Cofense Now has Automated Phishing Detection and Response Capability

Auto Quarantine can identify and automatically remove malicious emails from recipients’ inboxes – often before users see or have a chance to open them. Auto Quarantine is powered by the Cofense Intelligence network of Cofense researchers, the Phishing Defense Center (PDC) team of analysts, and millions of people around the world identifying and reporting suspected phish. This high degree of automation significantly reduces the time to identify and resolve attacks, provides protection from threats that bypassed the secure email gateways (SEGs) every day, and lessens a security analyst’s time spent hunting malicious email.  

How it Works 

The Cofense team closely monitors the threat landscape and is able to leverage a global network of over 25 million human sensors identifying and reporting on suspicious emails, and a team of advanced researchers and intelligence analysts to create an unparalleled view of threats happening in real time around the world. The moment a threat is identified, Cofense analysts generate an Indicator of Compromise (IOC) tuned to stopping that threat. With Vision’s Auto Quarantine feature, these IOCs are used to identify malicious emails that have bypassed the SEG seconds after they are received. When a match is found, the email is auto quarantined where it can then be examined and, if appropriate, removed permanently. Current Cofense Vision users are observing several such threats being automatically addressed every day, thus significantly reducing the window of vulnerability to active email-borne threats like ransomware, business email compromise (BEC), malware attacks and credential theft.  

Here are some real customer stories: 

Fortune 500 Retail Organization: 

A large retail customer was an early adopter of Cofense Vision with Auto Quarantine. The account team provided an email to the customer with a recently identified public malicious phishing link. The email completely bypassed all the existing email security controls.  But within seconds, and before the recipient could open the email, Vision identified the email as a threat and auto quarantined it. This happened without any human intervention. 

Large, Full-service Mortgage Provider: 

This enterprise organization deployed Vision with the new Auto Quarantine feature across its organization.  During the first week, Vision identified six separate phishing campaigns. Each of these campaigns contained approximately 500 phishing emails that had bypassed existing email security technology and made it to recipient inboxes. The Vision Auto Quarantine functionality immediately quarantined the thousands of emails without analyst interaction and, before a recipient could open the email, quickly and effectively reduced risk to the organization. Prior to Vision, the team did not have visibility into the extent of phishing campaigns, nor any systematic way to identify and remove them.  

Global Construction Company: 

When this global construction company enabled Auto Quarantine, they saw an immediate impact.  A phishing campaign disguised as a Microsoft Teams invitation to a holiday party appeared shortly after Auto Quarantine was configured. The email was immediately identified as a phishing campaign and more than 200 emails were auto quarantined.  After the initial detection, the company continued to be targeted with the same phishing campaign and the auto quarantine functionality in Vision has continued to detect and remove several dozen more attacks. 

 In addition to the Auto Quarantine feature, Vision, a key component of the Cofense PDR platform, has additional enhancements that include:  

  • Reduced remediation time:Cofense Vision actively scans new and existing emails and automatically quarantines malicious emails in near real time. Updates to the user interface enabling Approve and Reject actions in more places in the UI, thus saving valuable time spent on threat remediation and IOC management, and reducing risk to the organization.   
  • Flexibility: Cofense Vision can be set to quarantine emails containing IOC matches automatically or, for more control, operator approval can be required. Cofense Vision also lets teams define an allowed IOCs list – a list of indicators that an organization knows to be safe.   
  • Visibility: Complete visibility into all events associated with Auto Quarantine. The Cofense Vision Audit page contains entries for configuration changes, creation of quarantine jobs, operator approvals, changes to the allowed IOCs list, and any updates to IOCs.   
  • Network effect: The power of Cofense Intelligence services provides IOCs in real time – the moment they are vetted and released by Cofense.  

 Andfor customers of the Managed Phishing Detection and Response (PDR) service, if a threat is found in one customer’s environment, that intelligence is used to detect and quarantine attacks in other customer environments. 

Phishing threats are human-developed, which is why Cofense is helping organizations out-human the phishing threat. By continuously updating our solutions with capabilities to remove real-world threats before anyone in the organization even sees them, Cofense is greatly reducing the risk of a phishing attack. 

Learn more about Cofense Vision and Auto Quarantine, here. 

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. 
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc. 

