Executive Summary
- Advantage is a well-respected and experienced MSSP who has served small and mid-market clients for over 25 years
- Their existing clients’ security training was not effective, with hundreds of malicious emails landing in user inboxes, and an average of 13 successful phishing compromises per company yearly
- Advantage required a solution that gave visibility into the phishing threats evading security controls
- Delivering the Cofense Phishing Detection and Response solution as a managed security service,
Advantage is now able to completely stop an attack within 7 minutes of a suspected phish being reported
Challenge
The average dwell time for attackers after a breach is 78 days and over 90% of breaches start with a Phish.
Advantage, one of the most experienced IT providers in New Zealand and a Cofense Managed Security Services Provider (MSSP), saw clients struggling to keep up with the phishing attacks and the volume of suspected phishing emails that they were receiving.
Prior to standardising on the Cofense Phishing Detection and Response (PDR) Suite, Advantage observed hundreds of malicious emails bypassing existing email security technology and being delivered to user inboxes. This led to an average of 13 successful phishing related compromises per customer per year.
Advantage was offering an LMS-style training, which took hours of end users’ time but lack of feedback to end-users was not reinforcing the learned behaviors, nor did it close the loop. Clients didn’t know if the email they reported was malicious or not.
It became apparent to Brad Pearpoint, CEO at Advantage, that forcing their customer’s employees through countless mind-numbing hours of computer-based training was not resulting in a more resilient posture to phishing attacks.
Solution: Cofense PDR Platform
Advantage knew it needed to implement a phishing service that would deliver the right amount of training in the most concise manner possible and condition their client’s employees to identify and report suspicious emails to Advantage’s Security Operators Center (SOC) team.
This real-time alerting on potential phish that none of their other technologies detected was invaluable. Advantage could fix the blind spot they, and their customers, were exposed to.
Advantage chose the Cofense PDR platform for many reasons, but automation was key for their team. The Cofense PDR platform combines technology with a network of over 25 million people around the world, all actively identifying and reporting suspected phish. As a result, when a phishing attack is detected in one organisation, the intelligence is used to stop an attack within other organisations across Cofense’s network of customers and partners.
“As soon as one of our clients reports to us, all of our clients are protected from that same attack. We see who else has received the same phishing email, not just inside the one customer, but across customers around the world.”
– Brad Pearpoint, CEO, Advantage
After implementing the Cofense PDR platform, Advantage saw a rise in suspicious emails reported from their clients. Using Cofense’s Reporter button, a plug-in co
mpatible with most OS platforms and mobile devices, reported emails climbed from 25 to 215 per customer per month. Advantage’s customers got an easy way to report phishing emails and get a response. Once Advantage had real-time visibility into attack campaigns, they took swift action.
“Our ability to protect customers has improved dramatically with the Cofense PDR suite as has customer satisfaction.”
– Brad Pearpoint, CEO, Advantage
With the Cofense PDR platform, Advantage can quickly identify the phishing emails that bypass email gateways and gain advanced insight needed to
rapidly detect, analyze and auto-quarantine phishing attacks.
Results
The math is compelling. Before using the Cofense PDR platform, Advantage customers reported an average of 25 phishing emails per month. After using the Cofense PDR platform, the reports climbed to 215 per month as its customers had an easy way to report suspicious emails. Now Advantage has visibility into attack campaigns and can quickly take action. They proactively use intelligence from one client to stop attacks across their entire client base, often before they even report.
“We are seeing the vast majority of phishing attacks on our clients. Before we implemented Cofense, only a small percentage were reported to us leaving our clients at increased risk.”
Prior to deploying the Cofense PDR platform as a managed service, Advantage saw an average of 13 successful phishing-related attacks per client each year. Since implementation, none of their clients have fallen victim to phishing attacks.
And Advantage has added more than 300 IOCs per customer to its threat intelligence platform to block future/emerging phishing campaigns.
Automation was another benefit. Using the clustering functionality in Triage and the autoquarantine functionality in Vision, Advantage was able to effectively use their limited resources to deliver a world-class managed service to its clients and reduce their overall risk.
Most importantly, Advantage is now able to completely stop an attack across all clients within 7 minutes of a suspected phish being reported.
