How Torq Hyperautomation Simplifies Phishing Analysis for SOC Teams

2023 went down in history as the worst year for phishing attacks on record, with nearly 35 million attempted business email compromise (BEC) attacks detected and investigated, according to the Microsoft Threat Intelligence Cyber Signals report. Unfortunately, phishing analysis is one of the most time-consuming tasks for the SOC. Responding to a phishing incident requires careful examination. SOC analysts quickly become overwhelmed by the volume of potential threats that need manual inspection, thanks in part to the use of Generative AI in these social engineering-based attacks. Phishing attacks have become so difficult for the untrained eye to detect that reports show that over 60% of end-user-reported phishing emails are false positives. SOC teams spend hours manually checking each email, attachment, and link against different databases and tools, which is time-consuming and error-prone. 

Streamlining Phishing Analysis in the SOC

Torq Hyperautomation helps automate repetitive phishing attack mitigation tasks, providing consistent and accurate case management without the fatigue. With Torq, SOC teams can quickly identify and evaluate risks through automated phishing analysis, cutting down analysis time from hours to minutes and freeing up analysts’ time for more critical tasks. By automating these otherwise monotonous tasks, security teams reduce false positives, experience less burnout, and can finally manage the growing volume of threats.

Monitor an Outlook Mailbox for Phishing via Graph Subscription  

Torq Hyperautomation empowers SOC analysts to automate phishing analysis and improve SOC team efficiency using several pre-built phishing templates in our template library. If you’re an Outlook user, this one is for you! 

First, select the “Monitor an Outlook Mailbox for Phishing via Graph Subscription” template from the library. From there, once an email hits the monitored inbox, Torq will receive a copy to analyze. When the analysis starts, the email will be labeled as  “Scan-Started” within Outlook while the necessary elements are extracted and observables are enriched. Once the analysis is done, the labels within Outlook will change to show the verdict. In this example, we can see that the email contains malware and phishing URLs. 

All results will then be added to a new case as custom fields, observables or attachments. All additions to the case are shown on the timeline for compliance tracking purposes. The overview of the case shows details about the email along with the verdict for the attachment and URL. Custom fields include important data such as DMARC and SPF analysis to help understand if the email is coming from a trusted sender. As a result of the phishing URL enrichment, a screenshot of the site is attached, and we know without visiting the website that it is impersonating a known service. 

All sub-observables are attached and show a malicious verdict. As the final step in this case enrichment, AI reviews sanitized data pulled from the verdict and generates a human-readable summary of the entire case analysis.

Automate your Phishing Analysis with Torq

Phishing analysis automation with Torq Hyperautomation significantly reduces the workload for SOC teams. Torq integrates with several key partners to offer use cases that can help organizations prevent, protect against, and understand phishing attacks and avoid costly data breaches. Want to learn more about how you can automate phishing analysis with Torq Hyperautomation? Get a demo.