Incident Response-as-a-Service

The Avanan Incident Response as a Service (IRaaS) leverages our team of experts to manage end-user reports of suspicious emails and requests to release quarantined emails. Every time a user reports a suspicious email or asks to have a quarantined email released, the request goes to our highly trained team of experts, instead of to your in-house team.
We're available 24/7 so there is no need for your team to be on call on weekends or during off-hours. Your IT team spends between 15-25% of their time dealing with email threats, much of it centered around end-user requests. Avanan’s team alleviates that burden, so that your IT and security teams are free to respond to urgent needs and can better carry out the job of protecting your entire organization.

The Benefits

Avanan's IRaaS eliminates the avalanche of email tickets that steals valuable time from your help desk team. Even if one email takes only a few minutes to remediate, the combination of multiple user requests along with other IT duties makes it untenable.

Avanan’s experts are on-call 24/7, focusing solely on end-user requests. This allows us to treat every ticket as high priority and urgent, meaning we can resolve them within 30 minutes—and often in less than 10.

The Avanan Advantage

For years, Avanan's data scientists have been analyzing user phishing reports and release-from-quarantine requests to help train our machine learning algorithms. To prevent training our AI on bad data, our scientists built a team to review each request using the full suite of tools at their disposal. Over the years, this specialized team has become highly efficient, using specially designed tools to evaluate each email to determine if it's phishing or false positive.

How it Works

There are two workflows within Avanan's IRaaS:

1 - User Reported Suspicious Emails:

If a user thinks an email is suspicious, all they have to do is press "Report as Phishing," just as they would today. The only difference is that it opens a ticket in our system for our analysts to review. Our experts review the email and then choose from a variety of actions, such as:

  • Releasing from quarantine
  • Allow Lists
  • Block Lists
  • Marking as phishing
  • Cross-customer mitigation

2 - Request Release from Quarantine:

If a user is notified that an email was quarantined as malicious or phishing, they can request an investigation to ensure that it wasn't a false positive. In this case, Avanan does the investigation and remediates as necessary.

The end-user request is presented within the UI, and there are no changes to user behavior. Avanan will also provide a weekly report, with a summary of requests and a breakdown of actions taken.

In the future, Avanan will also release this service to all SaaS apps, as well as introducing a release from all quarantine option, which includes ATP.

The Best Time to Start Using IRaaS is Today

With employees monitoring multiple services and applications, often working from home with the rest of life running around them, it can be hard to detect what’s malicious or not. This can be particularly tricky when it’s an internal threat, which some employees may mistake for something with a legitimate business purpose. Deciding which emails are legitimate or false positives is time consuming, and leaves your IT team ignoring other potential threats.

Take it out of your company’s hands. Avanan’s IRaaS leverages our team of experts to make the right decision on end-user reports, all within the SLA, keeping you protected and your IT team with more time to focus on keeping your organization safe. Contact us to start using Incident-Respsonse-as-a-Service today. It is a seamless addition to your current deployment. Your users will only notice the immediate response to their requests.

Ask Your Account Representative to Activate IRaaS

Fill out this form and your account representative will contact you about adding the IRaaS service to your current account. There is no risk or commitment. (Don’t have Avanan? Start a Trial Today!)