Cofense and Splunk SOAR: Enhancing Cybersecurity Visibility and Automation

March 24, 2023

Identifying and quarantining phishing emails that have bypassed secure email gateways is crucial to disrupting an attack and preventing a potential breach across the organization. Unfortunately, security teams rarely have the time or resources to fully protect against evolving phishing tactics. Secure email gateways can’t keep up with tactics designed to bypass malware prevention controls, employees inadvertently have their credentials stolen stemming from malicious emails, and the threat of ransomware from phishing hampers the business.

Every industry and organizations of all sizes face threats from phishing. No one is exempt!

Cofense analysts understand the challenge and leverage insights from a global network of millions of reporters who identify and report suspicious emails. Cofense Vision takes advantage of this actionable intelligence to search and automatically quarantine phishing threats even before they are reported, stopping a malicious attack in its tracks. Cofense’s high fidelity phishing indicators can be consumed in Splunk SOAR providing valuable intelligence and context to quickly identify phishing campaigns, allowing SOC teams to save time and make quick decisions against emerging and active threats.

Cofense is excited to announce a Cofense Vision integration with Splunk SOAR! This new application integration provides Splunk SOAR customers with phishing detection and response. By integrating Cofense Vision’s phishing search and quarantine into an application, security teams can run actions and execute automated playbooks. Cofense Vision supports complex queries allowing Splunk SOAR customers to find phishing campaigns based on domains, URLs, attachment names and hashes, and other elements frequently found in advanced phishing attacks.

This is integrated intelligent email security, fueled by Cofense!

Designed for reducing the time it takes for phishing detection and response, the Cofense Vision application can easily be installed with a few clicks. Cofense makes it easy for customers to leverage this formidable integration to automatically identify and group phishing campaigns and automatically quarantine email threats at scale, all within the Splunk SOAR console.

Let’s take a look at why this is so important for your email security program.

Together, Cofense Vision and Splunk SOAR enable your security and IT teams to automatically quarantine emails that evade detection. Cofense Vision’s intelligent email security solution supports adding custom IOCs, searching for email threats, and automatically quarantining threats matching IOCs. Identify and remove threats against credential compromise, ransomware, and malware in seconds. SOC teams will reduce their dwell time and better secure their organization against today’s most sophisticated attacks.

Outlined below, Cofense Vision’s application enables analysts to execute actions and playbooks outside of Cofense Vision’s UI to:

  • Automate phishing detection and response, matching actionable threat intelligence to discover and stop threats evading defenses.

  • Rapidly respond and quarantine email threats lurking in mailboxes and increase resiliency against new attacks with Cofense intelligent email security.

  • Automatically identify and classify email threats and demonstrate faster mean time to respond (MTTR).

  • Remediate credential theft, ransomware, and malware-based emails waiting to be opened in employees’ mailboxes, and without involving the email team.

  • Enable your threat hunting team with intelligence to find attackers and develop new blocking and remediation plans.

Cofense Vision and Splunk SOAR are powerful email security tools that enable organizations to gain visibility, reduce the time from detection to response, quickly investigate threats, automate incident response actions and ultimately reduce risk. Together they provide an integrated platform for automated threat management with improved accuracy and speed of identification that is essential in today’s threat landscape. With Cofense Vision and Splunk SOAR working together, you can ensure your organization has a comprehensive view into their environment so they can detect malicious activity faster than ever before. Contact us if you're interested in learning more about how our solutions work together with Splunk SOAR to protect your organization against cyberattacks.