Cofense - Security Awareness Training & Email Threat Detection

Keeping You Ahead of Phishing Attacks with SEG-Evasion Based Threat Intelligence

Share This Article

By Mollie MacDougall

As much as the phishing threat landscape continues to evolve and innovate, older phishing tactics continue to provide easy wins for threat actors and reach end user mailboxes. At Cofense, we see a mix of new and unique phishing campaigns as well as those that leverage tactics, techniques and procedures (TTPs) that have been around for years.

Cofense has long been dedicated to confronting the painstaking truth that secure email gateways (SEGs) cannot and do not protect against all types of phishing attacks all of the time, no matter how ‘advanced’ their ML, AI or other detection models. There is always a balance between protection and ensuring potentially legitimate emails, critical to daily business operations, are not blocked. While SEG vendors, such as Proofpoint, Microsoft, Symantec, and Mimecast (to name a few) are constantly playing whack-a-mole in a reactionary manner to new and innovative tactics used by attackers, it is next to impossible for them to block and defend against attackers that continue to use known and legitimate services.  This is a truth that attackers know and exploit every. single. day.

This is why we have worked with organizations across all sectors and regions to identify, report, and action phishing campaigns that successfully reach inboxes. Whatever the size or focus of your business, you are unfortunately a target of phishing threat actors.

And while it is true that no silver bullet network defense technology exists to solve the problem of phishing, there are steps that we can take to ensure that we are proactively defending against emerging phishing threats.

Cofense Intelligence provides organizations that visibility—specifically focusing on the phishing campaigns and tactics, techniques and procedures that are successfully evading secure email gateways and other perimeter defense technology to reach the employees they target.

At its core, threat intelligence is simply a decision-making tool for any organization. What network communications do we need to block? What malicious domains should our users never visit? How are threat actors deploying malware onto compromised systems, and how can our team ensure those delivery tactics are prevented or neutralized? It must be reliable, it must be relevant, and it must be actionable. These are the primary values underpinning Cofense Intelligence.

Our focus on phishing threats ensures our expertise. By prioritizing campaigns that are evading SEGs, we ensure that Cofense Intelligence is relevant and of high value to our customers. In vetting our intelligence – down to every individual indicator of compromise we send – we provide a feed that you can trust. And by delivering our intelligence by API, it can be easily consumed into the technology you already have and use to monitor your networks for suspicious activity, ensuring our intelligence is actionable.

We endeavor to support your organization’s phishing defense at every level, and we provide a range of strategic and trend-based reports to help you align your resources to combat the threats most likely to target your organization. As our analysts constantly analyze new phishing campaigns, we send verified campaign-based Intelligence via our API feed daily, helping you stay ahead of the threats as they evolve.
Cofense is currently offering 90 days of free access to Cofense Intelligence to eligible1 organizations. To sign up, visit:

1Eligibility requirements include, but are not limited to: the organization has not been a Cofense Intelligence customer within the past six months; the organization uses one of the following platforms – Anomali, EclecticIQ, RecordedFuture, ThreatConnect, ThreatQ, QRadar, Splunk, Demisto, Swimlane, Phantom, Minemeld.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.