Cofense Logo - Email Security Solutions

Cofense Unveils Automated Phishing Detection and Response Capability

Share Now


Leesburg, Va. – Dec. 21, 2020Cofense, the leading provider of phishing detection and response (PDR) solutions, today announced new product innovations to Cofense Vision. Most notably, the addition of an Auto Quarantine feature that identifies and automatically removes malicious emails from recipients’ inboxes – often before users see or have a chance to open them, based on our knowledge of similar threats in other customer environments. This high degree of automation significantly reduces the time to identify and resolve attacks, provides protection from threats that bypass Secure Email Gateways (SEGs) every day, and lessens a security analyst’s time spent hunting malicious email. Auto Quarantine is powered by the Cofense Intelligence™ network of Cofense researchers, the Phishing Defense Center® (PDC) team of analysts, and millions of people around the world identifying and reporting suspected phish. 

How it Works

The Cofense team closely monitors the threat landscape and is able to leverage a global network of over 25 million human sensors identifying and reporting on suspicious emails, and a team of advanced researchers and intelligence analysts to create an unparalleled view of threats happening in real time around the world. The moment a threat is identified, Cofense analysts generate an Indicator of Compromise (IOC) tuned to stopping that threat. With Vision’s Auto Quarantine feature, these IOCs are used to identify malicious emails that have bypassed the SEG seconds after they are received. When a match is found, the email is auto quarantined where it can then be examined and if appropriate, removed permanently. Current Cofense Vision users are observing several such threats as being automatically addressed every day, thus significantly reducing the window of vulnerability to active email-borne threats like ransomware, business email compromise (BEC), malware attacks, and credential theft. 

Cofense Vision with Auto Quarantine Proven Effective in Enterprise Organizations  

Fortune 500 Retail Organization:

A large retail customer was an early adopter of Cofense Vision with Auto Quarantine. The account team provided an email to the customer with a recently identified public malicious phishing link. The email completely bypassed all of the existing email security controls. But within seconds, and before the recipient could open the email, Vision identified the email as a threat and auto quarantined it. This happened without any human intervention.

Large, Full-service Mortgage Provider:

This enterprise organization deployed Vision with the new Auto Quarantine feature across its organization. During the first week, Vision identified six separate phishing campaigns. Each of these campaigns contained approximately 500 phishing emails that had bypassed existing email security technology and made it to recipient inboxes. The Vision Auto Quarantine functionality immediately quarantined the thousands of emails without analyst interaction and before a recipient could open the email, quickly and effectively reducing risk to the organization. Prior to Vision, the team did not have visibility into the extent of phishing campaigns nor any systematic way to identify and remove them.  

Global Construction Company:

When this global construction company enabled Auto Quarantine, they saw an immediate impact. A phishing campaign disguised as a Microsoft Teams invite to a holiday party appeared shortly after Auto Quarantine was configured. The email was immediately identified as a phishing campaign and over 200 emails were auto quarantined. After the initial detection, the company continued to be targeted with the same phishing campaign and the auto quarantine functionality in Vision has continued to detect and remove several dozen more attacks.  

“Phishing threats are human-developed, which is why Cofense is helping organizations ‘out-human’ the phishing threat. By continuously updating our solutions with capabilities to remove real-world threats before anyone in the organization even sees them, Cofense is greatly reducing the risk of a phishing attack,” says Aaron Higbee, Co-Founder and CTO of Cofense. “With the newest version of Cofense Vision, organizations can immediately operationalize Cofense’s indicators of compromise and automatically remove malicious email from an environment even before a team member tags them as suspicious. Customers are quickly adopting Auto Quarantine for its effectiveness in stopping threats that bypass SEGs, and for delivering immense productivity gains for SOC and IR teams.”

To learn more about Cofense’s PDR platform, designed to deploy as an integrated suite of products or delivered as a comprehensive managed PDR service through the Cofense Phishing Defense Center (PDC), please visit

About Cofense
Cofense® is the leading provider of phishing detection and response solutions. Designed for enterprise organizations, the Cofense Phishing Detection and Response (PDR) platform leverages a global network of over 25 million people actively reporting suspected phish, combined with advanced automation to stop phishing attacks faster and stay ahead of breaches. When deploying the full suite of Cofense solutions, organizations can educate employees on how to identify and report phish, detect phish in their environment and respond quickly to remediate threats. With seamless integration into most major TIPs, SIEMs, and SOARs, Cofense solutions easily align with existing security ecosystems. Across a broad set of Global 1000 enterprise customers, including defense, energy, financial services, healthcare and manufacturing sectors, Cofense understands how to improve security, aid incident response and reduce the risk of compromise. For additional information, please visit or connect with us on Twitter and LinkedIn.

Media Contact

[email protected]


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.