.png)
.png)
.png)
User Report Auto Classification is available to Material customers today with the release of 1.20
Ever notice how often we spend disproportionate amounts of time on some of the most mundane activities? The amount of time I spend doing laundry for myself and my kids… it doesn’t seem like it should take nearly as much time as it does to fold a small pile of tiny shirts.
For many security teams, staying on top of user reported potential phishing attacks is often just such a task–triaging and investigating submitted emails, responding to users, finding other similar emails, remediating the actual threats and responding to users. Hours and hours each week on a detection signal that more often than not surfaces false positives.
Material simplifies user reported response
Material already helps ease some of this pain by automating the response to user reports, finding similar attacks across the company’s email footprint, and applying a speedbump too all similar messages in all inboxes immediately upon the initial report.
Now what was one of the most time-intensive email security tasks for security teams has become significantly more hands-off: Material will investigate, triage, and remediate the majority of user reports automatically, without any manual intervention needed from your security team. Only the very small number of user reports where Material’s AI is unable to confidently determine a classification will require attention.
How does it work?
Immediately upon the first user report submission, Materials investigation begins. The first step is to check whether the email is coming from a trusted source–one of the strongest indicators of whether an email is malicious or not. From there, our machine learning model analyzes over 2,000 factors to classify it as malicious, spam or safe. If a determination cannot be made with a high degree of confidence, the case will be marked as Unknown and surfaced to the security team.
For emails determined to be safe, the reporter is notified that the message is safe to interact with, and no further action is taken. If it’s determined to be spam, the message (and any others detected) is marked accordingly. If the system is unable to make a classification with high confidence, it’s marked as unknown for security team triage.
If the email is determined to be malicious, the case is handled automatically as Material customers are used to: similar emails are detected and clustered within the case, and the automated remediation configured by the security team is applied (either a speedbump to warn users of potential threats, blocking links, or outright deletion of the email from inboxes). Details of the investigation are provided within the Case UI, with simple and straightforward explanation of the signals that led to the determination.
As with every Material detection and automated remediation, security teams can always change the classification and remediation if further investigation warrants.
What’s next?
User Report Auto Classification is available to Material customers today with the release of 1.20. Note you will have to enable User Report Auto Classification within settings, where you’re also able to configure the default response actions.
If you’re interested in learning how much time your security team can save on all aspects of email security, including user report response, contact Material Security for a demo today.