Avanan's Incident Response-as-a-Service (IRaaS) uses our team of highly-trained, Tier 2 security analyst experts to review end-user requests to release emails from quarantine and take proper remediation action. 

  • Allow your IT team to focus on vital, immediate tasks instead of handling email requests; Avanan’s experts are available 24/7 and remediate requests within 30 minutes, often in less than 10
  • Happens real time within the SLA, and focuses on both missed attacks and false positives

The Avanan Incident-Response-as-a-Service (IRaaS) leverages our team of experts to manage end-user reports of suspicious emails and requests to release quarantined emails. Every time a user reports a suspicious email or asks to have a quarantined email released, the request goes to our highly trained team of experts, instead of to your in-house team. We're available 24/7 so there is no need for your team to be on call on weekends or during off-hours.

Your IT team spends nearly a quarter of their time dealing with email threats, much of it centered around end-user requests. Avanan’s team alleviates that burden, so that your IT team is free to respond to urgent needs and can better carry out the job of protecting your entire organization.

 If you work in the SOC and you're reading this, you know just how much of a pain it is to remediate or review emails. It takes time and energy you don't have.

If you're not in the SOC, these numbers should serve as a wake-up call.

  • One company spends 812 hours a year reviewing suspicious email reports from end-user. That's 33 full days. 
  • Another company spent 846 hours a year. That's 35 full days. 
  • A third organization spent 879 hours a year. That's 36 full days. 
  • A fourth company spends 2,500 hours a year. That's 104 full days. 


This is an unsustainable approach for SOC employees. It explains why 60% of SOC employees are considering leaving the job or changing careers altogether because of burnout.

Consider the story of this large organization. Per month, while using a gateway solution, they reviewed an average of 651 end-user review requests. Their two SOC members could only get to about 60% of these requests. With Avanan, however, the number was reduced to just three reviews per month. That gave the engineering staff so much more time to spend on urgent issues across the entirety of their job description. 

The Benefits

Avanan's IRaaS eliminates the avalanche of email tickets that steals valuable time from your help desk and security teams. The average email takes about seven minutes to properly investigate and remediate. When email threats snowball, this becomes untenable for already overworked SOC employees. 

Avanan’s experts are on-call 24/7, focusing solely on end-user requests. This allows us to treat every ticket as high priority and urgent, meaning we can resolve them within 30 minutes—and often in less than 10.

The Avanan Advantage

For years, Avanan's data scientists have been analyzing user phishing reports and release-from-quarantine requests to help train our machine-learning algorithms. Beyond that, Avanan integrates with Check Point's ThreatCloud, the world's largest threat data lake, for even more data to train the AI on from across the spectrum of network, firewall, mobile and more. Over the years, this specialized team has become highly efficient, using specially designed tools to evaluate each email to determine if it's phishing or false positive.

Avanan’s IRaaS provides full transparency, attaching the decision to a real person with a real name, giving you the same convenience of automation, but with experts making the decision. In addition, Avanan’s can focus on false positives in addition to missed phishing. This all happens within the UI, as part of our patent-pending buttons in O365 and Gmail or our existing report phishing buttons.

How it Works

There are two workflows within Avanan's IRaaS:

User Reported Suspicious Emails:

If a user thinks an email is suspicious, all they have to do is press "Report as Phishing", just as they would today. The only difference is that it opens a ticket in our system for our analysts to review. Our experts review the email and then choose from a variety of actions, such as:

  • Releasing from quarantine
  • Creating Allow Lists
  • Creating Block Lists
  • Marking as phishing
  • Cross-customer mitigation

Request Release from Quarantine

If a user is notified that an email was quarantined as malicious or phishing, they can request an investigation to ensure that it wasn't a false positive. In this case, Avanan does the investigation and remediates as necessary.

The end-user request is presented within the UI, and there are no changes to user behavior. Avanan will also provide a weekly report, with a summary of requests and a breakdown of actions taken.


With employees monitoring multiple services and applications, often working from home with the rest of life running around them, it can be hard to detect what’s malicious or not. This can be particularly tricky when it’s an internal threat, which some employees may mistake for something with a legitimate business purpose.

Deciding which emails are legitimate or false positives is time consuming, and leaves your IT team ignoring other potential threats.

Take it out of your company’s hands. Avanan’s IRaaS leverages our team of experts to make the right decision on end-user reports, all within the SLA, keeping you protected and your IT team with more time to focus on keeping your organization safe.