– Nearly every successful cyber attack involves malicious use of email. We are excited to see how Secure Practice contributes to solve this challenge, by enabling users to check suspicious emails and get a timely response, explains Richard K. Jensen, director of sales at Mnemonic.
Mnemonic is an international cyber security partner which features as a representative vendor in Gartner’s market guide for Digital Forensics and Incident Response Services. With offices in Norway, Sweden, UK and the US, their customers can benefit from 24/7 security monitoring based on a global threat intelligence.
– Although email gateway solutions deal with 99 % of spam, some emails will always reach through to end users. Even one percent of a large volume is still a lot, and this is where Secure Practice helps out, continues Jon-Finngard Moe, manager of Mnemonic's system integration department.
Hybrid analysis model
With end-user access to check any email, Secure Practice gives room for a second opinion on anything that passes beyond spam filters. Although a large amount of analysis has been automated, some emails will still need manual investigation.
In partnership with Secure Practice, Mnemonic has built an integration which turns this into a completely transparent operation for their customers. End-users receive the verdict directly through the Outlook add-in, and every analysis comes to the benefit of everybody else.
– With the service APIs, we can run every email through several automated checks, in addition to the machine learning service provided by Secure Practice. Most of these analyses will be determined automatically, and within seconds, says Moe.
Mnemonic's Security Operations Center (SOC) is further staffed by several experts who analyse thousands of events every hour. Now, they can be reached directly by end-users in a matter of minutes, unless of course automation has taken care of the request already.
– This is much more efficient than common practice today, where employees sometimes forward suspicious emails to their IT administrator, or other colleague internally. Usually this goes down without including email headers and attachments, so the IT administrator needs to respond back asking for a complete message, which takes up a lot of time, explains Jon-Finngard Moe.
Digitalization where it matters most
Moe describes how Mnemonic is offering email analysis as an integrated service to their customers, and continues to invest in their partnership with Secure Practice.
– Getting access to the right data is critical for efficient incident response. With this partnership, everything goes into our analysis pipeline so we can find threats faster, and potentially propagate threat data to automate mitigating actions, he explains.
– Among the events we analyse, we also see new, directly targeted campaigns that have yet to be detected by any signature. This is where an even higher value in our hybrid analysis model is found, Moe continues.
Mnemonic is already using data from analyzed emails to block malicious DNS lookups in customer networks. They are also developing integrations which make it possible to automatically remove detected email threats across customer email servers.
– We need to focus our efforts where they matter the most, and email is where we find the volume of attacks. Thus, this is also where you can retrieve the biggest rewards through automation and digitalization, says Moe.
– It is also great to see that end-users can be valuable contributors to security, in contrast to being perceived and treated as a problem, Richard K. Jensen concludes.