Email communications that land in end users’ inboxes that look "phishy" typically end up being reported to security operations centers (SOC). Managing these user-reported phishing emails, or abuse reports, is a crucial aspect of cybersecurity; however, if done manually requires significant time and effort. Learn how Armorblox simplifies this process for security teams and provides an easy way for admins to keep end users informed and engaged in the security process.
Email communications that land in end users’ inboxes that look phishy typically end up being reported to security operations centers (SOC). These emails, which can be disguised as legitimate messages from reputable organizations or individuals, often use social engineering tactics to trick victims into providing sensitive information – therefore, making it critical that these emails be detected sooner, rather than later. To aid in this, organizations set up dedicated mailboxes to receive these user-reported phishing emails, such as an abuse mailbox.
Managing these user-reported phishing emails, or abuse reports, is a crucial aspect of cybersecurity, as it enables SOC teams to identify and respond to email attacks quickly – mitigating potential threats. However, handling these reports can be a daunting task, requiring significant time and effort to analyze, classify, determine the severity of each report, and respond accordingly – especially for organizations that receive high volumes.
Armorblox not only simplifies this process for security teams but also provides an easy way for admins to keep end users informed and engaged in the security process. In conjunction with Armorblox Abuse Mailbox, admins can now send automatic User Feedback Email Notifications to end-users, based on the type of abuse report submitted. Through the sending of these automated email notifications, end-users are kept up-to-date with automatic communication regarding the submitted Abuse Report: acknowledgements of abuse reports received, confirmation that submitted reports are phishing simulation tests, and information regarding submitted reports that match emails marked as safe, spam, or a potential threat – encouraging end users to continue to play an active role in identifying and mitigating threats in the future.
Armorblox out-of-the-box templates enable effortless and immediate communication with end-users through automated User Feedback Email Notifications for all abuse reports, with a single click:
- Report Reply: Emails automatically sent to end users acknowledging the receipt of a new abuse report submission
- Phish Test: Emails automatically sent to end users when an abuse report matches a confirmed phishing simulation emails (like from KnowB4, Cofense)
- Malicious Email: Emails automatically sent to end users for abuse reports that match or are similar to emails Armorblox identified as malicious
- Safe Email: Emails automatically sent to end users for abuse reports that match emails that have been marked as safe by Armorblox or by Admin
- Spam Email: Emails automatically sent to end users for abuse reports that match emails that have been marked as spam by Armorblox or by Admin
Admins can easily manage these out-of-the-box templates within the Armorblox Settings tab. Once enabled, these emails will automatically be sent to end users whenever an abuse report is submitted that matches the criteria – either a generic acknowledgement reply, response to phish test, or as a result of a manual remediation (malicious, safe, spam).
These out-of-the-box templates come standard for every Amorblox customer, so admins can keep end users in the know starting on day one. Of course, these templates are all customizable, to fit the needs of each security team. With this feature, admins can simplify and expedite their abuse report management process, while ensuring clear communication and feedback with end-users.
Above we see the out-of-box template for sending an automated acknowledgement that an Abuse Report was received. Within the editing screen, admins can customize any and all parts of this template.
In addition to these templates, Armorblox also allows for the creation of custom User Feedback Email Notifications. These templates allow security teams to create automated emails from scratch, from acknowledgement emails that get automatically sent upon abuse report submission to remediation-based emails that contain tailored information about the reported incident. Custom templates provide the flexibility needed for security teams to ensure that end users are provided and receive the pertinent information needed to stay part of your cybersecurity defense and maintain a good security posture.
Automatic Email Notifications Streamline Abuse Mailbox Remediation Processes for Security Teams
Armorblox automated User Feedback Email Notifications streamline the process of managing the communication across end users for abuse reports received; additionally, this new feature streamlines the process of managing abuse reports for security teams. By integrating with abuse mailbox remediation (either auto-remediation or manual remediation), admins can utilize these notifications to complete the feedback look that end users eagerly value, while saving security teams valuable time and resources through the elimination of manual response.
Now, the auto-remediation of abuse reports, detection, remediation actions, and response to end users can happen in one streamlined process. For example, admins execute the following process all within Armorblox in a few simple steps:
- Search all emails across end user mailboxes by the subject of the abuse report “Review your network credentials”.
- Click into and review incident details, confirm Armorblox initial identification was correct that this email was a phish test sent from KnowB4.
- Apply bulk remediation action of “Ignored”, and send the automated “Phish Test” User Feedback Email Notification to all end users that submitted an abuse report for this email, with a single click. The out-of-the-box template for “Phish Test” communicates that the reported incident was a phishing simulation from KnowB4, was not a malicious credential phishing attack, and shows appreciation to the end user for continuing to be an important part of your organization’s cyber defense.
Armorblox doesn’t just help streamline security processes for phishing simulation emails, the same automated processes can be applied to any remediation action taken across incidents:
- Search across all abuse reports by time, confining the results to all abuse reports submitted yesterday between 9am to 12pm.
- Click into a review the incidents details matching the abuse report submitted by Barty Crouch, confirm that this incident was indeed spam and does not contain any malicious links.
- Apply bulk remediation action of “Delete”, and send the automated “Spam Email” User Feedback Email Notification to Barty and the other 50 end users that received similar or matching emails. Because your organization customized the out-of-the-box “Spam Email” provided by Armorblox, end users automatically get sent the information that your security team has deemed pertinent for end users to receive for all abuse reports submitted that are spam, including the remediation status of “Delete”, best steps to take if there are questions, and shows appreciation for the end users for aiding in your organization’s cyber security efforts.