Cofense SOARs above existing security orchestration and automation offerings

Recent news such as the ZeroFont exploit has demonstrated threat actors’ abilities to easily stay ahead of next-generation email security technology. Additionally, the FBI just announced Business Email Compromise (BEC) losses are expected to total $12.5 billion by the end of 2018. While it’s important for organisations to have a contextually-aware workforce of humans, security awareness alone isn’t enough to combat today’s top threats. By coupling human intuition with leading-edge technology, Cofense delivers an intelligence-fed Phishing SOAR platform designed to find and eliminate active phishing threats utilising fewer resources – even if the attacks bypass perimeter defenses.

Orchestrate and Automate Your Phishing Defense

Cofense Triage enables security teams to quickly stop phishing attacks in progress. By leveraging real-time, internally reported attack intelligence from conditioned users, Incident Response and Security Operations teams can assess, analyse, and remediate active phishing threats. Recent enhancements to Cofense Triage help organisations to respond to threats faster and using fewer resources by eliminating abuse mailbox noise and speeding the automation of responses with playbooks and orchestration across additional security platforms:

• Orchestrate with API integrations and Noise Reduction: Cofense Triage seamlessly integrates with nearly two-dozen existing security solutions with out of the box integrations and offers a fully documented REST API to integrate with other solutions delivering an optimised security orchestration response. Additionally, Cofense Triage Noise Reduction uses an industry-leading spam engine to review, score, and categorise emails and cut down the noise to hunt threats faster.
• Automate with Playbooks and Workflows: Tactics, techniques and procedures used by threat actors are often repeated by multiple adversaries, so the addition of Playbooks for Cofense Triage can define a set of criteria that when met, will execute a response to mitigate risk - IE: key notifications, new help desk tickets, proxy block requests and more. Now, Incident Responders can more efficiently and swiftly stop an attack in progress.

Speed Response and Mitigation of Active Attacks

Regardless of how much is invested in “next-generation” technologies, malicious emails still make it past perimeter and endpoint defense technologies. Cofense Vision helps mitigate identified threats and potential impact by determining where else that email is lurking within your organisation by storing, indexing, and enriching email messages for fast querying and quarantining before any damage occurs:

• Find the entire phishing campaign and dig deeper. Cofense Vision Discover can quickly find all suspicious emails across an entire organisation. Messages can be queried based upon sender, subject and date, as well as the attachment name, attachment hash and more. As threat actors alter their techniques, operators can hunt and find attacks with similar patterns.
• Remove malicious emails and end the threat. Once all of the messages within an organisation are discovered, Cofense Vision Quarantine makes it possible to quarantine the malicious messages in Microsoft Exchange and Office 365 from all user inboxes with one simple click.

“Our research demonstrates that silver-bullet security technologies don’t exist… It’s not a question of when an organisation will be phished, but rather how quickly and effectively can they respond to the threat,” said Aaron Higbee, co-founder and CTO of Cofense. “Nearly a decade ago, PhishMe® created the phishing simulation market to improve employee resiliency against phishing. With our evolution into Cofense, we are proud to continue to lead this space by introducing Cofense Vision, the newest component of our Phishing-Specific Orchestration, Automation and Response platform, to uniquely mobilise phishing-aware humans to disrupt attacks.”