{"id":16874,"date":"2025-11-18T07:15:33","date_gmt":"2025-11-18T07:15:33","guid":{"rendered":"\/cybersecurity-blog\/?p=16874"},"modified":"2025-11-18T07:28:07","modified_gmt":"2025-11-18T07:28:07","slug":"healthcare-mssp-success-story","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/","title":{"rendered":"Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN\u00a0"},"content":{"rendered":"\n<p>Scaling as a managed security provider can be a mixed blessing. Growth comes with more revenue, but also with increasingly high demands related to maintaining SLAs, quality, and compliance. For <a href=\"https:\/\/any.run\/mssp\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktomssplanding\" target=\"_blank\" rel=\"noreferrer noopener\">MSSPs<\/a> in healthcare, this pressure is intensified by regulations like HIPAA and NIS2, along with the striking cost of a single mistake.&nbsp;<\/p>\n\n\n\n<p>This was a challenge one of our clients, a mid-sized MSSP specializing in healthcare, had to face. As it expanded to support over a dozen hospitals, clinics, and labs with 2,000+ endpoints, their resources were thinning. &nbsp;<\/p>\n\n\n\n<p>We spoke with the organization\u2019s SOC lead about how they were able to reshape their workflow with <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>\u2019s solutions, and what brought them the most results.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Core MSSP Challenges: Overload and Compliance&nbsp;<\/h2>\n\n\n\n<p>The first topic we discussed was what the workflow was like initially and why the need for new solutions occurred. In their words, even with experts on board and acknowledged tools, occurring gaps were growing harder to fill:&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cIt [the workflow] wasn\u2019t that bad: we have a strong team and a SOAR platform by a well-known vendor. Teamwork was&nbsp;\u2013 and remains \u2013 our strong point. But as the client base grew, it became harder to maintain SLAs, which are pretty strict in healthcare. Tier 1 and 2 analysts were overwhelmed by an increased number of alerts coming from different customers.\u201d&nbsp;<\/p>\n<\/blockquote>\n\n\n\n<p>The analysts had to deal with hundreds of emails and URLs reported by clients each week, and the verification process was mostly manual. Some multi-step phishing cases required up to 40 minutes of analysis, as they required multiple tools and resources, or even custom virtual machines. The need for better triage solutions and prioritization protocols intensified.\u00a0<\/p>\n\n\n\n<p><strong>Key challenges:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Slow MTTR across multiple customers\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tier 1 analysts indicated roughly 20% closure rates\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Excessive escalations from Tier 1 to Tier 2\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Lack of automation in triage\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Struggles to maintain compliance\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Concerns that Come with Growth&nbsp;<\/h2>\n\n\n\n<p>After discussion, the company leaders came up with a plan to enhance the processes:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Introducing more automation in alert triage to reduce workload\u00a0<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Obtain higher-quality threat data for faster decision-making\u00a0<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Shifting from reactive to proactive defense\u00a0<\/li>\n<\/ol>\n\n\n\n<p>Some team members expressed concerns about introducing a new solution:&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201c\u201cWhat if we have to rebuild the workflow from scratch? What if automation fails to work as promised?\u201d \u2013 these are some of the questions the analysts raised. So we had to be selective [when choosing a solution]. We needed something flexible and easy to integrate.\u201d\u00a0<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Immediate Improvements with ANY.RUN\u2019s Interactive Sandbox&nbsp;<\/h2>\n\n\n\n<p>The MSSP launched the streamlining process by adding just one solution to the stack at a time. The choice fell on <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linksandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a>, as it offered a <a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity\/\" target=\"_blank\" rel=\"noreferrer noopener\">unique approach<\/a> to dynamic malware analysis:&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cIt stood out among other options with interactivity. Automation is powerful, but not always enough. Interactivity offered more depth and understanding of malware.\u201d&nbsp;<\/p>\n<\/blockquote>\n\n\n\n<p>The MSSP has been using the sandbox for one and a half years, mostly as a solution integrated in their SOAR. The automated mode helped effortlessly deal with overflowing low-priority incidents, even if they included multiple stages like hidden links, redirects, and CAPTCHAs.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"489\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-1024x489.png\" alt=\"\" class=\"wp-image-16883\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-1024x489.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-300x143.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-768x367.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-1536x733.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-2048x978.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-370x177.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-270x129.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen3-1-740x353.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN\u2019s sandbox enables automated detonation of complex attacks, e.g., including QR codes<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<p>Just in the past few weeks, multiple phishing campaigns were prevented through interactive analysis. Two of them involved common office tools used in medical institutions, such as OneDrive and Jotform:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"489\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-1024x489.png\" alt=\"\" class=\"wp-image-16884\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-1024x489.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-300x143.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-768x367.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-1536x733.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-2048x978.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-370x177.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-270x129.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen1-740x353.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>An email-based phishing campaign analyzed in Interactive Sandbox<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"489\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-1024x489.png\" alt=\"\" class=\"wp-image-16886\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-1024x489.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-300x143.