November 21, 2023 · 5m read
New in Material Phishing Protection: Enhanced Detections, Improved Triage UX, and Added Insight Reports
With email-based attacks on the rise in both volume and sophistication, Material Security continues to innovate in key areas of cloud office security to better protect your critical Microsoft 365 and Google Workspace environments. We’re pleased to showcase new and enhanced capabilities in our Phishing Protection product to accelerate your threat detection & response workflows.
As organizations continue to work in the cloud, the surface area to protect widens as the footprint grows. Traditional approaches to email and data security that place too much emphasis on perimeter defenses are failing to keep up with the pace of technology and evolving threat landscape.
Material takes a holistic approach to cloud office security with a platform-first approach – protecting accounts and data over the full threat lifecycle, not relying solely on inbound and outbound detections getting it all right (which they won’t).
For an in-depth walkthrough and demo of these new Phishing Protection capabilities, view the recording of our recent Product Showcase webinar on YouTube here.
What's New in Phishing Protection
Enhanced Email Threat Detections
Phishing exemplifies the need for a defense-in-depth strategy. As attacks become more sophisticated, the need for layered, advanced detection techniques only grows more urgently – there is no one-size-fits-all approach to threat detection given the varied nature of emerging attacks.
At Material, we adopt a multi-faceted approach to threat detection, balancing the need to evolve with threats while minimizing false positives for the Security Operations teams. We’ve found that the depth of more sophisticated attacks require a heightened level of detail beyond what could be achieved with any gateway service. And as the industry embraces AI as a detection mechanism, many basic implementations result in excessive false positive noise.
To counter this, our team combines manual and automated techniques to effectively identify and address threats. Our expanded set of detection techniques include:
Out of the Box Detections: Utilizing Material AI, threat research, and open-source libraries to identify malicious messages.
Custom Detections: Tailoring detection to bespoke Indicators of Compromise (IOCs) and phishing campaigns uniquely targeting individual organizations.
Native Alerts: Integrating often-overlooked post-delivery alerts from Google and Microsoft.
User Reports:Analyzing reports from various sources, including third-party tools.
The Material Threat Research team constantly adds new detections based on current active campaigns and shared cases from customers. These detections are back-tested against all historical data, greatly improving accuracy versus alternatives.
Our use of Generative AI is focused – we leverage LLMs to explain detections and recommend remediations so that analysts can make their own educated judgment with additional context. In keeping with our isolated, single-tenant deployment model, any use of LLMs is performed solely within your Google Cloud Platform deployment.
While detections alone are not a complete solution to risk mitigation, a robust and intelligent defense system is essential. Our detection architecture is not only fine-tuned for current threats but also adaptable to anticipate future challenges.
Improved Case Triage UX
Security Operations teams grapple with the daily challenge of prioritizing and triaging issues from a range of sources. But often teams are overwhelmed with large volumes of false positives, and under the gun on time. The absence of vital context when a genuine threat emerges further intensifies this pressure.
As teams are inevitably being asked to do more with less, every minute counts and every workflow matters. We’ve taken great care to continue to refine our case triage experience – ensuring that we’re surfacing issues that deserve to be triaged, and then making them seamless to handle with the right remediation.
We’ve consolidated all cases into a unified view with additional attributes to help prioritize. Analysts can rapidly assess the nature and classification of issues, with insights into potential remediation steps. Our remediation options are versatile, allowing administrators to choose from immediate blocking, user warnings via banners, or implementing 'speedbumps' via step up authentication. This flexible approach, superior to conventional methods, allows for effective security measures without significantly disrupting the end user experience.
When diving into specific cases, we’ve improved the user experience by providing additional context and a more intuitive layout. The detail view includes a complete view into the messages’ content, links, attachments, and headers for inspection, with a detailed timeline for quick reference. An AI-powered explainer function deciphers email headers and content into easily understandable information for analysts. To prevent repetitive tasks, our system identifies similar messages across the entire email tenant, ensuring that a single remediation action applies to the entire workspace.
These enhancements to our case triage experience are notable improvements for Security Operations teams. By consolidating cases into a unified view and streamlining the remediation process, we've significantly reduced the Mean Time to Respond (MTTR). This improvement is quantifiable: customers have repeatedly reported a significant reduction in triage time and energy. Faster response times not only mitigate the potential damage from threats but also free up valuable resources, allowing teams to focus on more strategic tasks. This optimized triage process is not just about managing threats more effectively; it's about transforming the overall efficiency and capability of security operations in an increasingly complex risk environment.
Added Insight Reports
Securing the cloud office requires a holistic strategy encompassing threat detection & response, vulnerability management, and sensitive data protection. While phishing is a critical and actionable aspect within this framework, quantifying and improving its management is challenging, especially when daily operations resemble an endless game of "whack-a-mole".
Addressing cloud office risks necessitates not just a cross-functional approach but also a shared vocabulary that links measurable outcomes with executive understanding. This connection is vital for correlating team performance with broader organizational awareness.
To aid in these critical discussions, we’ve integrated a set of new reports into our dashboard. These reports offer historical insights into phishing attacks and your team's response efforts, enhancing decision-making processes. The reports include:
Summary Report: Offers a high-level overview of key metrics and trends from the detailed reports.
Threats Report: Provides data on the variety of threats encountered, including attack types and threat actors.
Detections Report: Shows data on threats identified by Material, Custom Detections, or Email Provider Alerts, alongside the corresponding responses.
Abuse Mailbox Report: Details trends and metrics regarding potential threats reported by employees and the subsequent actions taken.
Simulations Report: Offers insights into phishing simulation exercises and their outcomes.
These reports not only shed light on specific aspects of phishing attacks but also facilitate a comprehensive understanding of the team's performance and strategic responses.
Gain the Material force multiplier
Our customers see a notable difference in the performance and experience of Material over alternative email security tools. With our focus on the full threat lifecycle from end-to-end, customers gain layers of intelligent defenses to thwart incoming attacks, with added protections around the sensitive data that exists across the organization. As the threat landscape continues to evolve, one thing is clear – email isn’t just a vector, it’s also the target.
“Material is email security. If you do anything with sensitive data, use it.”
Ready to give Material Phishing Protection a spin? See a demo for yourself.