August 17, 2020 | SSS Security Operations Team
Suspicious e-mails are a pain to deal with. Users often don't bother reporting them because they know it will just go to the back of their IT team's queue. By the time they receive a response (if they get a response at all) they may have already moved on. This may mean that users will just assume the e-mail is safe ("what's the worst that could happen? I'm good at the computers."), or over-cautiously delete that slightly weird looking, but legitimate, e-mail from their boss. This fuels a vicious cycle where users get negative feedback on all fronts.
From an IT admin's point of view, they can't help but get frustrated at their users doing the right thing ("Yes that's right, this aggressive e-mail about resetting the PayPal account that you don't even have is indeed a phishing e-mail. Thanks for contacting IT."). The number of e-mails they have to look at means corners get cut, and sometimes overconfidence can even be a problem here as well ("what's the worst that could happen? I'm good at the computers."). It's not like you can really prioritise looking at e-mails from the CEO either, because any user clicking on a dodgy link can be as much a risk as any other.
At the end of the day, e-mail samples get analysed inconsistently and users don't receive feedback in a meaningful time frame. It doesn't matter if you respond to every user eventually. Communication is time-sensitive, so having to wait a day or a week to be told that an invoice is legitimate and should be paid is a bad experience for everyone.
APTS is designed to help you!
This is where APTS can help. Through the use of automation, e-mail samples get analysed the same way every time, and send an automatic response to the submitter with a result. This means you don't need to worry about your not-so-good IT guy doing e-mail analysis when your IT ninja is off sick. It also means that users are more engaged with security because they get a response within minutes, rather than having to wait for someone to get back from their lunch break.
For the IT people, APTS sends an incident report to them whenever a malicious sample is detected. This contains details of the user and the sample metadata, as well as indicators of compromise that were detected, and recommended actions. The service also provides a monthly report to track trends on the types of indicators detected and the users who submit samples. This can help identify users who may be at higher risk than others, for example people who may be recurring targets for phishing, or simply are not confident in their ability to identify phishing e-mails on their own.
E-mail analysis is often repetitive and tedious, which is something machines excel at doing. Using automation for this really makes sense. Get machines to do machine things so your humans can focus on doing human things.
- - - - - - - - - - - - - - - - - - - - - - - - -
The Advanced Phishing Triage Service (APTS) is an automated email triage service operated by SSS. It is designed to streamline your processes. Click here if you would like to read more about this service.