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-768x367.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-1536x733.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-2048x978.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-370x177.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-270x129.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen4-740x353.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Another example of a phishing threat detonation in ANY.RUN\u2019s virtual machine<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<p>In SOC lead\u2019s words, concerns related to automation and integration didn\u2019t turn out to be justified:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\u201cThe integration worked much better than was expected. With minimal changes in the workflow, we achieved stronger results: Tier 1 analysts had far more capacity; analysis of both low- and high-priority incidents became easier. No manual VM unfolding, no tedious escalations.\u201d\u00a0<\/p><\/blockquote><\/figure>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nOver 1,700 MSSPs rely on ANY.RUN\u00a0<\/br>\n\nfor  <span class=\"highlight\">scalability without compromises <\/span>\n\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=mssp_healthcare_case&#038;utm_term=181125&#038;utm_content=linktoenterpriseform#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">More Results with Threat Intelligence &nbsp;<\/h2>\n\n\n\n<p>As part of a scheduled assessment of their infrastructure, the team was also shopping for new sources of threat intelligence. After a two-week trial, they decided to fully implement ANY.RUN\u2019s products into the existing workflows. &nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cWe were happy with the results ANY.RUN\u2019s sandbox brought, so it made sense to support resources we\u2019ve been using for a while with TI solutions from the same vendor.\u201d&nbsp;<\/p>\n<\/blockquote>\n\n\n\n<p><a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> and <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktofeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a> added a finishing touch to the new defense strategy. They brought outcomes like:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Real-time, high-confidence IOCs \u27a1\ufe0f Better preventative measures\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Broad threat monitoring \u27a1\ufe0f Early detection of attacks\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Threat context just a click away \u27a1\ufe0f Fast enrichment of isolated artifacts\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Behavioral data through sandbox analyses \u27a1\ufe0f New detection rules\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automation via SOAR integration \u27a1\ufe0f Effortless responses and ticket closure\u00a0<\/li>\n<\/ul>\n\n\n\n<p>Together, these solutions enabled the SOC to proactively hunt and neutralize threats before they could impact client operations.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Measurable Outcomes&nbsp;<\/h3>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-261\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"3\"\n           data-rows=\"6\"\n           data-wpID=\"261\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Solution\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Use Case\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"C1\"\n                    data-col-index=\"2\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Result*\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Interactive Sandbox\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Dynamic analysis of URLs\/files\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C2\"\n                    data-col-index=\"2\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        76% reduction in phishing triage time\u00a0(from 30-40 minutes to 4-7 minutes)\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Full visibility into malware behavior \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C3\"\n                    data-col-index=\"2\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Tier 1 closure rate increased from 20% to 70%\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TI Lookup\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Enrichment of IOCs with threat data context\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C4\"\n                    data-col-index=\"2\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        34% fewer false escalations\u00a0\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TI Feeds\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Expanded threat coverage with live threat intelligence in SOAR\u00a0\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C5\"\n                    data-col-index=\"2\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        45% improved MTTR and 55% fewer false positives \u00a0\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Early detection through monitoring of latest attacks on 15,000 companies\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C6\"\n                    data-col-index=\"2\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        20 seconds: average MTTD for phishing\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-261'>\ntable#wpdtSimpleTable-261{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-261 td, table.wpdtSimpleTable261 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p><em>*Based on the company\u2019s statistics after using ANY.RUN\u2019s solutions<\/em>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Phishing Campaign Case and Successful Mitigation&nbsp;<\/h2>\n\n\n\n<p>A recent incident illustrated the efficiency of the new workflow based on&nbsp;early detection and mitigation:&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cA couple of weeks ago, our analysts spotted a suspicious connection on a client endpoint. TI Lookup immediately showed that it\u2019s tied to a known malicious C2 server.\u201d&nbsp;<\/p>\n<\/blockquote>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"495\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-1024x495.png\" alt=\"\" class=\"wp-image-16887\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-1024x495.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-300x145.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-768x371.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-1536x743.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-2048x990.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-370x179.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-270x131.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/11\/screen2-740x358.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup connects isolated indicators with real live attacks in seconds<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cFor further insights, they browsed other analyses and saw a threat sample featuring phishing. The sandbox then helped uncover the entire attack chain; and retrieved IOC were used to refine detection rules.