Unlocking Your Security Team’s Potential: How Custom Workflows and Abuse Mailbox by Armorblox Optimize Security Operations and Boost Efficiency!
As the world becomes increasingly digitized, cyber threats continue to evolve and grow in sophistication. One such threat that has been plaguing businesses is Business Email Compromise (BEC) attacks, which have seen a staggering 74% increase in the past year alone. The FBI estimates that these attacks have led to a whopping $43.3 billion in losses, making email one of the most popular attack vectors for malicious entities. The risk posed by these attacks is further heightened by the readily available access to products such as ChatGPT and GPT-4, enabling bad actors to devise highly sophisticated attacks that can evade conventional Secure Email Gateways (SEGs).
To combat this growing threat, Security Operation Centers (SOCs) are scrambling to contain and prevent these attacks before they become widespread and negatively impact organizations. **The contest between attackers and SOC teams is a critical one, with the efficiency and efficacy of thwarting an email attack becoming increasingly important.**
According to a new report by Osterman Research, **phishing-related activities are consuming a third of the total time available to IT and security teams**, costing organizations anywhere between $2.84 and $85.33 per phishing email that is reported to the Abuse Mailbox with an estimate of 60 – 90 minutes spent in diagnosing and remediating a suspicious email in their email infrastructure. This monetary expenditure is distinct from the financial harm caused by phishing and BEC attacks.
Additionally, employee-reported emails often include a range of content that’s not necessarily malicious, such as spam messages, safe internal communications, and graymail (e.g. newsletters, vendor outreach). However, reviewing and dismissing such reports can consume a significant amount of time for SOC teams. By implementing automated remediation, these emails can be easily addressed, ultimately improving the efficiency of SOC team operations. Our independent research, conducted by our machine learning and AI team, has revealed that over 90% of emails in an organization’s abuse mailbox can be classified as spam, junk, graymail, or internal safe emails. **With Armorblox, we’re able to automatically remediate over 90% of these messages, which frees up the SOC team to focus on more critical tasks and ultimately improves the overall efficiency of security operations.**
**The need of the hour for SOC Teams and CISOs is to incorporate automation in their Abuse Mailbox**, allowing security personnel to allocate their time towards analyzing and addressing the most intricate attacks via manual reviews and remediation while automatically remediating reported phishing emails. In addition, Security Operations Center (SOC) Teams require a dependable email security solution that can smoothly integrate with various phish reporting tools such as Office365 Report Phish Add-In, Gmail Report Phishing, Knowbe4, Proofpoint, Cofense, among others, and provide a comprehensive overview of suspicious emails residing in employees’ inboxes.
We are thrilled to announce that Armorblox Abuse Mailbox now offers automatic remediation for suspicious emails reported by your employees, thanks to our customizable workflows! Plus, we’ve made it easy for SOC teams to manage and review reported emails from within Armorblox Abuse Mailbox supported by our native integration with popular reporting tools such as Office365 and Gmail Report Phishing, via APIs.
Let’s discuss the key pillars of Armorblox Abuse Mailbox Custom Workflows and how they support SOC Teams in classifying and automatically remediating suspicious, reported emails.
### Automate investigation and response with custom workflows for user-reported threats based on threat type and remediation status
Security teams can take advantage of Armorblox’s new feature, which allows them to create customizable workflows with remediation actions. These workflows can be utilized to automatically remediate suspicious emails reported by employees in the Abuse Mailbox. Furthermore, security teams can also set up a customizable end-user feedback email that will be sent to the employees to acknowledge their report and provide education on the characteristics of the suspicious email. This functionality enhances the efficiency and effectiveness of managing employee-reported emails, while also promoting employee awareness and education.
![](https://a.storyblok.com/f/52352/1151×844/ec0a5ee52b/cropped_06-custom-report-reply_edit-template.png)
### Reduce false positive rates across abuse reports with automatic identification of pre-authorized workflows across applications, sender, or subject
Let us consider an IT infrastructure that features an internal password reset system such as Okta, which end-users employ for their password reset workflows. Upon receiving a request, this password reset system sends a password reset email that can be used to reset an account. Additionally, end-users undergo training in simulated phishing emails that may create suspicion regarding the legitimacy of password reset emails. As a result, a certain percentage of these genuine emails will be reported to the Abuse Mailbox.
SOC Teams have to analyze and disregard such emails, resulting in a waste of valuable personnel time that could be otherwise utilized to diagnose and remediate truly malicious emails thereby strengthening the protection of their email infrastructure.
