Cofense SOARs Above Existing Security Orchestration and Automation Offerings Leveraging Human-Intelligence to Stop Active Cyber Attacks

Share Now


Global human-phishing defense leader introduces new phishing SOAR platform to quickly stop phishing attacks in progress more efficiently 

Leesburg, VA – July 30, 2018 – Cofense™, the leading provider of human-driven phishing defense solutions worldwide, today announced the introduction of the industry’s first Phishing-Specific Orchestration, Automation and Response (SOAR) platform to help organizations identify and disrupt active phishing attacks in progress. The Phishing SOAR platform combines the power of improved Cofense Triage™ with a new product, Cofense Vision™ to improve the effectiveness and efficiency of phishing incident response efforts.

Recent news such as the ZeroFont exploit has demonstrated threat actors’ abilities to easily stay ahead of next-generation email security technology. Additionally, the FBI just announced Business Email Compromise (BEC) losses are expected to total $12.5 billion by the end of 2018. While it’s important for organizations to have a contextually-aware workforce of humans, security awareness alone isn’t enough to combat today’s top threats. By coupling human intuition with leading-edge technology, Cofense delivers an intelligence-fed Phishing SOAR platform designed to find and eliminate active phishing threats utilizing fewer resources – even if the attacks bypass perimeter defenses.

Orchestrate and Automate Your Phishing Defense

Cofense Triage enables security teams to quickly stop phishing attacks in progress. By leveraging real-time, internally reported attack intelligence from conditioned users, Incident Response and Security Operations teams can assess, analyze, and remediate active phishing threats. Recent enhancements to Cofense Triage help organizations to respond to threats faster and using fewer resources by eliminating abuse mailbox noise and speeding the automation of responses with playbooks and orchestration across additional security platforms:

  • Orchestrate with API integrations and Noise Reduction: Cofense Triage seamlessly integrates with nearly two-dozen existing security solutions with out of the box integrations and offers a fully documented REST API to integrate with other solutions delivering an optimized security orchestration response. Additionally, Cofense Triage Noise Reduction uses an industry-leading spam engine to review, score, and categorize emails and cut down the noise to hunt threats faster.
  • Automate with Playbooks and Workflows: Tactics, techniques and procedures used by threat actors are often repeated by multiple adversaries, so the addition of Playbooks for Cofense Triage can define a set of criteria that when met, will execute a response to mitigate risk – IE: key notifications, new help desk tickets, proxy block requests and more. Now, Incident Responders can more efficiently and swiftly stop an attack in progress.

Speed Response and Mitigation of Active Attacks

Regardless of how much is invested in “next-generation” technologies, malicious emails still make it past perimeter and endpoint defense technologies. Cofense Vision helps mitigate identified threats and potential impact by determining where else that email is lurking within your organization by storing, indexing, and enriching email messages for fast querying and quarantining before any damage occurs:

  • Find the entire phishing campaign and dig deeper. Cofense Vision Discover can quickly find all suspicious emails across an entire organization. Messages can be queried based upon sender, subject and date, as well as the attachment name, attachment hash and more. As threat actors alter their techniques, operators can hunt and find attacks with similar patterns.
  • Remove malicious emails and end the threat. Once all of the messages within an organization are discovered, Cofense Vision Quarantine makes it possible to quarantine the malicious messages in Microsoft Exchange and Office 365 from all user inboxes with one simple click.

“Our research demonstrates that silver-bullet security technologies don’t exist… It’s not a question of when an organization will be phished, but rather how quickly and effectively can they respond to the threat,” said Aaron Higbee, co-founder and CTO of Cofense. “Nearly a decade ago, PhishMe® created the phishing simulation market to improve employee resiliency against phishing. With our evolution into Cofense, we are proud to continue to lead this space by introducing Cofense Vision, the newest component of our Phishing-Specific Orchestration, Automation and Response platform, to uniquely mobilize phishing-aware humans to disrupt attacks.”

Cofense will be demonstrating their new Phishing SOAR platform at the Black Hat 2018 conference, taking place in the Mandalay Bay Convention Center in Las Vegas, Nevada on August 8-9, booth #936. Cofense Vision is expected to be available for customers in Q4 2018. To schedule a demo, please sign up at

For more information about Cofense Vision, please visit:

For more information about Cofense Triage, please visit:

About Cofense

Cofense™, formerly PhishMe®, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise. To learn more, visit

Read More Related Phishing Blog Posts


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.