JB's email security challenge

Julius Bär has always made it a priority to protect customer communication as well as collaboration among its employees. In this sprawling undertaking, having a highly effective and reliable email security solution is crucial.

With an email volume of approximately 172’000 messages per day and a growing number of adversarial emails making it past the bank’s legacy Email Gateway, the company needed to act.

To cope with the incoming waves of phishing, fraud, and malware ridden emails, the bank sought solutions that could:

• Improve the detection capabilities and accuracy of inbound message filters.
• Equip employees with the tools to act as an early warning system when dealing with suspicious-looking messages.
• Streamline security workflows and processes by automating as much as possible.

The bank turned to xorlab to address its email security challenges and found the solution in xorlab's AI-powered email security platform.

The xorlab solution

xorlab analyzes the entire context in which a single exchange of messages is happening. It uses machine intelligence to understand the context of communications and leverages this knowledge to detect anomalies based on the risk profile of every email it processes. By understanding every individual sender-recipient relationship in the organization, xorlab is able to spot and stop targeted attacks.

xorlab's security ROI

Using xorlab as a second control behind its legacy gateway, the bank effectively prevented 51'768 cases of potential phishing, 78 cases of potential VIP fraud cases, and 185'145 spam messages in the last 3 months. Without xorlab’s inbound email protection solution, these threats would have been delivered to employees—a significant security risk.

Improved visibility and contextual knowledge did more than help capture threats that would have previously come through. They also reduced friction, allowing the security team to focus on actual threats instead of chasing false positives. Email false positives—safe emails incorrectly identified as malicious by security solutions—typically lead to Help Desk inquiries and reduce users’ productivity. xorlab did not produce any business critical false positives and provided highly accurate threat blocking.

Illustration 1. xorlab makes the entire incident response process faster and more efficient by allowing employees to report suspicious emails. It manages user submissions and can auto-resolve and provide instant feedback to approximately 90% of cases. It also alerts SecOps teams about the unresolved cases and enables them to investigate and respond to threats rapidly, with deep contextual data for each incident. SecOps teams can then send feedback to employees and update their security filters accordingly.

Turning employees into a powerful frontline defense

Furthermore, with xorlab, the bank has significantly improved the incident detection and response workflow by empowering its employees to quickly report suspicious emails. The integration of a simple reporting tool directly into Outlook and automatic contextual feedback, together with regular phishing tests and security awareness campaigns, increased the number of reports from 17’000 (2019) to an estimated 53'000 (2024).

Employees are now helping the security team discover potential attacks and threats related to third-party risks. The banking group has seen an almost 4-fold increase in the number of cases that required specialist analysis (+375%), and 247% more threats could be identified.

The same newfound, in-depth visibility also made it easier for the team to analyze, triage and respond to employee reported emails more efficiently. Security analysts have all the data at their fingertips to decide on a case quickly. Any issue that arises can be instantly inspected and acted on. This increases their productivity and reduces SecOps costs significantly. The bank’s cost per decided case went down from more than €29 to below €7, which amounts to a 431% increase in analyst efficiency.

In addition, with Abuse Mailbox Automation, the SOC team can now fully enjoy the benefits of automated workflows—which will help to further reduce costs. A high volume of user-reported email threats usually means a lot of manual and repetitive work, possibly missing threats, and longer triage and response times. But this is no longer an issue for the bank’s security analysts. xorlab allows them to automatically collect employee-reported emails, group them into campaigns, and analyze and rank them according to threat risk, thus making the incident response process seamless.

In xorlab, the organization found the comprehensive, reliable protection it needed for its email users, across all email threats. The security team can now better understand the risks they face and respond to threats faster.