RPA at PhishLabs: How Automation Benefits a Busy Cybersecurity Team

 

 

For the team at Fortra’s PhishLabs, a digital risk protection and external threat intelligence solution, their ultimate goal is helping their clients protect their enterprise, customers, and brands from bad actors.  And when it comes to cybersecurity and mitigating threats, time is of the essence. But as their client list grows, so does the PhishLabs team’s to-do lists. As a security operations center, PhishLabs was looking for a way to scale their operations as they took on more business. 

“We have a smart group of cybersecurity professionals spending too much time on repetitive manual tasks,” Elyse Neumann, Senior Director of Security Operations at PhishLabs says. “And we want them to be focused on applying their expertise to more high-value work.” To close this gap, they searched for a solution that would boost their team’s productivity without increasing labor costs. 

Choosing the Right Processes to Automate

As part of the Fortra family, PhishLabs looked within the portfolio and partnered with Automate, Fortra’s robotic process automation (RPA) solution to streamline the repetitive manual tasks that were bogging down their workloads. “We started by prioritizing our work through an analysis of what each process cost, what each person was doing, and why it cost that much,” Neumann says. “We ranked which was the highest priority and what could be automated the fastest to help clients and team members alike.” 

After analyzing the tasks across every service line within PhishLabs, they decided to start their RPA journey with their threat mitigation specialists (TMS). Part of the work of the TMS team is taking down malicious sites across their clients' digital channels and monitoring if the threat is offline or still active and needs further attention. But with thousands of sites to monitor, manually confirming that each open incident is mitigated, became a herculean task for their team. 

Streamlining Manual Tasks with Robust RPA Capabilities

Now Automate determines if a site is down so the TMS team can keep their focus on protecting clients from cyber criminals. When the team requests a site to be taken down, Automate verifies it and then closes out the incident in their system thanks to powerful capabilities like GUI and web browser automation, and the ability to run custom PowerShell scripts. RPA bots look at open incidents within the PhishLab’s system, and then go out to each webpage to see if there’s content. If there’s no content present and the bots don’t see a DNS record, they go back into the system, close the incident, and move on to the next. 

The Automate bots are able to closely mimic human interactions on websites, which is extremely valuable for this type of project. Some of the most malicious threat types—crypto scams and counterfeits—are found among social channels. And Automate lends a robotic hand there as well, using OCR and image recognition to help the team confirm mitigation of threats on YouTube without creating any false positives.  

“The image recognition and UI interactions in Automate were particularly helpful – especially when dealing with legacy systems that do not have APIs,” Neumann says. “And the useability and intuitiveness of Automate made it especially easy to build automation.” 

 

Empowering Cybersecurity Professionals with a Digital Workforce 

A common concern in the age of automation is how a new tool will affect the human workforce. “The initial reaction when we said we were going to be using automation was ‘does this mean we’re not going to have a job?’ which was absolutely not true,” Neumann says. “Our goal was to never reduce headcount but to get our resources back time so they can provide more value to our clients.” 

The staff at PhishLabs needed more time for greater productivity—and Automate delivered. On average, Automate bots close about 135 incidents a week. And with their initial RPA project, the TMS team has saved 23 hours closing domain incidents, and an astounding 93 hours from YouTube incidents. Now PhishLabs isn’t just saving time but saving money by giving RPA bots the repetitive tedious work that was holding the team back. And the benefits also extend to their clients by delivering faster shutdown times and enabling the TMS team to focus on taking down other active malicious sites.   

“You don’t hire analysts to do rote tasks, you hire them to apply their expertise,” Neumann says. And with Automate’s easy-to-use features, the humans of PhishLabs have found a great partner in their new digital coworkers. Automate was so easy to learn, that individuals in Operations were able to automate numerous tasks themselves and release into production. 

 

Building an Automation Center of Excellence for Further Success 

With a few quick wins already in the books at PhishLabs, they’ve embraced an automation center of excellence (CoE) framework to expand their footprint and increase their ROI. They’ve put together a dedicated team to keep their automation growing with a long list of processes in their prioritization queue—including closing even more social incidents on Twitter and Facebook. But they’re not going to stop just with the TMS team. 

“With our automation CoE, we’re now working with other departments beyond our own,” Neumann says. “For example, we can now save about 20 hours per week on report generation, and trickle it down into other business units.” 

 

What Security Tasks Can RPA Bots Take Off Your Plate?

Take a closer look at robotic process automation and discover the benefits RPA can bring to your cybersecurity and broader organization. 

LEARN MORE