POST: Email Archival, Processing and Flagging Stack for Incident Responders
This addresses the need for efficient email forensics for incident responders in organizations, though it appears incremental as it builds on existing NLP and ML methods.
The paper tackles the problem of email forensics for phishing incidents by proposing POST, a serverless workflow that archives, processes, and flags emails using NLP and ML, resulting in a cost savings of up to 68.6%.
Phishing is one of the main points of compromise, with email security and awareness being estimated at \$50-100B in 2022. There is great need for email forensics capability to quickly search for malicious content. A novel solution POST is proposed. POST is an API driven serverless email archival, processing, and flagging workflow for both large and small organizations that collects and parses all email, flags emails using state of the art Natural Language Processing and Machine Learning, allows full email searching on every aspect of an email, and provides a cost savings of up to 68.6%.