Introducing ASA: The Autonomous Security Analyst for email

Some organizations see thousands of user-reporting phishing emails per day, which need to be manually investigated and resolved by security analysts. Investigations take time, so reports can sit for hours or even days before they’re reviewed. But even with exposed inboxes and high MTTR for user reports, security leaders struggle to justify the additional headcount or automation investment needed to address the growing volume of user reports efficiently and accurately.

Today, we're launching ASA, the Autonomous Security Analyst for end-to-end user report automation.

ASA automates user report investigations end-to-end, including detailed analysis and even replies to end users thanking them for their reports. ASA then resolves or remediates the report based on its analysis, much as a human analyst would, including quarantining malicious messages. Sublime intelligently groups similar messages together so ASA can remediate hundreds or even thousands of messages in a campaign based on a single user report.

ASA helps security teams at all levels

For security analysts overwhelmed by high volumes of user-reported messages, ASA reduces the number of manual reviews required per day. For analysts dealing with high volumes of benign messages (sometimes more than 80% of all reports), ASA means less time spent on user reports that aren't a threat.

For security managers struggling with undersized teams and oversized response times, ASA can lend a helping hand, providing auto-review, auto-resolution, and end-user replies normally handled by analysts. Additionally, ASA provides consistent verdicts, whereas different analysts on a team can review the same message and come to different conclusions.

For CISOs with budgetary constraints and difficulty sourcing security talent, ASA is an email security expert that comes standard with Sublime Enterprise. ASA enables busy security teams to be more proactive and to ultimately spend less time dealing with email.

Sublime gives a clear, top-level view of the work ASA is doing on your behalf:

ASA is an AI-powered security analyst

When enabled, ASA is invoked automatically on user reports, analyzing the message and returning a verdict along with a clear one-sentence summary and a full, detailed report.

ASA is a multi-model agent that directly uses numerous underlying Sublime models and services to conduct a thorough analysis much like a human analyst would, including a fine-tuned language model, computer vision model, Attack Score model, screenshot service, file explosion service, sender behavioral profile service, knowledge base, and much more. ASA then performs reasoning on this data and takes customizable actions to respond based on the verdict. In a future blog post, we’ll deep dive into how ASA works in more detail.

Add ASA to your team

ASA is inactive by default and can be set to passive or active mode. In active mode, ASA will analyze, triage, and remediate user reported messages end-to-end. In passive mode, ASA will simply analyze and alert on user reported messages, making it easy to assess ASA's effectiveness before fully activating it.

ASA is a privacy-preserving agent and absolutely no customer data is shared with third party model providers.

Here's how to see ASA in action today:

• Enable ASA in your Sublime Enterprise account by following these simple instructions
• Request a live demo of ASA
• Test out ASA in the free, public EML Analyzer by opening any sample message