Blog

Advanced Phishing Threat Prevention | Blog | IRONSCALES

Written by Eyal Benishti | May 31, 2018

With cyber risk from ransomware and business email compromise (BEC) proliferating among companies of all sizes, cybersecurity analysts must work harder than ever to create new security policies, identify the latest threats and mitigate attacks in real-time. Mostly complicating their job is the unfortunate reality that attackers have become so sophisticated in executing frequent and highly-targeted socially-engineered phishing attacks that the job of SOC (Security Operations Center) and security teams is evolving into a complex and 24/7/365 role. According the CyberDB research:

  • 156 million phishing emails are sent out every daily
  • Email users receive up to 20 phishing emails each month.
  • On average, it only takes 82 seconds from the time a phishing email is first distributed until the first victim is hooke

Fortunately, new automated technology can save valuable time for SOC & security teams and enable them to work more efficiently. IRONSCALES helps SOC teams optimize their performance through our automated phishing mitigation and prevention platform built for anomaly detection, incident response, forensic examination and intelligence sharing capabilities, using advanced machine learning algorithms to analyze all messages at the mailbox level, which is where the threat resides after it has bypassed traditional defenses.

The Growing Phishing Prevention Burden on SOC Teams

As hackers become increasingly sophisticated with highly-targeted phishing attacks to bypass traditional email security measures, SOC teams are under increasing pressure to act. Analysts are working harder than ever to identify the latest threats but many are having difficulty keeping pace. Fidelis Cybersecurity surveyed security practitioners from companies in multiple industries and found only 17 percent of organizations have a dedicated threat hunting team. Of those with a SOC team, 60 percent said they could only handle up to 8 investigations per day. In addition, 70 percent of survey respondents said that at least half of their security controls were NOT integrated. Lack of integration impedes not only the speed of investigations, but also the speed of remediation and control.

Fidelis also found that SOC teams are being hampered by outdated metrics, excessive alerts and limited integration. At a time when cyber risk is on the rise, SOC teams can’t afford to waste time. Far too many analysts invest a lot of energy reviewing suspicious messages, only to discover false positives or that the message was reported or identified too late to remediate without moderate or substantial damages occurring.

An automated anti-phishing solution built on machine learning can reduce a lot of the workload, create more efficiency and bring the time from attack discovery to remediation from days or weeks to only hours or minutes.

IRONSCALES Can Save SOC Teams Valuable Time

Automated Forensics – Our incident response module, IRONSCALES, automatically executes a comprehensive phishing forensic examination of any suspicious email using proprietary analysis such as email clustering of similar phishing emails, visual similarity for detecting and preventing credential theft and integrated Multi-AV and Sandbox scans. If the email is automatically detected or reported by an employee, IRONSCALES analyzes the number and skill ranking of the worker along with other analytics to determine the most appropriate mitigation or remediation response, which helps reduce manual forensics and the time that suspicious messages lay idle in mailboxes.

Automated Incident Response & Orchestration - Even when employees are savvy enough to identify and alert SOC teams to phishing attempts, their messages often linger in a pile of requests. It can take days, even weeks, for the team to manually address each report, contemplate its severity, investigate and then act. IRONSCALES completes analysis, mitigation, remediation and forensics automatically or at the click of a button and with an infrastructure for SOC teams to efficiently take immediate action to analyze and remediate threats at scale through a simple and unified dashboard. When a new attack is detected, IRONSCALES also works with other network and endpoints' automated forensics and workflow managers to make sure the attack is contained on all levels within the network.

Intelligence Gathering - SOC teams can reduce the time spent on investigation by sharing and learning from peers. IRONSCALES offers real-time automatic phishing intelligence sharing in an ecosystem integrated into the automated incident response layer, with all verified attacks automatically sent for remediation. Such collaboration saves time to review and keeps users safe, and also enables SOC teams to pool their intelligence and resources to prevent the same phishing attack from hitting another company under IRONSCALES protection. IRONSCALES' users provide the intelligence being shared, ensuring the level of intelligence is up to date, relevant and in real-time rather than using outdated and external feeds.

Automatic Mailbox Profiling - Unlike competitive email security solutions that only monitor at the gateway level, IRONSCALES module IronSights serves as a virtual security member that utilizes unique anti-impersonation models to detect anomalies in the communication habits at the mailbox level. This can save time for SOC teams by leveraging machine intelligence to detect advanced phishing threats. In fact, IronSights continuously monitors every inbox based on sophisticated behavioral analysis which considers past and current email interactions with a specific sender. It then flags suspicious emails the moment they hit the end box, and a button inside the Outlook or Gmail toolbar enables the employee to instantly notify the SOC team and start remediation.

Two-Click Deployment – IRONSCSALES offers non-blocking cloud-native API deployment for all of its anti-email phishing solutions. With no physical plugins required, the platform can be installed on any end-point including mobile devices and tablets using G-Suite and MS Office 365 with a seamless two-click implementation process. By eliminating the need to change Domain Name System (DNS) MX records, the IRONSCALES phishing prevention platform ensures maximum deliverability of non-malicious emails while also eliminating time-consuming implementation from SOC and security teams.

A Time-Saving Ransomware & BEC Prevention Platform for SOC Teams

At a time when cyberattacks are becoming more frequent and more sophisticated, SOC teams need all the help they can get. IRONSCALES’ advanced phishing threat prevention platform is built to automatically prevent, detect and respond to sophisticated phishing attacks – freeing up SOC teams to be more efficient and effective and prioritize revenue-producing work.

Click Here to Get Started with IRONSCALES Today!

Click Here to Get Your SOC Team Started with IRONSCALES Today!