As the platform of choice for digital disruptors, Amplitude has grown rapidly since it was founded in 2012. In September 2021, the company went public — a massive, exciting step for any business and its employees. But with that excitement and growth comes increased potential for security risks. For Amplitude, that meant protecting an ever-growing email footprint against more sophisticated and targeted attacks.
High Growth, High Risk: The Stress of Phishing Triage
Phishing attacks are a constant source of stress for any security professional because they’re very difficult to control. No email system’s built-in blocking tool will be 100% effective. This leaves users’ reports of phishing attempts as an essential layer of defense for any organization. But even after rigorous training around spotting and reporting phishing, humans are not fool-proof, and are prone to make mistakes.
"I’ve always been hyper-paranoid about phishing and spam. It’s always been an area where I feel like I don’t have full control. All my control has been put in the faith that humans will make the right decisions. But I’m human. I don’t always make the right decisions."
Some of Schultz’s paranoia can be tied back to one particular incident that occurred before he joined Amplitude — the OAuth Google Docs worm in 2017. “That was one of the worst days I’ve ever had in IT,” Schultz recalled. “Everyone was clicking on that piece of phishing mail because it was made to look so good. That was just a super crushing day.” The OAuth worm managed to bypass Google’s blockers because of its sophisticated, novel approach that leveraged legitimate cloud infrastructure. Schultz was desperate for a more effective and efficient phishing incident response.
“The whole ordeal left me wondering, ‘How could I have prevented this? How could I have responded faster? How could I have had more visibility?’”
Empowering Users to Protect One Another
While Schultz had evaluated countless other email security tools, they seemed to create more problems than they solved, and still failed to reduce the pain associated with phishing detection, reporting and response.
“They [other email security tools] all made my life even more stressful. I couldn’t trust their architecture. They caused too much user disruption even after hours of setup and deployment. Eventually, I gave up and figured I would wait for a more complete solution. Then Material stepped into my life.”
Schultz was first introduced to Material’s Phishing Protection solution by a friend. Here’s a quick view into how it works:
Step 1: An Amplitude employee reports a suspicious message. They can use any preexisting reporting process such as mailing lists, labels, folders, etc. No retraining necessary.
Step 2: Material automatically finds and aggregates similar messages across the Amplitude employee base to manage the campaign as a unit.
Step 3: Material immediately applies Amplitude’s preferred remediation to the attack. For example, Material can add a message warning users to be wary of this email or not allow any user to access the email until the security team reviews it.
"The time it takes between a user reporting an attack and the security team triaging and remediating it is critical. With Material, an Amplitude employee can simply forward one piece of suspicious mail and immediately protect all other employee inboxes."
With Phishing Protection, Schultz and his team can automatically defang links and attachments in reported messages, move them to spam, show custom educational warnings, and more, all without needing to wait for security review. Plus, if someone mistakenly flags a legitimate email, an administrator can undo the protections in a matter of minutes via the Material platform.
“The ability to mark an email safe is huge for Amplitude. We have more flexibility and granularity and can allow our users to work how they want to. This wasn’t possible for us in the Google Admin console — the available controls felt either too broad or too specific to be useful.”
Engaging Teams to Drive Security Adoption
Phishing Protection has helped positively affect the security culture at Amplitude. Employees now have the power to immediately protect their fellow colleagues by simply reporting anything suspicious. People want to protect the business and have a positive impact.
As an added bonus, every time a user reports a suspicious message, it becomes a training opportunity for other users. Material leaves a harmless copy of the reported message in users' mailboxes to see who would have fallen for it.
“Amplitude employees love the idea of being a superhero. People want to help their teammates and make a difference in protecting the company from a disastrous event. Material empowers our users to be our best defenders.”
To explore what Material can do for your business, request time to chat with our team here.