Manually triaging user reported phishing and BEC emails consumes a huge amount of analyst time.
Many False Positives
As much as 95% of user-reported emails actually turn out to be safe, thus wasting analyst cycles.
The monotonous task of email alert triage wears down analysts, diminishing morale and retention.
Automating Abuse Mailbox Handling with AI
Radiant automatically triages EVERY user-reported email sent to your abuse mailbox using an AI-powered co-pilot. Radiant’s co-pilot automatically:
- Determines email maliciousness
- Notifies the reporter about the judgement
- Conducts a full investigation
- Provides analysts with a decision ready analysis of the incident
- Automates containment and remediation
Triage Email Automatically
The Radiant co-pilot uses an AI-powered triage engine to analyze every email alert and user-reported email to determine their maliciousness.
- Unlimited capacity – Relieve security teams from the laborious and repetitive task of reviewing suspected phishing and BEC emails, regardless of volume.
- Dynamic Analysis – Radiant’s co-pilot inspects headers, attachments, URLs, files, etc., and based on what it finds, dynamically selects and performs additional inspections in order to determine if a message is malicious.
Understand Incident Impact
Malicious emails serve as a common method for attackers to establish a presence but usually don’t represent the full attack. For example, a malicious email leading to a malware infection on a laptop.
- See the Entire Attack– Radiant stitches together data from multiple sources (e.g. email, identity, endpoint, network, and more) to follow the thread of incidents across attack types and data sources. This ensures no parts of an attack are missed, and are left unaddressed.
- Understand Root Cause – Obtain a comprehensive impact and root cause analysis for each malicious email, including the incident’s complete scope, including affected users, credentials, and machines.
Radiant automates containment and remediation of uncovered threats to quickly stop the spread of attacks and restore system health. For example, blocking a malicious email and isolating endpoints infected by its malicious attachment.
- Dynamic Response Plans – Unlike other SecOps tools, Radiant has no static or predefined playbooks. Instead, Radiant’s AI-powered co-pilot automatically selects and performs corrective actions based on what is found during impact analysis.
- Automate within your comfort level – Analysts are provided access to instructions on how to perform each action manually using your tools, the ability to resolve items from Radiant with a single click, or the option to run a fully-automated response.
Streamline Escalation Processes
Addressing the full scope of incidents often requires obtaining permission to corrective tasks from non-security business partners, such as permission to isolate an executive’s laptop after being infected by a phishing email.
- Efficiently Obtain Approvals– obtain permission to perform corrective actions from stakeholders and business partners directly from within Radiant as part of response workflows. This ensures your security team has the ability to quickly address potential threats.
Automate Communication Workflows
Phishing and BEC review is an interactive process where reporters expect a response and slow communication greatly hinders participation by end users. Radiant can automate communication with stakeholders, email reporters, and affected users to ensure all parties are up to date with activity.
- Custom Response Templates – Use customizable templates as part of granular response workflows, providing updates on submission status, outcomes, and corrective actions taken.
- Productivity tool integration – Interact with your teams using the tools they are accustomed to, including Slack, Teams, email, and more.
Implementing safeguards within an organization is crucial to minimizing the chance of a future recurrence. After an incident has concluded, Radiant may suggest steps that can be taken to improve environmental resilience, such as enrolling users who interacted with a phishing email or engaged in a BEC campaign in phishing training.