Updates to Cofense Vision Enable Operators to Squeeze More Value Out of Intelligence with Wildcard Matching and UX Improvements

Share Now


By Megan Horner, Sr. Product Marketing Manager

“The average click rate for credential phishing simulations in PhishMe customers in 2020 is 10.7%—meaning that during a real attack, almost 11 users out of 100 will likely click on the phish, potentially leading to compromise of their corporate credentials. The longer a malicious email stays in the inbox, the greater the chance of an erroneous click.” – Cofense 2021 Annual State of Phishing Report

What if you could automatically quarantine emails before they are even opened? By using both internal and external sources of threat data, Cofense Vision makes this a reality.

Security teams all over the world trust Vision to help protect their employees’ inboxes and that trust drives our focus on continuous product improvement. The latest improvements are now available in Vision 2.1.

Cofense Vision 2.1 introduces the following enhancements and benefits:

  • Automated IOC Wildcard Matching exponentially increases the visibility a URL from Cofense Intelligence provides
  • User experience improvements simplify the investigative and system management processes

Increase efficacy of your security program by staying ahead of dynamically changing IOCs

IOCs (indicators of compromise) are flags that help analysts understand that something nefarious is going on. Thanks to modern tools, the IOCs being used by attackers are extremely dynamic in nature – always evolving ever so slightly to evade detection.

To keep up with these slight changes that may have gone undetected before, we have introduced automated IOC Wildcard Matching to URLs shared from Cofense Intelligence to Vision. Intelligence teams can identify URLs that contain similar variable information and push the URLs to Vision for automated quarantine of associated emails. Now, each URL provides more value than before leading to an expected two-fold to ten-fold increase in the related IOCs being processed with Vision AutoQuarantine.

Traditionally, this process of identifying a URL as an IOC, completing a wildcard match exercise, and porting it to your security solution of choice for blocking has been very manual and disjointed. Vision automates this workflow behind the scenes, completing a process that previously took hours in just seconds.

Not familiar with IOC Wildcard Matching?

Let’s break this down. As an example, let’s say Cofense Intelligence has identified an attack that directs users to https://baddomain.com/thisisreallybad. With IOC Wildcard Matching, Cofense Intelligence applies a wildcard at the end of the URL making it possible to also match and AutoQuarantine the following URLs as well:

– https://baddomain.com/thisisreallybad/malware
– https://baddomain.com/thisisreallybad/credphish
– https://baddomain.com/thisisreallybad/spyware

Stop exponentially more threats by using Vision Wildcard Matching and AutoQuarantine to remove malicious emails from employee inboxes before they can cause issues.

Improvements in user experience with navigation and reporting enhancements

In the world of security, few things are worse than a technology solution with a user interface that is difficult to navigate. With our own team of Vision operators in the Cofense PDC (Phishing Defense Center), we appreciate that just as much as other security professionals. A continued focus on user experience has led us to the development of four new components to the Vision user interface. Each aspect was purpose-built to increase efficiency by minimizing the clicks required to take a desired action within the UI.

Now, Vision operators can:

  • Download logs directly from the dashboard for more visibility into usage and easier troubleshooting
  • Get more IOCs into Vision with the ability to manually import via an easy-to-use form

Figure 1: Simple-to-Use Form Makes Adding IOCs on the Fly a Breeze

  • Access recent searches right from the main navigation to quickly pick up where they left off