new integrations and how hard that process is if you need to add your own.

Who’s going to build out the content?
One of the biggest reasons that new solution deployments fail is an inability to implement. That’s often because of a lack of awareness about what it will take and failure to allocate the necessary resources in advance. This is particularly true with automation, where a failure to anticipate the need for adequate resources to plan and build automation playbooks stalls many projects from the very beginning. A big part of this problem is because promised “out-of-the-box” content rarely works without a fair amount of customization to account for your specific processes and technology. If you haven’t accounted for that, your phishing triage playbook is dead on arrival.

So what’s the answer?
If you have the time and resources to plan and implement your phishing alert triage program, you’re ready to go. But if you’re like many organizations, the resources needed for planning and execution may be out of reach, even something that seems so straightforward. That’s where LogicHub’s phishing triage-as-a-service comes in.

How does it work?
To start with, LogicHub is built on an enterprise SOAR platform, which means it can be quickly adapted to fit your requirements, without any effort on your part. You simply point us at your inbox and you’re done. We’ll handle integrations, configuration and any playbook modifications from there.

And once it’s up and running (a quick process) the majority of the process is fully automated, making it faster and more accurate than a human analyst, delivering 24x7 phishing detection, investigation, and triage at a fraction of the cost of doing it on your own. But we also maintain a “human in the loop” to review and streamline processes and content, ensuring that nothing falls through the cracks. The platform learns from expert input over time, making it more accurate and efficient.

We’re so confident that we can deliver the value you need at a price you can afford, we offer risk free trials. Let us know if you want to give it a try and we’ll be happy to get started immediately.


Related Posts

September 13, 2022 Kumar Saurabh

Why No Code Solutions Are a Double-Edged Sword

Most out-of-the-box security automation is based on a simple logic — essentially, if “this”...

Learn More

August 16, 2022 Willy Leichter

Understanding MDR, XDR, EDR and TDR

A program with proper threat detection and response (TDR) has two key pillars: understanding the...

Learn More

August 9, 2022 Willy Leichter

Intuition vs. Automation: What Man and Machine Bring to Data Security

Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven...

Learn More

August 2, 2022 Anthony Morris

Using AI/ML to Create Better Security Detections

The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...

Learn More

July 26, 2022 Willy Leichter

How to Select the Right MDR Service

It can be difficult to understand the differences between the various managed detection and...

Learn More

July 21, 2022 Willy Leichter

The Evolving Role of the SOC Analyst

As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...

Learn More

July 19, 2022 Kumar Saurabh

Life, Liberty, and the Pursuit of Security

As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....

Learn More

July 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: July 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

July 12, 2022 Willy Leichter

Security Tools Need to Get with the API Program

No cloud API is an island The evolution of cloud services has coincided with the development of...

Learn More

July 6, 2022 Willy Leichter

Why the Rush to MDR?

LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...

Learn More