New Add-On Empowers SOCs and MSPs to Automate & Orchestrate Incident Response for Microsoft 365
Vade, the global leader in threat detection and response with 1.4 billion mailboxes protected, today announced the availability of Threat Intel & Investigation. An add-on for Vade’s flagship product,Vade for M365, Threat Intel & Investigation provides the integrations, intel, and tools for SOCs and MSPs to investigate and respond to email-borne threats transiting through networks.
According to a2021 report, breaches caused by phishing emails take an average of 213 days to be identified and another 80 days to be contained. This lag time gives cybercriminals the runway they need to conduct additional attacks on an organization, causing even more damage than the initial attack.
“Email is the #1 vector for cyberattacks,” said Adrien Gendre, Chief Technology & Product Officer and cofounder at Vade. “Unfortunately, SOCs and MSPs don’t always have visibility into how or when an email threat infiltrated their organization or how far it has spread throughout the network. The speed at which today’s cybercriminals are working means that organizations cannot afford to lose precious time on incident response.”
Vade for M365 is an AI-based email security solution for Microsoft 365 that catches the advanced phishing, spear phishing and malware threats that bypass Microsoft’s native security. The Threat Intel & Investigation add-on for Vade for M365 features five core capabilities designed to empower SOCs and MSPs to automate investigations, orchestrate responses and move swiftly and with precision to live threats:
- File Inspector: Deconstructs files and attachments directly in the Vade for M365 interface—without exposing administrators to risk. File Inspector reveals critical details about files and attachments, providing admins with the data required to make faster decisions, cross-check threats across networks and accelerate incident response across affected endpoints and users.
- Log Export: Injects live email and event logs into any security management system, a powerful two-way integration powered by the Vade for M365 API. Connect Vade’s email threat intelligence into your organizations’ SIEM or SOAR to trigger automation playbooks and enhance your disaster recovery program.
- Reported emails: Automates collection of user-reported emails and clusters similar, unreported emails in one dashboard, speeding user-based incident response and eliminating time-consuming, manual investigations. Receive alerts when users report emails via Outlook and quickly triage and remediate reported emails, similar emails, and forwarded emails with one click.
- Download emails/attachments: Provides access to raw email intelligence for objective evaluation by threat analysts, saving precious time and resources that are typically wasted on searching for and analyzing raw email data.
- Add-on for Splunk: Integrates Vade for M365 with Splunk without the need for custom software development. Combine Vade’s threat intelligence with Splunk’s SIEM and SOAR capabilities to have better visibility into the threat landscape and actionable insights with which to orchestrate rapid responses.
Vade partners and customers are already experiencing the benefits of Threat Intel & investigation, including Huntington Technology, a US-based MSP offering comprehensive managed services and managed security services:
“One of my helpdesk technicians excitedly came into my office last week. He asked if I had seen the new ‘Reported emails’ function within Vade,” said William Bluford, Vice President,Huntington Technology. “He explained that we can now see which emails are reported as malicious. Not only can we see those emails, but we can see how many users are affected, and we can then remediate and remove those emails from all user mailboxes. This saves time for my helpdesk team and keeps our clients protected.”
“Our customers have made clear that they need better visibility into their cybersecurity landscape,” Gendre said. “They’re challenged to monitor and manage threats from an array of end points, and IT is overburdened by too many complex tools. Threat Intel & Investigation was designed to give our customers the tools they need to thoroughly investigate threats, cross check those threats across their networks, and develop incident response processes—without the burden of complexity.”
Threat Intel & Investigation on brings all these capabilities to Vade for M365. Vade’s latest innovation will reduce incident response time, eliminate the need for additional security investments, and free up critical IT resources. Threat Intel & Investigation is available today in Vade for M365. To learn more, visitThreat Intel & Investigation.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!