Armorblox brings natural language understanding (NLU) to automate Email Incident Response, now available in Cortex XSOAR

Lauryn Cash
Written by Lauryn Cash
News and Commentary /
Armorblox brings natural language understanding (NLU) to automate Email Incident Response, now available in Cortex XSOAR

Targeted email attacks like Business Email Compromise (BEC), impersonation, account takeover, vendor fraud and phishing attacks pose high financial risks to organizations of all sizes. Instituting security awareness training and user reporting has resulted in unintended consequences of end user alert fatigue and limitless amounts of manual effort from SecOps to respond to each of these user-reported email threats.

As organizations try to stem the phishing tide, SecOps teams find themselves repetitively checking similar suspicious emails across mailboxes, meticulously inspecting headers and metadata, and manually triaging threats (quarantining, delete). These manual tasks end up being a huge time sink and bandwidth restraint for SecOps teams who must prioritize time working on strategic projects.

Armorblox combines natural language understanding (NLU) with ML-based behavioral techniques to detect threats that are socially engineered. Using native APIs, it integrates with Microsoft Office 365, Exchange and Google Workspace to automate the orchestration of incident response processes such as marking the emails into delete, spam or quarantine folders. Armorblox accelerates mean time to resolution allowing SecOps teams to realign focus towards threats that need human review and proactive security planning.

Armorblox is excited to announce that abuse mailbox remediation can further benefit security teams as a downloadable content pack on Palo Alto Networks Cortex XSOAR Marketplace. This new content pack expands the current offerings for Cortex XSOAR customers, providing SecOps teams with automated email incident response and playbooks that span across network, endpoint, cloud and email security. Armorblox enables automation of investigations and threat hunting while improving visibility into targeted email threats: such as wire fraud, invoice fraud, credential phishing, and account takeover attempts.

“Our cloud delivered email security platform prevents the most sophisticated email based threats across a broad spectrum of financial fraud, phishing, account takeover attempts and ransomware,” said DJ Sampath, Co-founder and CEO of Armorblox. “We are excited to partner with one of the world’s largest security marketplaces, as it will provide Cortex XSOAR customers the ability to develop playbooks that integrate threat alerts from email security with network, endpoint, cloud and other infrastructure.”

Together, Armorblox and Cortex XSOAR enable security and IT teams to automate email threat prevention, monitoring and triage to improve security posture and accelerate incident response.  Security teams can utilize these functions with a single click installation of the new Armorblox content pack on Cortex XSOAR Marketplace and connect to the network in minutes over API.

“A robust, open ecosystem is at the heart of Cortex XSOAR,” said Rishi Bhargava, VP of Product Strategy for Cortex XSOAR at Palo Alto Networks. “We are proud to welcome Armorblox to the Cortex XSOAR Marketplace ecosystem, which has 830+ integrations that enable our customers to prevent phishing attacks, sophisticated socially engineered threats, and connect disparate security tools and data sources to enable maximum efficiency in the SOC.”

The addition of Armorblox to the Cortex XSOAR Marketplace benefits security teams by:

  • Automating response actions with predetermined policies to increase resiliency against targeted email attacks.
  • Utilizing email threat intelligence with XSOAR playbooks that span across network, endpoint, cloud, and other security tools.
  • Detecting and preventing phishing attacks based on user & behavioral analytics and natural language understanding.
  • Preventing accidental or malicious loss of sensitive data and gaining visibility into compliance violations.
  • Automating forward-looking remediation actions on identified threat types across all user mailboxes.

Build out your security program with the Armorblox content pack, now available on the Cortex XSOAR Marketplace.

To learn more about how Armorblox protects businesses from fake invoice emails, phishing attacks, and other scams, take a 5-minute product tour today.

Take a 5-minute product tour

Read This Next