Mesa Systems

Location:

Western United States

Industry:

Logistics and Transportation

Solution:

ThreatTest

Deployment:

Outlook Plug-In and App

Results:

  • Decreased risk from phishing-related malware attacks
  • Saved IT two to three hours weekly
  • Automated investigation of suspicious emails
  • Removed uncertainty for employees with a quick response

ThreatTest Case Study

“With ThreatTest, we have that last layer of defense for the end user. Since we’ve implemented ThreatTest, end users can make sure email is legitimate at a click of a button. They don’t have to contact IT and wait for an answer, because they’ll get a direct response from the system within a few minutes.”

Steve Davidson

IT Director, Mesa Systems

Overview

Established in 1981 with offices located throughout the western United States, Mesa Systems is a world-class, full-service provider of residential, commercial, and logistics-based transportation solutions for businesses and individuals. Many of the world’s largest, most respected corporations rely on the company’s unwavering commitment to innovation, quality, and customer service to move their employees, offices, and industrial facilities—domestically and internationally—anywhere in the world.

The Challenge

Mesa Systems was experiencing an increase of phishing emails that were reaching employee inboxes and introducing the risk of a data breach. As phishing attacks increased, productivity slowed down while end users waited for IT to investigate the suspicious emails. “Phishing emails were getting more specific and sophisticated, and we worried that an employee might open one and cause serious damage,” said Steve Davidson, IT
Director at Mesa Systems.

While there are multiple layers of security to filter email as it enters Mesa Systems’ network, it’s still possible for some targeted phishing emails to slip through and get into employee in-boxes. For this reason, IT must rely on end users to determine whether an email is safe to open. But it’s not always easy to tell. “For instance,” said Davidson, “one area of the company was getting phishing emails that looked legitimate. They appeared to come from a customer, but the attachment was malicious.”

To help employees identify phishing emails, IT holds annual training to show them what red flags to look for. Then, IT sends mock phishing attacks to test them. If a user clicks on a couple simulated phishing emails, they’re required to take the security training again.

Human nature being what it is, some users were ignoring legitimate email because they didn’t want to make a mistake that would require them to take the training again. Others decided to play it safe and send every questionable email they received to IT to see if it was OK. While IT recognized the obvious threats, even they had to question some of the attachments.

“You can imagine the amount of time we spent investigating emails,” said Davidson. “It took about an hour per email to copy the attachment to a USB drive and then spin up a machine to test the file off network,” he explained. “That’s valuable time that IT could spend doing other things.”

The Solution

To accelerate suspicious email analysis and response, Mesa Systems implemented EdgeWave ThreatTest, an automated phishing incident reporting and response service that empowers end users to report suspicious emails directly from the inbox. ThreatTest runs on Microsoft Exchange 2013 or newer and Office365; it is deployed to end users as an Outlook plug-in, including Outlook App for Android and iOS devices.

“Since we’ve implemented ThreatTest, end users can make sure email is legitimate at a click of a button. They don’t have to contact IT and wait for an answer, because they’ll get a direct response from the system within a few minutes,” said Davidson

The Result

Increased Security and Productivity
ThreatTest closes the inbox security gap and provides a fast process for employees to report suspicious emails and receive research support—alleviating helpdesk resource constraints. According to Davidson, productivity for IT and end users has improved along with security. “With ThreatTest, we have that last layer of defense for the end user. All they need to do is submit the email to see whether or not it is valid.” End users receive automatic status updates within minutes.

IT depends on the automated machine learning and human analysis of the ThreatTest service to deliver the highest level of accuracy in threat detection and mitigation. ThreatTest quarantines suspicious emails during evaluation and immediately removes any malicious content from the inbox based on the global policy.

ThreatTest took a big load off IT. We don’t have to worry about every email or spend time investigating questionable attachments off network,” said Davidson. “ThreatTest saves IT anywhere from two to three hours a week.”

Centralized Management and Reporting
The ThreatTest reporting function allows IT to see everything. Administrators can receive notifications, and Davidson can receive customized reports via email or pull summary reports directly from the ThreatTest portal. “The reports show me what emails were submitted over the last few days,” he explained. “I can see which end users are being attacked and determine how well our security model is protecting us.”

Empowering End Users
The automated service helps increase employees’ security awareness and removes the uncertainty so end users can focus on their work. “When it comes to email security, end users are the weakest link,” said Davidson. “With ThreatTest we’ve strengthened that link to defend our network from malware.”