Cofense SOARs above existing security orchestration and automation offerings

Global human-phishing defense leader introduces new phishing SOAR platform to quickly stop phishing attacks in progress more efficiently .

Cofense has introduced what it says is the industry’s first Phishing-Specific Orchestration, Automation and Response (SOAR) platform to help organisations identify and disrupt active phishing attacks in progress. The Phishing SOAR platform combines the power of improved Cofense Triage™ with a new product, Cofense Vision™ to improve the effectiveness and efficiency of phishing incident response efforts.

Recent news such as the ZeroFont exploit has demonstrated threat actors’ abilities to easily stay ahead of next-generation email security technology. Additionally, the FBI just announced Business Email Compromise (BEC) losses are expected to total $12.5 billion by the end of 2018. While it’s important for organisations to have a contextually-aware workforce of humans, security awareness alone isn’t enough to combat today’s top threats. By coupling human intuition with leading-edge technology, Cofense delivers an intelligence-fed Phishing SOAR platform designed to find and eliminate active phishing threats utilising fewer resources – even if the attacks bypass perimeter defenses.

Orchestrate and Automate Your Phishing Defense

Cofense Triage enables security teams to quickly stop phishing attacks in progress. By leveraging real-time, internally reported attack intelligence from conditioned users, Incident Response and Security Operations teams can assess, analyse, and remediate active phishing threats. Recent enhancements to Cofense Triage help organisations to respond to threats faster and using fewer resources by eliminating abuse mailbox noise and speeding the automation of responses with playbooks and orchestration across additional security platforms:

  • Orchestrate with API integrations and Noise Reduction: Cofense Triage seamlessly integrates with nearly two-dozen existing security solutions with out of the box integrations and offers a fully documented REST API to integrate with other solutions delivering an optimised security orchestration response. Additionally, Cofense Triage Noise Reduction uses an industry-leading spam engine to review, score, and categorise emails and cut down the noise to hunt threats faster.
  • Automate with Playbooks and Workflows: Tactics, techniques and procedures used by threat actors are often repeated by multiple adversaries, so the addition of Playbooks for Cofense Triage can define a set of criteria that when met, will execute a response to mitigate risk - IE: key notifications, new help desk tickets, proxy block requests and more. Now, Incident Responders can more efficiently and swiftly stop an attack in progress.

Speed Response and Mitigation of Active Attacks

Regardless of how much is invested in “next-generation” technologies, malicious emails still make it past perimeter and endpoint defense technologies. Cofense Vision helps mitigate identified threats and potential impact by determining where else that email is lurking within your organisation by storing, indexing, and enriching email messages for fast querying and quarantining before any damage occurs:

  • Find the entire phishing campaign and dig deeper. Cofense Vision Discover can quickly find all suspicious emails across an entire organisation. Messages can be queried based upon sender, subject and date, as well as the attachment name, attachment hash and more. As threat actors alter their techniques, operators can hunt and find attacks with similar patterns.
  • Remove malicious emails and end the threat. Once all of the messages within an organisation are discovered, Cofense Vision Quarantine makes it possible to quarantine the malicious messages in Microsoft Exchange and Office 365 from all user inboxes with one simple click.

“Our research demonstrates that silver-bullet security technologies don’t exist… It’s not a question of when an organisation will be phished, but rather how quickly and effectively can they respond to the threat,” said Aaron Higbee, co-founder and CTO of Cofense. “Nearly a decade ago, PhishMe® created the phishing simulation market to improve employee resiliency against phishing. With our evolution into Cofense, we are proud to continue to lead this space by introducing Cofense Vision, the newest component of our Phishing-Specific Orchestration, Automation and Response platform, to uniquely mobilise phishing-aware humans to disrupt attacks.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
73% of organizations lack automated patch management, and 62% experienced incidents involving exploitation of a vulnerability for which a patch was available but had not yet been deployed.
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with certain of its affiliates, “Clearlake”) to acquire the Company from Francisco Partners. Patrick Nichols, current CEO of Quest, will continue to lead the Company supported by the existing executive management team. Upon closing of the transaction, Clearlake will become the majority shareholder in Quest. The terms of the transaction were not disclosed.
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to help secure, isolate and recover data from a ransomware attack.
Aqua’s cloud native application protection platform becomes the only solution that protects cloud applications, their code, and their CI/CD infrastructure.
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities compared to legacy on-premises hardware and appliance-based models.