 

Cofense Phishing Detection and Response Platform

The phishing story is not new. In fact, if anything, we are far more aware of phishing threats than we’ve ever been. Here are some things to think about: 

  • Attackers are human and constantly innovating to bypass technology 
  • 96% of breaches start with a phish 
  • Phish are easily bypassing gateway technology 
  • Business email accounts are routinely compromised (BEC) 
  • Many organizations are forced to pay ransomware bounties 
  • Large financial losses are occurring from compliance fines, loss of customers, IP theft, and recovery costs 
  • SOC analysts are overwhelmed performing incident response 
  • Awareness training can be ineffective if it is not aligned with real threats 
  • Artificial Intelligence that is deployed to detect phish is failing 

We’ll stop there – it’s 2020 after all, and there’s been enough bad news. So, here’s something good: 

Today, Cofense introduced its Phishing Detection and Response (PDR) platform, a solution designed specifically for enterprise organizations. As phishing attacks continue to become more sophisticated, persistent, and adaptive to legacy security defenses, demand for an extensive phishing defense solution is at an all-time high, and the need is critical. The Cofense PDR platform provides a comprehensive approach to stop phishing attacks through globally crowd-sourced phishing intelligence from 25 million people, combined with advanced automation.   

Cofense’s PDR platform can be deployed as an integrated suite of products or as comprehensive managed PDR service through our Phishing Defense Center (PDC). Both options effectively stop phishing attacks and combat the acuity of attackers through a combination of people and automated technology that quickly reduces and removes the risk.  

Cofense’s PDR platform is the most holistic solution on the market, and includes: 

  • PhishMe: Completely rearchitected to address the needs of enterprise-size organizations, users can more easily and efficiently run phishing simulations and manage their security awareness program; carefully crafted simulations based on real – not theoretical – phish immerse users in the experience of being phished from end to end, improving an organization’s resiliency to attacks. 
  • Triage: The first phishing-specific orchestration, automation and response solution that helps identify active phishing attacks in progress; suspected phish are rapidly clustered and analyzed by SOC analysts who queue indicators for remediation. 
  • VisionDriven by automation, Vision quickly identifies all recipients of phishing attacks and automatically quarantines and removes the threat from all mailboxes; enables SOC and IR teams to proactively hunt for unreported threats, IOCs and TTPs, and creates transparent audit and governance of mitigation actions. 
  • Reporter: Report suspicious emails and notify security teams in real time — with just one click. Users flag potential threats and the original email and other valuable information is sent directly to an organization’s SOC be quickly analyzeand the attack stoppedInstant feedback reinforces user training, strengthening the front line of defense. And with quick deployment and PC, Mac, and mobile device compatibility, it’s easy to get any team up and running. 
  • Intelligence: Proprietary global collection sources provide an extensive real-time view into threat campaigns observed in the wild; delivers high-fidelity, phishingspecific alerts and intelligence, providing accurate and timely assessments of both the current phishing threat landscape and emerging trends. Information from the Intel solution can be easily integrated with existing SOARs, SIEMs and TIPs.

Cofense Managed PDR 

  • For enterprise organizations that prefer to seek managed solutions, the Cofense PDC team delivers Managed PDR, handling the entire phishing detection and response process. Security operators gain the expertise and resources — and the peace of mind — needed to proactively defend against current or emerging threats with unparalleled outcomes when they engagCofense’s Managed PDR. In fact, you can read about how the PDC team stopped and removed an attack in less than 10 minutes.

 With the Cofense PDR Platform, you get:  

  • A global network of 25 million people actively identifying and reporting suspected phish 
  • Automation technology to quickly analyze, verify and quarantine phish throughout an organization 
  • Shared intelligence across teams and with others in a global network  
  • Effective, real-world phish simulation training 
  • Solutions delivered as integrated products or managed service 

 The Cofense combination of human detection with automated response and intelligence allows organizations to detect phish in their environment, educate employees on how to identify and report phish, and respond quickly to remediate the threats before there is harm done to their organization. Cofense is the only PDR platform, and the only one to provide all of these capabilities in one solution. Our goal is to enable every company to defend itself against phishing threats. And with the strength of our global Cofense network, together we can OutHuman the Threat.  

Learn more about Cofense and PDR, here.  

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.  
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc. 

The New Cofense Resource Center

By Carolyn Merritt 

Today, Cofense officially launched its new Resource CenterFormerly known as Community, the new Resource Center features a completely redesigned interface, smarter search capabilities and integrated support ticketing  

This initiative has been in the works for some time. We heard from internal and external users alike that the old Community was difficult to navigate, and that information was challenging to locate. We believe those issues have been solved with our new interface, an integration with our Zendesk ticketing system, and a new set of capabilities designed to improve the user experience. 

Also, we organized the new Resource Center by product to make it easier to search and navigate to your desired results. Another exciting new feature is the customer ticket portal which allows you to access all your tickets, sort by key words, and ticket status. You can link to events, webinars, other resources, and assets on the Cofense website as well. The Resource Center is a central location for frequently asked questions, product details, policies, and more to help you be more proactive in your phishing detection and response efforts. As an added value, you have access to a discussion board where you can submit and vote on future product features and capabilities.  

