publishing date icon
May 31, 2023
read time icon
5 min. read

Make addressing reported threats easier with our new Incident Orchestration suite

Our email remediation product just got a major upgrade: address reported threats easier with Incident Orchestration.

Author image
Jukka Mäenpää
Post hero image

Table of contents

share this post

Employees who actively spot potential threats and report suspicious emails bless organizations with a strong culture of safe behavior. When security teams have a flood of threat reports coming in, it’s important to distinguish true malicious attacks from the noise. Otherwise, it may take longer to detect the most pressing attacks.

With Hoxhunt, our customers’ organizations become populated with expert threat detectors, so we're well aware of the reality security teams face with previously missed threats becoming uncovered at an increased rate.

This is why we created Incident Orchestration. It makes remediating large sets of reported emails easy and efficient, and organized.

Use orchestration so you can focus on mitigation

Discovering threats, assessing their maliciousness, gathering incident context and related events, prioritizing where to start. All these tasks are essential to understand and mitigate threats, but take so much time.

SOC analysts understand that technology cannot catch all sophisticated phishing attacks. By using computers to do what they do best, analysts can efficiently jump into ready-to-mitigate incidents and do that they do best. Automation, when aligned with people and processes, can let security teams focus on the dangerous attacks targeting their business.

Who doesn’t love more time for the most meaningful part of their job?

Incident Orchestration in Hoxhunt

The Hoxhunt platform approaches threat reports through incident creation. It clusters all related threats (whatever the amount!) into a single incident and analyzes the incident’s maliciousness. The platform also collects incident metadata and context like user actions (opening attachments, clicking links, etc), threat indicators, and spread across the Hoxhunt network. Incidents are then filtered into views prioritized for each organization’s threat landscape.

Set up workflows that make sense for you

If you're a SOC analyst, our systems do a lot of the heavy lifting for you to give you a headstart in addressing dangerous events. Hoxhunt also understands that security operations are different for everyone. Once your analyst is enabled to do their job, we get out of their way.

With Incident Orchestration, your security team can:

  • discover the incidents that matter by filtering views to match their threat landscape
  • immediately address pressing incidents through raised alerts and escalations
  • safely inspect and share investigation notes on incident emails
  • use Hoxhunt incident data in their preferred SOAR tools
  • close the feedback loop by responding to all users that reported an email
  • avoid false-positive reports by automatically blocking reports of suspicious, but legitimate, messages

Incident Orchestration is now in general availability in the Hoxhunt Respond module. Contact Hoxhunt’s customer success or request a demo to learn how Hoxhunt Respond can benefit your security operations and response.

About the author

After being spooked by learning about all the phishing techniques out there, Jukka is slowly regaining confidence in accessing his inbox. It helps that anything suspicious can be quickly reported to be checked by Hoxhunt’s systems and security teams.

Subscribe to All Things Human Risk

Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and evolving phishing threats in the ever-changing landscape.

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.