Vade, an email security specialist, has released Threat Intel and Investigation, an add-on to its flagship Vade for Microsoft 365 product.
Pinpointing Email Threats
The utility is designed to provide the integrations, intelligence and tools for security operations centers (SOCs) and managed service providers (MSPs) to investigate and respond to email-borne threats moving through networks.
Email is regarded as the top vector for cyberattacks. The San Francisco-based Vade’s M365 main solution is designed to catch advanced phishing, spear phishing and malware threats that bypass Microsoft's native security.
As Adrien Gendre, chief technology & product officer and Vade co-founder, explained:
"Email is the #1 vector for cyberattacks. Unfortunately, SOCs and MSPs don't always have visibility into how or when an email threat infiltrated their organization or how far it has spread throughout the network. The speed at which today's cyber criminals are working means that organizations cannot afford to lose precious time on incident response."
Vade Empowers SOCs, MSPs
The Threat Intel & Investigation add-on for Vade for M365 features five core capabilities designed to empower SOCs and MSPs to automate investigations, orchestrate responses and move swiftly to address live threats:
- File Inspector deconstructs files and attachments directly in the Vade for M365 interface without exposing administrators to risk. File Inspector reveals critical details about files and attachments, providing admins with the data required to make faster decisions, cross-check threats across networks and accelerate incident response across affected endpoints and users.
- Log Export injects live email and event logs into any security management system, a powerful two-way integration powered by the Vade for M365 API. Connect Vade's email threat intelligence into your organizations' SIEM or SOAR to trigger automation playbooks and enhance your disaster recovery program.
- Reported emails automates collection of user-reported emails and clusters similar, unreported emails in one dashboard, speeding user-based incident response and eliminating time-consuming, manual investigations. You can receive alerts when users report emails via Outlook and quickly triage and remediate reported emails, similar emails, and forwarded emails with one click.
- Download emails/attachments provides access to raw email intelligence for objective evaluation by threat analysts, saving precious time and resources that are typically wasted on searching for and analyzing raw email data.
- Add-on for Splunk integrates Vade for M365 with Splunk without the need for custom software development. Vade's threat intelligence combined with Splunk's SIEM and SOAR capabilities provide better visibility into the threat landscape and actionable insights with which to orchestrate rapid responses.