t cht lk
most on cybersecurity technology, is so far
behind.So where does the problem lie? Ask
any SOC or incident response team – it’s
the sheer volume of items needing analysis
and response, alerts reported by both users
and machines.
Automation saves time. People save
the day.
Humans and machines – now let’s talk
solutions. When your phishing response uses
each in the smartest ways, you can stop
active threats faster and more efficiently,
rather than drowning in emails and leaving
your network exposed.
I have a customer who used to spend
an entire day, or the better part of one,
manually sorting through emails reported
to his abuse box. I’m talking about a highly
skilled incident response professional who
would rather hunt threats than look at
mountains of spam.
96
INTELLIGENTCIO
“
ANOTHER
COFENSE
CUSTOMER
STOPPED A
PHISHING ATTACK
IN ONLY 19
MINUTES. AGAIN,
A BALANCE OF
AUTOMATION
AND HUMAN
INTELLIGENCE
MADE THE
DIFFERENCE.
Now he handles this task in an hour or
sometimes less. The difference: automated
email analysis combined with a great
spam filter. His platform weeds out spam
and other harmless emails, plus groups
verified phishing emails by attribute and
campaign. These groups, or clusters, let him
respond to entire phishing campaigns – way
more efficient than responding to this email,
and this one, and that one, etc.
The automation even extends to security
playbooks. Instead of spending his highly
paid time on basic response tasks, this IR pro
is happy to rely on automation. But when
it’s time to make critical decisions, he’s at
the wheel. Know why? His expertise and
intuition are irreplaceable. This is the point
in the response chain where he earns his
salary by saving the day against malware,
wire-transfer scams, you name it. And don’t
forget, many of those analysed emails came
from human reporters – users trained to
recognise and report phishing. When those
www.intelligentcio.com