Managed Abuse Mailbox

Ensure quick action on unclassified email

Abuse mailboxes are a double-edged sword. They both reduce risk and create liability. Alert users can notify security teams to suspicious messages, providing the opportunity to catch and kill a threat before it takes hold. But the organization must then be able to certify that all end-user submissions have been reviewed and received a disposition—or be exposed to liability.

Proofpoint technology—namely, the combination of PhishAlarm, Email Warning Tags, Close-Loop Email Analysis and Response (CLEAR) and Threat Response Auto-Pull (TRAP)—serves a critical need. These tools automate analysis and remediation of many reported messages. But they cannot take definitive action on all.

These outliers fall into a bucket we call “NMR”: needs manual review. Depending on the size of your organization and the tuning of your tools, that bucket can quickly overflow. And the longer reported messages sit without a definitive classification, the longer a potentially malicious message could be live in your environment.

With our 24x7 Managed Abuse Mailbox service model, you can ensure that all manual reviews are completed quickly. In addition, our expertise ensures accurate classification and, when necessary, response and escalation. Our team:

• Executes against a six-hour SLO for new NMR submissions.
• Performs full threat analysis of non-machine-classified suspected malicious messages.
• Helps you define and build a custom runbook for handling malicious and suspicious messages.
• Follows agreed-upon processes if we uncover an active threat during manual review.

Free up resources and optimize your investment

Those who are dealing with a heavy load of NMR messages know the burden it places on their IT resources. But when abuse mailbox management is handled internally, there is little wiggle room. Personnel must be allocated to manual reviews to satisfy risk and compliance audits. This can divert attention from strategic initiatives. It can also frustrate cybersecurity workers, driving them to seek more interesting and engaging work elsewhere.

With Managed Abuse Mailbox, you can offload these necessary—yet tedious—tasks to our team. And you get far more than people hours, including:

• Consistent access to a team of highly skilled professionals who ensure no disruption to or lag in manual reviews.
• Expert tuning of Proofpoint TRAP and CLEAR to deliver peak performance.
• Tuning of NMR handling within TRAP to reduce the number of NMR dispositions.
• Budget predictability and stability via our simple and cost-effective annual fixed-fee charging model.

Receive comprehensive documentation and deliver feedback to users

Our team collaborates closely with your organization to ensure a comprehensive approach to abuse mailbox management. As part of our service delivery model, we provide:

• Documentation of abuse mailbox submissions, disposition trends and new tuning rules.
• Regular checkpoint meetings and status updates.
• The option to provide active feedback to employees who report suspicious-looking messages. Our templated replies keep them informed about the results of their efforts and provide active feedback.