Phishing attacks are nothing new, but due to the success threat actors have with the tactic, it remains one of the most pervasive problems for every industry. Even with email filtering and other security technologies, vicious phishing threats are still able to make their way into user inboxes. And in some cases, this only counts the user reported suspicious emails. Some security technologies may not automatically include successful attacks such as a BEC or spearphishing attacks that may have already been interacted with or clicked.
On top of this, the excess volume often overwhelms the SOC and analysts with mundane and manual work related to the investigation and remediation of them because of how common the attack vector is. Meanwhile, larger priorities, such as focusing time on more strategic initiatives or even threat intelligence, fall to the side as resources don’t have the cycles to support either.
For mature SOCs, the best solution to reduce the unnecessary volume is to use varying automation levels to improve these processes. And when we say varying, humans still need to be involved in the process, but ultimately how much and how often is determined by the processes in place. For example, remediation or removing identified threats from a users’ inbox who have not actioned it likely requires human involvement. On the other hand, enriching the data, pulling IOCs, removing duplicates, and removing false positives can be automated or actioned with a playbook.
But how can this process be put into practice? Our threat intelligence analyst, Neal Dennis, will discuss this topic in-depth in our next webinar. Join us on March 04 at 11 AM ET where we will show you how to automatically catch phish, specifically with Security Orchestration, Automation, and Response (SOAR).
Register here: https://my.demio.com/ref/o1xOx6xSn1gSjTsF