Today, everything is automated. Our daily routines, our responses to simple questions like “how was your day,” the train you take to get to work, the sell price for stocks – all automated. But even with those examples I just provided, how many of those functions are truly automated to where no human interaction or intervention is required?
Similar to the buzz-worthiness of AI, the term “automation” has become a catch-all marketing term for email security companies. It sounds good, so clearly every company has begun to do it. But the truth is, not all systems are automated to the extent at which they are messaged to be. For example the use of YARA rules and playbooks claiming to be truly automated, other than being misleading, can be dangerous for companies that rely on such solutions because they can be lured into a false sense of security and miss critical threats.
So, how can you tell if the email security solution is actually truly automated?
Here are 3 features and functionalities to consider:
Incident investigation
A truly automated solution should use its real-time proprietary analysis and orchestration to investigate the messages. Using internal and external threat intel resources such as sandbox, multi-AV engines, email meta data and crowd intelligence, an automated solution should be able to identify threats and quickly recognize known attacks. This investigative step removes the need for any additional tools by SOC and security teams to manually investigate every potential phishing incident including false positives and spam. With less than 80 seconds before the first click, templated playbooks are inefficient at reducing risk and cannot empower SOC teams.
Triage
A truly automated email security solution should be able to prioritize suspicious emails according to threat severity and cluster all message types such as phishing messages, spam messages, and false positives. It should also be able to filter messages by the inboxes those messages went to, the reputation of the source, and be able to identify whether or not the messages were actually opened. At its most basic function, an automated email security solution should be able to provide these details triaged for the SOC and IT security teams to classify with one click, saving valuable time while continuing to learn and adapt independently.
Remediation
Rounding out a fully automated email security solution should have the ability to take action on those messages autonomously – whether they are deemed safe or need to be removed. A truly automated solution can learn and adapt as more data is fed into its decision-making matrix, which maximizes an organizations ability to stay safe from evolving threats. True automated remediation capability should be handled automatically or with one-click to remove all affected mailboxes across the entire organization while communicating the attack with existing solutions such as SIEM and SOAR.
AI powered vs scripts and tools
Many email security and phishing mitigation providers position scripts and playbooks as an automated solution. While such solutions do have pieces of automation built in, these solutions still require a significant amount of work from the security team and are much less productive and adaptive. That said, humans can’t be written out of the process entirely. That’s because humans can still help to improve the automation inherent to machines – especially when it comes to interpreting intent and training the algorithms on the latest threats.
The caveat – Humans & machines can still work together
In a recent report, a Gartner analyst wrote:
“We can’t escape the fact that humans and machines complement each other and together they can outperform each alone. ML reaches out to humans for assistance to address intent uncertainty. ML aids humans by supporting administrator awareness and providing assistance to higher-tier SOC analysts.”
Believing this to be true, our advanced email threat protection platform automates processes that SOC and security teams don’t need to be involved in. IronTraps provides email investigation and clustering while Themis provides automated guidance and response as defined by internal policies.
But with our platform, we understand that automation shouldn’t be relied upon to make every decision because despite their intelligence, a verified human analyst is still needed to help it learn and become smarter. That’s why we argue human intelligence combined with automation, AI and machine learning to create the strongest email security platform that provides true automation.
We simply believe that the human intelligence shouldn’t have to focus on the tasks AI can handle.
If you’re ready to implement a truly automated security solution for your organization’s email, get in touch with us today.
(From IRONSCALES blog).
Be the first to comment