These challenges generate inefficiencies in SOC processes, costing valuable time and resources. Microsoft Office 365, Gmail and legacy email gateways also miss a high volume of phishing emails. End user reports focus not only on the misses but non-misses as well, which become a greater burden for security teams to analyze and sift through.

The noise levels are high. For abuse inbox and incident triage, the lack of context and forensics results in extended investigations. Triage and manual correlations cost an average of six to eight hours per incident.

Even when incidents have been fully investigated, remediation and removal of malicious messages can be a cumbersome and time consuming process. This usually results in tickets bounced between SOC, Messaging and IT teams or the maintenance of custom Microsoft scripts to remove emails from inboxes.

Area 1 Security’s Autonomous Phish SOC solves the key challenges of detection, response and manual inefficiency involved with triaging and dealing with missed phish.

• The Autonomous Phish SOC detects 99.997% of all phish messages. With a closed phish gap and better protection for end-users, employees no longer flood abuse inboxes with internal reports and false positives.
• Designed to enable quick investigations, the Autonomous Phish SOC provides all necessary information in an easy-to-access manner for SOC teams. Detections come packaged with multi-level forensics for message headers, message bodies, and any URLs and attachments.
• Additional enrichment and context such as associated actor, campaign, and indicators of compromise (IOCs) are all readily available so security staff aren’t spending time on manual correlations.

Area 1’s cloud-native infrastructure makes email security deployment quick, simple, and flexible. A variety of email ingestion options are available including offline or BCC mode, journaling, or via API. Cloud-powered architecture also accommodates rapid-scale indexing and retrieval so results are immediate. Intuitive interfaces and unfaceted, Google-like search capabilities also make information easy-to-access.

The Autonomous Phish SOC’s enhanced signals and built-in response options ultimately result in significantly better security & improved incident response times.

Our customers have been able to decrease triage time by as much as 90%. With built-in automated triage, analysts receive simple message dispositions for follow-up actions. This enables analysts to easily prioritize the incidents that need actual human oversight.

A host of features have also been developed to automate routine SOC tasks. For example:

• Detection search APIs with tokenized search parameters allow for repeatable, automated pulls of specific phish detections.
• Even remediation can be automated  — our Message Retraction feature can be combined with an auto-retraction policy to automate the removal of malicious messages from all inboxes.
• Alternatively, targeted remediation allows analysts to review detections and remove malicious messages with a click of a button.
• Both Message Retraction options allow SOC teams to neutralize threats even in cases when Area 1 is deployed in BCC or journaling mode.

Streamlined integration with security information and event management (SIEM) systems and API hooks into SOARs further allow for fully customizable response playbooks.