Agari introduces phishing incident response solution for cloud office suites

Agari Incident Response is the purpose-built phishing incident response solution for post-delivery remediation in Microsoft Office 365 environments. It eliminates error-prone and time-consuming reporting and response with automated investigation and remediation workflows that reduce phishing incident response time by up to 90 percent—enabling businesses to prevent and contain breaches before damage is done.

In a survey of more than 300 security professionals, Agari determined that the average company responds to 23,053 phishing incident reports per year—yet 50 percent are false positive reports from users. Responding to a phishing incident takes an average of 353 minutes (almost six hours); and even false positives take an average of 238 minutes (four hours). All of these reports and hours add up—at a cost of $253 per phishing incident—or nearly $4.3 million per year.

“Many organizations’ security operations teams report that their work around investigating suspected phishing emails is heavily repetitive and requires many meticulous steps, such as checking multiple blacklists and different IT systems within the company,” reports Gartner Research VP and Distinguished Analyst Anton Chuvakin and VP Analyst Augusto Barros in Preparing Your Security Operations for Orchestration and Automation Tools, in February 2018.

However, the cost for not investigating phishing incidents is even higher. According to a 2018 IBM/Ponemon study, the average cost of a data breach in the United States is $7.9M. The 2018 Verizon Data Breach Incident Report indicates that phishing represents 93 percent of all breaches investigated—with email as the main entry point in 96 percent of cases. The Verizon DBIR also notes the disparity in breach response: the average breach exfiltrates data from an organization in hours, but the average time to discover a breach takes months.

Agari Incident Response is a phishing incident response solution that integrates with Microsoft Office 365 to remove all phishing emails from user inboxes. Agari Incident Response delivers impact analysis—including URL, attachment and sender forensics—enabling security teams to ignore false positives and slash phishing incident response times.

A centralized dashboard records breach containment metrics and measures reductions in phishing incident response times, so security teams can demonstrate a positive ROI. By streamlining phishing incident response times and removing malicious emails from inboxes, Agari Incident Response contains breaches in minutes instead of months.

Training end users to identify and report phishing emails is challenging; it is a time-consuming and error-prone process for both end users and security operations. Many businesses accumulate tens of thousands of user reported phishing incidents per year, which have a 50 percent false positive rate. These reports take an average of 5.9 hours per phishing incident to analyze and require manual processes involving multiple tools to remediate.

Security orchestration, automation and response (SOAR) tools that claim to address this challenge but are expensive and complicated to implement, requiring custom coding to integrate before they add value. When a SOAR system was implemented, 50% of respondents reported incident response times over 1 hour per incident compared to 59% for non-SOAR adopters, a minimal reduction.

“Security operations shouldn’t have to spend all their time on chasing false positive user reports, while other security breaches go undetected,” said AJ Shipley, Vice President of Product Management, Agari. “Agari Incident Response is changing the variables in the phishing incident response equation to take less time and with less error…and the solution is to provide demonstrable savings to the business.”

Agari Incident Response is a part of the Agari Secure Email Cloud, a next-generation email security solution that detects, defends against and deters phishing and identity deception attacks. Agari Incident Response will be generally available to all customers within 30 days.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.