Make addressing reported threats easier with our new Incident Orchestration suite

Our email remediation product just got a major upgrade: address reported threats easier with Incident Orchestration.

Post hero image

Table of contents

See Hoxhunt in action
Drastically improve your security awareness & phishing training metrics while automating the training lifecycle.
Get a Demo
Updated
August 28, 2024
Written by
Maxime Cartier
Fact checked by

Employees who actively spot potential threats and report suspicious emails bless organizations with a strong culture of safe behavior. When security teams have a flood of threat reports coming in, it’s important to distinguish true malicious attacks from the noise. Otherwise, it may take longer to detect the most pressing attacks.

With Hoxhunt, our customers’ organizations become populated with expert threat detectors, so we're well aware of the reality security teams face with previously missed threats becoming uncovered at an increased rate.

This is why we created Incident Orchestration. It makes remediating large sets of reported emails easy and efficient, and organized.

Use orchestration so you can focus on mitigation

Discovering threats, assessing their maliciousness, gathering incident context and related events, prioritizing where to start. All these tasks are essential to understand and mitigate threats, but take so much time.

SOC analysts understand that technology cannot catch all sophisticated phishing attacks. By using computers to do what they do best, analysts can efficiently jump into ready-to-mitigate incidents and do that they do best. Automation, when aligned with people and processes, can let security teams focus on the dangerous attacks targeting their business.

Who doesn’t love more time for the most meaningful part of their job?

Incident Orchestration in Hoxhunt

The Hoxhunt platform approaches threat reports through incident creation. It clusters all related threats (whatever the amount!) into a single incident and analyzes the incident’s maliciousness. The platform also collects incident metadata and context like user actions (opening attachments, clicking links, etc), threat indicators, and spread across the Hoxhunt network. Incidents are then filtered into views prioritized for each organization’s threat landscape.

Animation depicting how icident orchestration works

Set up workflows that make sense for you

If you're a SOC analyst, our systems do a lot of the heavy lifting for you to give you a headstart in addressing dangerous events. Hoxhunt also understands that security operations are different for everyone. Once your analyst is enabled to do their job, we get out of their way.

With Incident Orchestration, your security team can:

  • discover the incidents that matter by filtering views to match their threat landscape
  • immediately address pressing incidents through raised alerts and escalations
  • safely inspect and share investigation notes on incident emails
  • use Hoxhunt incident data in their preferred SOAR tools
  • close the feedback loop by responding to all users that reported an email
  • avoid false-positive reports by automatically blocking reports of suspicious, but legitimate, messages
Hoxhunt's Incident Orchestration Dashboard

Incident Orchestration is now in general availability in the Hoxhunt Respond module. Contact Hoxhunt’s customer success or request a demo to learn how Hoxhunt Respond can benefit your security operations and response.

About the author

After being spooked by learning about all the phishing techniques out there, Jukka is slowly regaining confidence in accessing his inbox. It helps that anything suspicious can be quickly reported to be checked by Hoxhunt’s systems and security teams.

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this