Recap: How to Proactively Protect Users with Email Incident Response

This year organizations are estimated to have spent more than $124 billion on security, yet phishing attacks continue to bypass email security technology. Is it possible to proactively stop threats that would otherwise make it past your infrastructure? If you attended our most recent webinar, you know the answer is yes.

Before we get into the how, our host and Director of Product Management, Cary Hudgins, asked us to think about the why. “It’s important,” said Hudgins, “because no matter how many controls an organization may have, there is always some risk of failure, a risk that malicious emails will get through.”

We know that every company takes a different approach to classify reported emails, and each solution holds its own set of challenges. Some use internal support, dealing with challenges like staffing and 24/7 visibility, while others decide partnerships are the way to go, but then find themselves staffing a tool. PhishLabs’ purpose, as discussed during the webinar, is to partner with organizations to help them avoid these challenges while tackling the unavoidable risk that something will always make it past your security infrastructure.

By now, most companies have a means of reporting suspicious emails, which commonly comes in the form of a button. PhishLabs’ customers are given two options: reporting via a button or simply forward suspicious emails to our 24/7 SOC. Our analysts then use a combination of automation and human verification to rapidly classify 100% of reported messages and determine whether or not they are malicious. Afterward, end-users are notified of the result and your SOC receives all indicators of compromise (IOCs) via API to block at your infrastructure.

This is where it gets interesting.

With Email Threat Intelligence we take those maliciously classified IOC’s and combine them with threats we have pulled across the globe for more than a decade.

“The whole idea,” Hudgins pointed out, “is to not limit the scope of that feed to only threats that have targeted your organization.”  

Email Threat Intelligence allows us to consolidate information from across our client base and you to consume a comprehensive set of indicators that proactively, as opposed to reactively, enhance what you are doing at your infrastructure. This allows you to block threats from reaching users or to claw them back, even if it is never reported internally.

If we know something is malicious, the next step is to automate the collection or mitigation of that threat. PhishLabs Security, Orchestration, Automation, and Response (SOAR) allows us to do that, without anyone notifying us of the actual threat.

Think of it this way: A user- any user- has reported an email that PhishLabs identifies as malicious. SOAR will then monitor all of your organization’s emails to determine whether that same threat has been received and quarantine it in near-real-time. Our collective intelligence allows us to action threats before they are seen, and, as Cary put it, “clean up any inbox, anywhere, because of one reported email.”

Is SOAR 100% dependent on end-user reporting? PhishLabs’ Digital Risk Protection pulls from threats that we see on a 24/7 basis and utilizes that visibility in conjunction with indicators across all our clients to protect users. 

Do you have questions or want to hear the presentation for yourself? Listen to the full Webinar to learn how PhishLabs is proactively keeping organizations safe.

*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Jessica Ellis. Read the original post at: