Cofense’s Q2 2021 Phishing Review uncovered that, to no surprise, the volume of phishing emails is trending up year over year. More phishing emails means (hopefully) more emails sent to your security team to investigate and protect against. The importance of prioritizing and responding to those emails is more important than ever and Cofense Triage is a trusted partner in doing so. As one of our operators put it, “Triage enables analysts to easily investigate reported emails safely and efficiently. It has assisted in preventing numerous phishing campaigns.”
Here at Cofense we’re always listening and collaborating with our operators. Based on the feedback we’ve received, we’re excited to bring you the latest edition of Cofense Triage: Triage 1.23.
Cofense Triage 1.23 introduces the following new capabilities:
- Customizable report templates and automated sharing of reports
- Improved response and notification template editor and management interface
- Enhanced Cofense Vision integration experience
- Support for a variety of URL decoders
Do we have your attention? Great! Keep reading for details on each.
Report on what you want, how you want, when you want
Reporting on operational and proof of value metrics is critical to security professionals. Each organization has its own priorities and requirements, and needs the ability to quantitatively report on the value that the security software is providing to the organization.
In this latest release of Cofense Triage, we give operators and managers more reporting options with more than 20 key metrics and data visualization (charts, graphs, tables) available for each. Create templates with only the desired topics, determine the interval for automatic report generation or run ad hoc reports, and set the order for how Triage displays the report charts in an improved, interactive, reports interface.
Figure 1: Create Report Templates via an Easy-to-use Builder
And we didn’t stop there. Reporting on metrics is great, but sharing those insights is even better. Download the report as a Microsoft Excel workbook or a JSON object for sharing, or have Triage email the workbook to individuals or distribution lists.
This can happen at regularly scheduled intervals giving organizations the data they need to better understand their security program’s performance, saving valuable time through automated report generation and sharing.
Provide templated automated updates in real time as investigation happens
Getting all employees involved in an organization’s phishing prevention and response strategy is a big key to success. Once they’ve done their due diligence and reported a potential phish, sending updates to keep them informed could be the positive reinforcement they need. The days of this being time consuming and burdensome are gone. Now, send reporters automated response emails that include organizational-specific attributes displayed in a predictable and expected way – not require human intervention to make sense of things.
Figure 2: Keep Reporters Informed with Automated Responses
Additionally, send notifications to other technology support team members to keep them informed or request specific actions be taken based on investigative findings.
Figure 3: Set-up Team Notifications to Request Actions & Share Information
Responses and notifications are now unified into a single templates manager that includes an extensive list of potential variables you can add and a simplified editor that makes building a breeze. Gain a clear, at-a-glance understanding of the status of sent responses and notifications, and resend them if necessary.
Increase efficiency through less UI switching with improved Cofense Vision integration
Cofense Triage helps security teams find threats in phishing emails faster and Cofense Vision provides rapid search and mitigation actions once those threats have been identified. The power of these two products, Triage and Vision, provides the 1-2 punch security teams need when it comes to detecting, responding to, and preventing phishing attacks. This latest update to Triage makes it easier to leverage the power of Vision through a single-entry point for searching and quarantining emails with known bad indicators, all from the Triage user interface.
Figure 4: Navigate Through Vision-Provided Insights Directly from the Triage Interface
Previously, operators had separate entry points for Vision Queries and AutoQuarantine. Now, as shown above, Queries and AutoQuarantine pages are unified and streamlined – saving both time and the frustration that is often introduced when frequently switching from page to page.
Easily leverage the URL Decoder of your choice during analysis
Although Triage natively supports multiple URL decoders, analysis is powered by a variety of tools dependent on organizational preferences. Now, configure Triage to decode URLs from services other than the ones that Cofense currently supports by default (Cisco, Microsoft, Proofpoint, Symantec and, when configured in Triage, Mimecast). Use the solutions that your organization desires and don’t be limited by what the technology natively provides.
To learn more about Cofense Triage or to see these new capabilities in action, please request a demo at https://go.cofensestaging.wpengine.com/live-demo/.