Cyber Risk Aware has released SOARDphish. It is an automated solution response system for analysing emails. It looks at suspect emails reported by employees to see if they pose a threat. To do this is uses scanners, sandboxes and threat intelligence repositories. The goal is to reduce the mean time to detect (MTTD) and improve the mean time to respond (MTTR).
Stephen Burke, CEO of Cyber Risk Aware, said: “We’ve seen phishing attacks evolve in sophistication and numbers, with many businesses facing a continuous onslaught of automated phishing attacks striking their networks. We knew there was a need to meet this head on, at the same speed these attacks were hitting businesses; and we wanted a solution that moved away from increasingly costly, labour intensive manual phishing email analysis.
“By introducing SOARDphish™, a cyber risk management system that automatically analyses any suspected phishing email reported by staff, our clients and partners are now able to automate an incident response step system that deals with the positive threats, taking their cyber protection to the next level.”
How does SOARDphish work?
The key to SOARDphish is automation. It removes delays between employees spotting something suspicious and the IT security team triaging and remediating it.
Once an email has been reported, the system does several things. It looks at the email to see if there is any known threat report that links to the email’s content. This might include a suspicious link, a suspect attachment or a known URL hidden in the text.
Once it has determined there might be an issue with the email, the system looks at log files to see who else has received the email. More importantly, it looks at any action they might have taken, such as clicking on a link. If that has happened, it disables that machine to prevent any risk of an infection spreading laterally throughout the organisation. SOARDphish goes through the full detection, response and recovery phases at machine speed.
Importantly, SOARDphish also integrates with the Cyber Risk Aware PhishHuk plugin. It allows IT security teams to gamify security by sending simulated phishing emails to staff. SOARDphish can monitor user response to a test and improve employee training.
Enterprise Times: What does this mean?
Improving email security is something all organisations need to do. One of the problems for organisations is that users are often loathe to make reports in case they are mistaken. Worse, they often don’t report clicking on a suspicious link in case they are punished for it.
What is important here is that it only takes one user to make a report to have an email scanned and verified automatically. It doesn’t take up IT security team time, so there is no penalty for reporting emails.
Even more important is that if an email is suspicious, the system will do all the remediation without user intervention. This is a major boost to email security by limiting the risk of an infection spreading beyond a user who has clicked a link.