publishing date icon
October 22, 2021
read time icon
5 min. read

Key Takeaways From Hoxhunt's Instant Feedback Webinar

Author image
Eliot Baker
Senior Content Marketing Manager
facebook iconLinkedin iconTwitter icon
Post hero image

Hoxhunt Instant Feedback: Ready, player everyone!

We launched Hoxhunt in 2016 to transform the way enterprises train their employees against cybersecurity threats. We wanted to deliver an experience that most effectively reduces organizational risk, which meant motivating employees to continuously stay engaged and up-to-date with the latest threats. Now, with the release of Instant Feedback, we're taking that mission to the next level. Learn all about it in the on-demand Hoxhunt Instant Feedback Launch webinar with our CTO and Head of Product Marketing, below. By getting Instant Feedback on the real threats they report, users are constantly rewarded in real-time for protecting themselves and their organization against phishing attacks. As users up their security awareness game to new heights, their infosec teams upgrade their threat response and remediation capabilities--and organizations are more secure as a result. Win-win-win!

What powers Instant Feedback?

Leveraging our unique Machine Learning model, real phishing threats are both removed from the system and transformed into powerful micro-training experiences. Rather than losing threat reports into the ether, Hoxhunt breaks potential threats down into component threat indicators and presents them to users, enabling immediate granular insight into the potentially malicious emails. These carefully targeted micro-trainings motivate people to keep sharpening their skills at identifying and reporting threats.

Hoxhunt continuously trains a vast machine learning model, which contains hundreds of features and utilizes real-time data from hundreds of thousands of end-points globally on threats that have bypassed filtering solutions. Instant Feedback assesses the level of maliciousness of the reported threat with a breakdown of each threat indicator, such as detection of malicious payloads and suspicious wording, along with tips on attackers' latest tricks and tactics.

Reported threats are deconstructed and analyzed by our Response engine, evaluated by our online machine learning model, and then cross-referenced for matches with our threat database. The result is translated into a user-friendly dashboard format, including: maliciousness rating, detected threat indicators, and tips for preventing further risk. The Instant Feedback experience is fully integrated into the user’s normal workflow.

Why Instant feedback?

Instant Feedback enables a next-level training experience. Information security leaders understand the shortcomings and wastefulness of threat reporting as it stands today. Suspicious emails are reported and then often vanish into the ether, depriving security engineers of valuable threat insights and depriving users of the satisfaction of knowing whether they just caught a real phish.

Instant Feedback solves this problem with a mixture of human psychology and cutting edge technology. People are motivated to learn and report when they receive a sense of reward for their participation. Instant Feedback accomplishes that. It’s a hit of dopamine for a successful threat report, followed by a quick insight that makes the lesson stick. All without interrupting employee workflow.

Meanwhile, the infosec leader benefits from the power of our AI technology to know about real threats reported as a result of improved awareness, and respond accordingly to keep the organization secure.

The purpose of cybersecurity awareness training is to protect the organization against real threats. As Hoxhunt revolutionalized training, employees began reporting real threats at an unprecedented pace. This is, of course, the ideal outcome for infosec leaders. But employees themseslves sometimes felt a little left out after reporting real threats. They didn’t see the impact or feel rewarded for their great behavior. To motivate continued threat reporting, employees deserve instant feedback as to whether their reported threat was actually malicious, while also giving the SOC-team visibility into the threats their company are facing.

Transcript of introduction

Hi everyone my name is Karri Kurunmäki, I’m one of the cofounders of Hoxhunt and I’m also leading the new product commercialisation here at Hoxhunt. With us today we have the honour of having our CTO and Co-founder Pyry Åvist on the call as well.

As many of you might already know. we at Hoxhunt have substantial background in Machine Learning and AI driven solutions. In the past we’ve used this expertise to create the world’s first Special Purpose AI to train your employees to become resilient against the biggest threat within the cyber industry: phishing attacks. We’ve done this by creating a special purpose AI that is able to map out each one of your employees skill matrices in regards to phishing skill. We use our system to enable your employees to, first of all, recognize the phishing attacks they receive but no only that, we’ve used the system to reward your employees for their right behavior.

So what is the right behavior? Well, in order for any organization to understand if their technical protections have failed, their employees need to report any suspicious emails that have ended up to their inboxes. Only with this threat feed can any organization learn if their technical protections have already been breached. And this is why our system is rewarding your employees for reporting any suspicious emails that they have received. And indeed, this is the major milestone that our special purpose AI has been able to accomplish within our customers' employees' minds. We have been able to turn your human layer to an active sensor network, that gets triggered whenever it suspects something to be malicious. Now once we conquered this milestone we started asking for feedback, listening to our customers, asking: how do you like it? The answer was heard loud and clear.

They said, "You are able to incentivize our employees to report simulated attacks and that behaviour correlates strongly with the reporting of real emails as well." However, when a real threat email is reported, the employee rarely learns if the threat email report really was a true positive, a real malicious email. The employee doesn’t know if their actions resulted in them protecting the rest of their organization. So we formulated the problem statement to our brilliant engineering team. Can we use our strong background in AI development to revolutionize the feedback loop of not only our simulated emails but the real emails as well? Can we give instantaneous analysis and feedback to the employees when they are suspicious of an email that is not from Hoxhunt? Can we have an impact on not only the cost-side of any business, but actually have an impact on the top line of the business by enabling our customers employees with the ability to recognize whether they should act on a business-related email or not?

Subscribe to our newsletter