Here’s another interesting use case successfully automated.
One firm’s cyber-awareness team sends periodic e-mails, phony Phishing messages, to all corporate employees to test their organization’s ability (individual and collective?) to detect malicious e-mails. The cyber-awareness team expects the SOC to provide a summary report of all of the phony messages that conscientious employees forward to the SOC phishing inbox. If I recall correctly, SOC team members were spending up to 20 minutes per message of this type. (SOC analysts had to search for hidden text within each such message to confirm that it was authored by the cyber-awareness team, and then they had to update a spreadsheet with their findings (and perhaps there was one other step that I’m not recalling).)
When any message is ingested from the SOC phishing inbox the automation suite automatically searches for the hidden text, and when confirmation is made, the automation sets appropriate fields in the record representing the ingested message so that it’s included in the report consumed by the cyber-awareness team.
During the first 6 weeks in production there were more than 1000 positively confirmed messages sent to the SOC team’s inbox originating from the cyber-awareness team. Happily, none of these had to be reviewed by a SOC Analyst.
Assuming an average time of 7 min per phony phishing message when handled manually in former months, the SOC team saved ~7000 min, which is more than 116 hours of effort, for those first 1000 such messages post deployment of the automation.
That’s a win!