Detection and Response

Phishing emails can be very difficult to detect, and some will always reach your end users regardless of the technology you use at the gateway.

Training your staff to be able to detect and report suspicious emails is a vital part of protecting your organisation. It is also important to acknowledge when users do this. Reporting to a black hole does not reward the desired behaviour, you should be letting the submitter know what you found. This can have a large impact on your users and Incident Management teams.

Some of our clients have full-time roles dedicated to analysing and responding to user-submitted phishing email samples.

The SSS Advanced Phishing Triage Service (APTS) is an automated email triage service operated by SSS.

It is designed to streamline your processes by automatically reviewing the content of user-submitted email samples, and responding to the submitter with an analysis result. It also provides your Incident Management team with a report including what was found and any remediation recommendations.

The SSS Advanced Phishing Triage Services complements our wider set of email security tooling to provide comprehensive protection:

• Email Security
• Security Awareness Training 

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our detection and response services or see a demo of any of these solutions.

How does it work?

APTS is an automated phishing triage service that combines the power of automation with insights from real-time threat intelligence data. Using industry-leading platforms and best practice playbooks, we are able to automatically analyse suspicious e-mail samples, and respond to the submitter with the result and advice on what to do.

E-mail samples are analysed against reputable threat intelligence sources. This data informs the classification decision, and provides evidence to support remediation activities. This information is sent to the client's incident management team in an incident report, which includes details of who submitted the sample, indicators found in the sample, and remediation advice.

A managed service scaled to your needs

Phishing Triage Base Service

Send suspicious email samples to a monitored mailbox for automated analysis. The system will send automatic responses to the reporter stating whether the email is likely to be safe, malicious, or unknown. It will also send an incident report to a nominated Incident Management team with details on the submitted sample and advice on further steps.

Service Features

• 24/7 operation of automated services
• Outlook or Gmail button for easy sample submission
• Automated investigation and intelligence gathering
• Automatic response sent to the submitter
• Automated incident report sent to Incident Management teams

Phishing Triage Premier Uplift

In addition to the Base Service features, the premier uplift provides the option for further customisation, as well as access to SSS security analysts to assist in manual investigations and incident response. This can help identify trends with phishing campaigns or problem users, as well as in-depth investigations on individual samples. There is also an option to have the service automatically delete malicious emails from cloud-based email platforms.

Service Features

• Access to the SSS Security Operations team
• Customisable response templates, logos, and message text
• Detailed incident investigation
• Improved service reporting on the analysis of potential threats
• Option to delete malicious email from cloud-based (SaaS) Office365 and GSuite services for rapid remediation and improved return on investment

SSS have partnered with Greenbone Networks, leaders in Vulnerability Management solutions.

Greenbone Networks provides both an open-source and commercial-grade solution for vulnerability analysis and management in both your internal and external networks.

SSS as Greenbone resellers can provide assistance with licencing and support to get your installation up and running quickly.

SSS provides two options:

• On-premise virtual or physical appliance - Greenbone Security Manager (GSM)
• Cloud delivered external or internal scanning solution ready in minutes via the Managed Service Provider edition (MSP)

The Greenbone Security Manager:

• identifies security risks,
• assesses risk potential,
• recommends actions, and
• complements reactive security tools such as firewalls.

The Greenbone Security Manager is available as either a Virtual Appliance or a Physical Appliance.

• Available in three different classes, as well as a Sensor.
• There are no limits to the number of IP addresses that can be scanned.
• A number of IP address scans per day will vary depending on the class you select.

Service		GSM		MSP				Notes
On-premise
Cloud delivered
Internal Scanning								Via service-provided VPN Gateway
External Scanning
Efficient Scanning Engine
Scheduled Scan
Reporting
Scan Against Policies
Credential Based Scanning								Internal only
IP Based Pricing								The number that are licensed for scanning
Number of IPs Per Day								Throughput per day