Armorblox Abuse Mailbox Exceptions empowers SOC teams to create dynamic workflows for pre-authorized remediation actions, streamlining the triage process for suspicious emails reported by end-users. This allows SOC teams to focus on diagnosing and remediating truly malicious emails and safeguarding the email infrastructure. Additionally, Armorblox facilitates the provision of automated feedback emails to end users, enhancing their awareness of email security and the attributes of reported emails. With Armorblox, SOC teams can adopt a more efficient and effective approach to email security, reducing the risk of cyber threats to their organization.
![](https://a.storyblok.com/f/52352/3176×1800/372a62f7eb/exceptions-phish-test-2x.png)
Above, we see an example of an Abuse Mailbox Exception for the Header category created by the SOC team, which is organization-wide. This exception identifies all end-user reported emails that match both of the defined *Header Name* and *Header Value* and classifies them as safe emails.. Additionally, the Phish Test Feedback Email is automatically sent to end users who submit incidents to the abuse mailbox after receiving this email. This Feedback Email lets these end users know that this is a trusted, phishing simulation email test and is not malicious. Knowing that this email is scheduled to be sent to all end-user mailboxes within a 24-hour period of time, the SOC team has set custom timeframe parameters for this exception. This allows for automated workflows to be set up when trusted phish test emails are scheduled to be sent, eliminating unnecessary work for security teams and dramatically reducing false positive rates for user-reported threats to the abuse mailbox.
![](https://a.storyblok.com/f/52352/3176×1800/5bb7c320e1/exceptions-okta-2x-1.png)
Another example of how Abuse Mailbox Exceptions help SOC Teams save time is the above, where we see the following organization-wide exception created. This exception identifies that all inbound emails that match the defined *Sender Value* are safe and meant to be delivered to end users. Additionally, for all end users that submit an incident to the abuse mailbox after receiving this email, the *Custom Okta* Feedback Email is automatically sent to end users. This Feedback Email lets these end users know that this is a trusted email, sent on behalf of the SOC Team and is part of a necessary password reset, and is not malicious. Knowing that this email is scheduled to be sent to all end-user mailboxes within a 24-hour period of time, the SOC team has set custom timeframe parameters for this exception. This allows for automated workflows to be set up proactively when emails from trusted senders are scheduled to be sent(such as the trusted email address associated with OKTA, *[email protected]*, for a password reset request). This eliminates unnecessary work for security teams and dramatically reduces false positive rates for user-reported threats to the abuse mailbox.
### Save time for security teams with out-of-the-box templates that provide end users with the information needed upon submitting an abuse report
In conjunction with Armorblox Abuse Mailbox, admins can now send automatic User Feedback Email Notifications to end-users, based on the type of abuse report submitted. These feedback emails include acknowledgements of receipt of abuse reports, confirmation that submitted reports are phishing simulation tests, and updates on reports that correspond to emails classified as safe, spam, or a potential threat. This approach reinforces the importance of end-users’ active participation in identifying and mitigating threats, promoting a culture of heightened security awareness.
Armorblox out-of-the-box templates enable effortless and real-time communication with end-users through automated User Feedback Email Notifications for all abuse reports, with a single click:
– **Report Reply**: Emails automatically sent to end users acknowledging the receipt of a new abuse report submission
– **Phish Test**: Emails automatically sent to end users when an abuse report matches a confirmed phishing simulation emails (like from KnowB4, Cofense)
– **Malicious Email**: Emails automatically sent to end users for abuse reports that match or are similar to emails Armorblox identified as malicious
– **Safe Email**: Emails automatically sent to end users for abuse reports that match emails that have been *marked as safe* by Armorblox or by Admin
– **Spam Email**: Emails automatically sent to end users for abuse reports that match emails that have been *marked as spam* by Armorblox or by Admin
Learn more about the easy management and enablement of these out-of-the-box templates [here](https://www.armorblox.com/blog/automatic-email-notifications-abuse-reports).
By utilizing automation in the Armorblox Abuse Mailbox, SOC Teams and CISOs can streamline their workflow and reduce the burden of repetitive tasks. This, in turn, enables security teams to respond to threats more efficiently and effectively, freeing up valuable time to focus on more complex and sophisticated attacks that require a higher level of scrutiny.
With Armorblox, SOC Teams and CISOs can significantly enhance their organization’s overall security posture, ensuring that they are better equipped to defend against evolving cyber threats. By adopting an automated approach to security, businesses can stay ahead of the curve and protect their sensitive data and assets.
### **See how Armorblox streamlines workflows and reduces the burden of repetitive, manual tasks for SOC Teams.**