Phishing emails can be very difficult to detect, and some will always reach your end users regardless of the technology you use at the gateway.
Training your staff to be able to detect and report suspicious emails is a vital part of protecting your organisation. It is also important to acknowledge when users do this. Reporting to a black hole does not reward the desired behaviour, you should be letting the submitter know what you found. This can have a large impact on your users and Incident Management teams.
Some of our clients have full-time roles dedicated to analysing and responding to user-submitted phishing email samples.
The SSS Advanced Phishing Triage Service (APTS) is an automated email triage service operated by SSS.
It is designed to streamline your processes by automatically reviewing the content of user-submitted email samples, and responding to the submitter with an analysis result. It also provides your Incident Management team with a report including what was found and any remediation recommendations.
The SSS Advanced Phishing Triage Services complements our wider set of email security tooling to provide comprehensive protection:
Contact us on 04 917 6670 or firstname.lastname@example.org if you would like to know more about our detection and response services or see a demo of any of these solutions.
How does it work?
APTS is an automated phishing triage service that combines the power of automation with insights from real-time threat intelligence data. Using industry-leading platforms and best practice playbooks, we are able to automatically analyse suspicious e-mail samples, and respond to the submitter with the result and advice on what to do.
E-mail samples are analysed against reputable threat intelligence sources. This data informs the classification decision, and provides evidence to support remediation activities. This information is sent to the client's incident management team in an incident report, which includes details of who submitted the sample, indicators found in the sample, and remediation advice.
A managed service scaled to your needs
Phishing Triage Base Service
Send suspicious email samples to a monitored mailbox for automated analysis. The system will send automatic responses to the reporter stating whether the email is likely to be safe, malicious, or unknown. It will also send an incident report to a nominated Incident Management team with details on the submitted sample and advice on further steps.
- 24/7 operation of automated services
- Outlook or Gmail button for easy sample submission
- Automated investigation and intelligence gathering
- Automatic response sent to the submitter
- Automated incident report sent to Incident Management teams
Phishing Triage Premier Uplift
In addition to the Base Service features, the premier uplift provides the option for further customisation, as well as access to SSS security analysts to assist in manual investigations and incident response. This can help identify trends with phishing campaigns or problem users, as well as in-depth investigations on individual samples. There is also an option to have the service automatically delete malicious emails from cloud-based email platforms.
- Access to the SSS Security Operations team
- Customisable response templates, logos, and message text
- Detailed incident investigation
- Improved service reporting on the analysis of potential threats
- Option to delete malicious email from cloud-based (SaaS) Office365 and GSuite services for rapid remediation and improved return on investment