Blog

SOC Teams Struggling to Detect Malicious Emails

Written by Eyal Benishti | Jul 31, 2018

As part of our recent market research project to gain a better understanding of how organizations are handling email borne cyber threats we polled the views of 300 IT and security professionals who visited Infosecurity Europe. Fifty five percent of respondents told us that the time to detect phishing messages is the greatest challenge facing the SOC/Security team in relation to addressing emerging email threats. Performing email forensics on messages received also ranked high with 24% identifying this as the greatest threat they faced while 18% felt it was removing malicious messages from mailboxes where the danger lay.

Nearly everyone we spoke with agreed (95%) that humans and technology need to work side by side in order to better detect and respond to sophisticated email phishing attacks. Also, 94% felt that automating the SOC team’s manual processes from attack detection to response would greatly reduce the amount of damage that can be inflicted on the company.

Ignorance Isn’t Always Bliss

The threat of email borne attacks continues to pose a great risk to organizations and, as our study found, detecting these malignant messages as they arrive remains challenging for many. Ignorance is not always bliss as 55% of those we spoke with confirmed as they recognize that not knowing that a threat has arrived within their perimeter leaves them oblivious to the impending danger. Every day these messages are getting past traditional email gateway defenses and without the ability to determine what poses a risk, and then neutralize it across the entire infrastructure, we will continue to see organizations fall victim to attacks – whether its credential stealing, data breaches or fraudulent transactions.

When looking at what will help thwart the threat from email borne attacks, the general consensus was that no one tool was sufficient with 38% of organizations looking for a combination of automated email forensics and automated remediation; in-mail banner alerts that would warn users a message may be fraudulent, human verified phishing intelligence that they could act on, and help from artificial intelligence (AI) solutions that could help predict unknown or unverified phishing emails. Of those who picked just one, 27% said automated email forensics and automated remediation would be the most valuable.

In our blog post last week we revealed that 54% of organizations continue to be plagued by phishing emails, and with the difference between a malignant email arriving and someone interacting with it just seconds, there isn’t a lot of time for the security teams to discover the attack has started and prevent damage occurring.

What this tells us is that organizations need a combination of technical controls capable of making split second decisions and end-user controls for the workforce to alert security teams that everything is not as it seems.

If you want to find out how to prevent, detect and respond to advanced email borne threats, then you’ll find a wealth of information here: https://ironscales.com.