Cofense Logo - Email Security Solutions
  • Stop Threats

    End-to-End Email Security

    Defend your organization with a complete email security solution designed to identify, protect, detect & respond to threats.

    Security Awareness Training

    Condition your workforce against today’s latest threats and transform them into your front line of defense.

    Global Intelligence Network

    Protect your organization with our deep analysis into the current threat landscape and emerging trends.

    Cofense vs. The Competition

    See why the Cofense Intelligent Email Security suite stands out against the competition 

    Business Email Compromise (BEC)

    BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud. Ensure your business is protected.

    Ransomware & Malware

    Phishing is the #1 attack vector for ransomware attacks. Stop phishing attacks in their tracks.

    Credential Theft

    Protect your user’s credentials and avoid a widespread, malicious attack.

  • Solutions

    Email Security for the Enterprise

    Complete threat protection, detection and response tailored for enterprise businesses.

    Email Security for the Mid Market

    Security awareness training + email security protection purpose-built for your mid-market organizations.

    Email Security for Managed Service Providers (MSPs)

    Best-in-Class Phishing Protection and Simulations designed for MSPs, from the ground up.

    Managed Email Security Solutions

    Protect your organization from attacks with managed services from the Cofense Phishing Defense Center™.

    Detect and Stop Attacks

    Automatically identify and quarantine email threats across your organization in minutes.

    Analyze & Remediate Reported Threats

    Accelerate threat detection and response, empowering fast resolution.

    Actionable Insight into Emerging Threats

    Protect your organization with our deep analysis into the current threat landscape and emerging trends.

    Security Awareness Training

    Condition your workforce against today’s latest threats and transform them into your front line of defense.

    Security Awareness Training + Threat Protection

    Growing companies can get protection, realistic simulations and security awareness training all in one platform.

    Easily Report Suspected Threats

    Report suspicious threats with just one click.

    Empower Your Team

    Train employees through an with award-winning Learning Management System.

  • Clients

    Industries We Serve

    Businesses from all industries rely on Cofense to safeguard their teams.

    What Our Customers Say

    Global organizations trust Cofense to protect their most critical assets.

  • Resources

    Knowledge Center Hub

    Check out our resource library of solution content, whitepapers, videos and more.

    Events & Webinars

    Come see us at a local event or join us at an upcoming webinar.

    Blog

    Stay current on cybersecurity trends, market insights and Cofense news.

    Check Your SEG

    See the real threats that are currently evading your Secure Email Gateway (SEG).

  • About

    About Cofense

    Cofense stops email security threats and protects your company through our network of 35+ Million human reporters.

    News Center

    See the latest articles, press releases and more in our news center.

    Awards

    It’s an honor to be recognized in the cybersecurity market. Check out our recent awards.

    Partners

    Grow your business, drive new revenue streams, and improve your competitive posture through our Partner Program.

    Careers

    We’re looking for passionate people to join us in our mission to stop all email security threats for organizations around the globe.

    Management Team

    Get to know our management team.

Get a Demo

Phishing Detection and Response: Speed and Automation with Cofense Triage and ServiceNow SIR

Share Now

Facebook
Twitter
LinkedIn

By Mike Saurbaugh

How quickly can your security team produce information about the success of phishing incident response capabilities?

What if company leadership asks the CISO for data about the number of malicious phish that bypassed the secure email gateway and that employees caught and reported? Is this information available? More importantly, how rapidly does the team remedy employee-reported phishing threats?

With an integration between Cofense Triage™ and ServiceNow Security Incident Response (SIR), security teams reap great benefits. These include:

  • Bi-directional APIs to integrate and enrich platforms
  • Accelerated phishing email identification and mitigation
  • Improved analyst efficiency to investigate and respond without switching screens
  • Centralized visibility into enterprise incident management and response

Cofense and ServiceNow have long been technology partners and created an integration with Cofense Intelligence for phishing threat lookups and an earlier interoperability with Cofense Triage, both of which are in the suite of products that make up the Cofense phishing detection and response platform. As products evolved, Cofense and ServiceNow boosted security teams’ ability to manage phishing threats.

Think of Cofense Triage as a source of truth to highlight and inform analysts, who in the company reported emails as malicious, while removing the noise from benign reported emails. Now, take these highly credible reported phish and populate ServiceNow SIR with phishing incidents for analysts to remediate through next-steps automation actions across the enterprise. The result is a streamlined process to investigate, prioritize and resolve phishing attacks.

The APIs That More Than GET It

With the advent of a new set of Cofense Triage APIs (version 2), customers benefit from capabilities they had been asking for. Among them:

  • Bidirectional support between platforms – GET, POST, PUT, DELETE
  • Cofense Triage data ingestion and updating outside of the user interface
  • Filtering, and sorting improvements using sparse fieldsets, for better performance
  • To-One (many reports to one category), and To-Many (one category to many reports) relationships
  • Expanding pagination parameters

Optimizing Your Phishing Incident Response

  • Ingest employee-reported phishing emails from Cofense Triage based on severity, category, threat indicators and reporter reputation.
  • Create security incidents in ServiceNow Security Incident Response (SIR) from events in Cofense Triage’s inbox, reconnaissance and processed queues.
  • Ingest phishing threat indicators from Cofense Triage into ServiceNow SIR to enrich and operationalize incident response.
  • Update and process/categorize phishing emails in Cofense Triage from ServiceNow SIR.
  • Bidirectionally manage phishing threat indicators and observables between Cofense Triage and ServiceNow SIR.

Go Configure…

1. First, configure ServiceNow SIR to create an incident based on the desired criteria.

Ingest email artifacts from Cofense Triage – Inbox, Recon or Processed locations. The example below will create a security incident in SIR based on conditions met searching Cofense Triage.

  • Location = Processed
  • Report Category = Crimeware
  • VIP Reporter = True

Figure 1. ServiceNow SIR Security Incident Creation Criteria Querying Cofense Triage

2. Review security incident in ServiceNow SIR after polling interval collects data matching criteria.


Figure 2. ServiceNow SIR Incident Locations Obtained from Cofense Triage

Figure 3. Security Incident Matching Creation Criteria (Processed location, Report Category, VIP)

3. Incident details shown below in figures 4-6 are from reported phish received by Cofense Triage and ingested into SIR. Fields populated were retrieved from polling APIs.

Figure 4. Cofense Triage Data Populating Fields in SIR