• Avanan is introducing Incident Response-as-a-Service (IRaaS), using our team of highly-trained experts to review end-user requests to release emails from quarantine and take proper remediation action
  • Allow your IT team to focus on vital, immediate tasks instead of handling email requests; Avanan’s experts are available 24/7 and remediate requests within 30 minutes, often in less than 10
  • Happens real time within the SLA, and focuses on both missed attacks and false positives
  • Soon will extend to all SaaS apps

The Avanan Incident-Response-as-a-Service (IRaaS) leverages our team of experts to manage end-user reports of suspicious emails and requests to release quarantined emails. Every time a user reports a suspicious email or asks to have a quarantined email released, the request goes to our highly trained team of experts, instead of to your in-house team. We're available 24/7 so there is no need for your team to be on call on weekends or during off-hours.

Your IT team spends between 15-25% of their time dealing with email threats, much of it centered around end-user requests. Avanan’s team alleviates that burden, so that your IT team is free to respond to urgent needs and can better carry out the job of protecting your entire organization.

The Benefits

Avanan's IRaaS eliminates the avalanche of email tickets that steals valuable time from your help desk and security teams. Even if one email takes only a few minutes to remediate, the combination of multiple user requests along with other IT duties makes it untenable.

Avanan’s experts are on-call 24/7, focusing solely on end-user requests. This allows us to treat every ticket as high priority and urgent, meaning we can resolve them within 30 minutes—and often in less than 10.

The Avanan Advantage

For years, Avanan's data scientists have been analyzing user phishing reports and release-from-quarantine requests to help train our machine learning algorithms. To prevent training our AI on bad data, our scientists built a team to review each request using the full suite of tools at their disposal. Over the years, this specialized team has become highly efficient, using specially designed tools to evaluate each email to determine if it's phishing or false positive.

"Support requests are answered in minutes as opposed to hours or days with some vendors."
Gartner Peer Insights
Enterprise Systems Manager, Media

Other providers, like Proofpoint TRAP or Microsoft ATP2, offer similar services; however, they are done on an automated basis with little transparency. Avanan’s IRaaS provides full transparency, attaching the decision to a real person with a real name, giving you the same convenience of automation, but with experts making the decision. In addition, Avanan’s can focus on false positives in addition to missed phishing. This all happens within the UI, as part of our patent-pending buttons in O365 and Gmail or our existing report phishing buttons.

How it Works

There are two workflows within Avanan's IRaaS:

User Reported Suspicious Emails:

If a user thinks an email is suspicious, all they have to do is press "Report as Phishing", just as they would today. The only difference is that it opens a ticket in our system for our analysts to review. Our experts review the email and then choose from a variety of actions, such as:

  • Releasing from quarantine
  • Creating Allow Lists
  • Creating Block Lists
  • Marking as phishing
  • Cross-customer mitigation

Request Release from Quarantine

If a user is notified that an email was quarantined as malicious or phishing, they can request an investigation to ensure that it wasn't a false positive. In this case, Avanan does the investigation and remediates as necessary.

The end-user request is presented within the UI, and there are no changes to user behavior. Avanan will also provide a weekly report, with a summary of requests and a breakdown of actions taken.

In the future, Avanan will also release this service to all SaaS apps, as well as introducing a release from all quarantine option, which includes ATP.


With employees monitoring multiple services and applications, often working from home with the rest of life running around them, it can be hard to detect what’s malicious or not. This can be particularly tricky when it’s an internal threat, which some employees may mistake for something with a legitimate business purpose.

Deciding which emails are legitimate or false positives is time consuming, and leaves your IT team ignoring other potential threats.

Take it out of your company’s hands. Avanan’s IRaaS leverages our team of experts to make the right decision on end-user reports, all within the SLA, keeping you protected and your IT team with more time to focus on keeping your organization safe.

Learn how to free up your IT team by watching our Webinar
View Recording