\u201d&nbsp;<\/p>\n<\/blockquote>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">95%<\/span> of SOCs speed up investigations<\/br>with TI solutions by ANY.RUN\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=mssp_healthcare_case&#038;utm_term=181125&#038;utm_content=linktoenterpriseform#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Meeting Healthcare\u2019s High Compliance Bar &nbsp;<\/h2>\n\n\n\n<p>Healthcare is a sector with real urgency and high regulatory demands. Acting as an MSSP in this industry requires auditability, transparency, and SLA adherence. The SOC lead noted that protocols and regulations that are common in healthcare industry became easier to fulfill with ANY.RUN:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\u201cSince we implemented new solutions, every investigation now comes with evidence and threat data, from MITRE tags to screenshots. This made reporting faster and extra work fell off our shoulders.\u201d\u00a0<\/p><\/blockquote><\/figure>\n\n\n\n<p>The MSSP is now driven by:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Faster triage across multiple customers\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Proactive and scalable threat detection strategy\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Decision-making supported by high-quality data\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Audit-ready evidence aligned with industry regulations\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion: From Reactive to Proactive Defense&nbsp;&nbsp;<\/h2>\n\n\n\n<p>By integrating ANY.RUN\u2019s Interactive Sandbox, TI Lookup, and TI Feeds, this MSSP built a proactive defense system. &nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cNeedless to say, we still work hard every day, but ANY.RUN gave us the tools to manage our daily tasks more effectively. More clarity and quick access to reliable information made all the difference. It lightened our load without taking away in quality.\u201d&nbsp;<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>Built for modern <a href=\"https:\/\/any.run\/mssp\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktomssplanding\" target=\"_blank\" rel=\"noreferrer noopener\">MSSPs<\/a> and <a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktenterpriseplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Enterprises<\/a>, <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> empowers analysts to deliver faster, deeper, and more transparent threat analysis for their clients.&nbsp;The <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linksandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> exposes full attack behavior,&nbsp;from process execution to network activity, enabling analysts to investigate incidents in real time and make confident, data-driven decisions.&nbsp;<\/p>\n\n\n\n<p>Cloud-based and ready out of the box, ANY.RUN supports Windows, Linux, and Android environments, streamlining multi-tenant operations without complex setup. Integrated <a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> and <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktofeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">TI Feeds<\/a> provide continuously updated, automation-ready IOCs for better detection, response, and reporting across all client environments.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=mssp_healthcare_case&amp;utm_term=181125&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">See how ANY.RUN can elevate your MSSP: start a 14-day trial today<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Scaling as a managed security provider can be a mixed blessing. Growth comes with more revenue, but also with increasingly high demands related to maintaining SLAs, quality, and compliance. For MSSPs in healthcare, this pressure is intensified by regulations like HIPAA and NIS2, along with the striking cost of a single mistake.&nbsp; This was a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16880,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[79],"tags":[57,10,34],"class_list":["post-16874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-customer-success","tag-anyrun","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>MSSP in Healthcare Streamlines Defense with ANY.RUN\u00a0<\/title>\n<meta name=\"description\" content=\"See how a healthcare MSSP boosted detection speed and reduced triage workload with ANY.RUN\u2019s sandbox and threat intelligence.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN\u00a0\",\"datePublished\":\"2025-11-18T07:15:33+00:00\",\"dateModified\":\"2025-11-18T07:28:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/\"},\"wordCount\":1260,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Customer Success Story\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/\",\"name\":\"MSSP in Healthcare Streamlines Defense with ANY.RUN\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-11-18T07:15:33+00:00\",\"dateModified\":\"2025-11-18T07:28:07+00:00\",\"description\":\"See how a healthcare MSSP boosted detection speed and reduced triage workload with ANY.RUN\u2019s sandbox and threat intelligence.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Customer Success Story\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/customer-success\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MSSP in Healthcare Streamlines Defense with ANY.RUN\u00a0","description":"See how a healthcare MSSP boosted detection speed and reduced triage workload with ANY.RUN\u2019s sandbox and threat intelligence.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN\u00a0","datePublished":"2025-11-18T07:15:33+00:00","dateModified":"2025-11-18T07:28:07+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/"},"wordCount":1260,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis"],"articleSection":["Customer Success Story"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/","url":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/","name":"MSSP in Healthcare Streamlines Defense with ANY.RUN\u00a0","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-11-18T07:15:33+00:00","dateModified":"2025-11-18T07:28:07+00:00","description":"See how a healthcare MSSP boosted detection speed and reduced triage workload with ANY.RUN\u2019s sandbox and threat intelligence.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-mssp-success-story\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Customer Success Story","item":"https:\/\/any.run\/cybersecurity-blog\/category\/customer-success\/"},{"@type":"ListItem","position":3,"name":"Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16874"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=16874"}],"version-history":[{"count":31,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16874\/revisions"}],"predecessor-version":[{"id":16920,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16874\/revisions\/16920"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/16880"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=16874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=16874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=16874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}