One noteworthy change is to our Knowledge Base articles. They have all been incorporated into a library so you can easily access them. Additionally, our technical support engineers can easily insert knowledge base articles into tickets for added reference. In the near future, we’ll be adding a support bot that will promote associated knowledge base articles to support tickets at the time of creation, in hopes of providing quick answers and reference materials before or instead of you having to engage with a support engineer.    

Why did we do this? 

We want to engage with you – our customers – in the best way possible when you need help or have feedback. We saw the opportunity to improve the old Community system, its search functions and Zendesk integration. Your feedback is still very important to us, and we want to know what works in the new Resource Center, and if anything doesn’t.

To see the new Resource Center with all of its new features and functionality, login:

North American instance – https://support.cofense.com 

European instance – https://supportintl.cofense.com 

We are very proud of the new Resource Center and look forward to supporting all of our users and ultimately helping your organization improve your phishing detection and response programs.

 

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. 
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc. 

Cofense Named a 2018 DC Inno ‘50 on Fire’ Innovation Leader

DC Inno Cites ‘Powerful Year’ of Growth and Product Expansion for Global Leader in Phishing Defense, Orchestration and Automation Solutions

When do you know your company’s on fire? One sign is the company you keep. DC Inno, an organization that promotes innovation and the entrepreneurial spirit in the DC, Maryland, and Virginia region, whose combined economy is one of the nation’s strongest and most diverse, named Cofense™ to its 2018 50 on Fire list of red-hot businesses.

PhishMe CEO Rohyt Belani and CTO Aaron Higbee Named 2017 Tech Titans

Leesburg, VA – May 05, 2017 – PhishMe (cofense.staging.wpengine.com), the leading provider of human-phishing defense solutions, announced today that co-founders Rohyt Belani, CEO, and Aaron Higbee, CTO, have both been named 2017 Tech Titans by Washingtonian magazine. Every two years, the magazine identifies 100 influential people in the Washington, D.C. area technology scene from start-ups to Fortune 500 companies who have made substantial contributions to the community. The list is compiled based on research and interviews conducted between the editors and local technology leaders.

EY Announces PhishMe CEO Rohyt Belani as Entrepreneur Of The Year 2017 Mid-Atlantic Award Finalist

Tysons, VA, April 25, 2017 – EY today announced that CEO and co-founder Rohyt Belani of PhishMe is a finalist for the Entrepreneur Of The Year® 2017 Award in the Mid-Atlantic region. The awards program, which is celebrating its 31st year, recognizes entrepreneurs who are excelling in areas such as innovation, financial performance and personal commitment to their businesses and communities. Rohyt Belani was selected as a finalist by a panel of independent judges. Award winners will be announced at a special gala event on June 15, 2017 at the Ritz-Carlton, Tysons Corner.

PhishMe End-to-End Phishing Mitigation Solution Delivers ROI, Operational Efficiency and Reduced Susceptibility

Before investing in any type of security solution, you need to know your money will be well spent.

That’s especially true for security professionals shopping for antiphishing solutions, hence why PhishMe commissioned Forrester Research, Inc. to research the effectiveness of PhishMe’s complete phishing defense solution among key customers.

PhishMe Appoints Mel Wesley as Chief Financial Officer

Industry Veteran to Position PhishMe for Continued Global Expansion and Explosive Growth

Leesburg, VA – March 30, 2017 – PhishMe® (cofense.staging.wpengine.com), the leading provider of human-phishing defense solutions, appointed technology industry veteran Mel Wesley to head up its finance department as the company’s new Chief Financial Officer (CFO). As PhishMe’s CFO, Wesley will shepherd the company as it continues to grow aggressively, capitalizing on the burgeoning demand for its solutions that thwart cyber attackers in their tracks.

PhishMe is a Finalist in 4 Categories for the 13th Annual 2017 Info Security PG’s Global Excellence Awards

We are excited to announce that PhishMe has been selected as a finalist for the 13th Annual 2017 Info Security PG’s Global Excellence Awards in not just 1 but 4 different categories!

  • The first award is for Rohyt Belani, who has been honored as a “CEO of the Year” category winner of the 2017 Info Security Products Guide Global Excellence Awards for the second year in a row.
  • Fellow co-founder and CTO, Aaron Higbee, was honored as a finalist for the “CTO of the Year” category award.
  • PhishMe also was selected as a finalist for the “Best Security Service” and “Best Deployments in U.S.A.” award categories.

These prestigious global awards, put on by one of the industry’s leading information security research and advisory guide, recognize security and IT vendors with advanced, ground-breaking products and solutions that are helping set the bar higher for others in all areas of security and technologies.

“It is truly an honor to be recognized as a CEO of the Year by Info Security Products Guide for a second year in a row,” said Belani. “You are only as good as the people you surround yourself with. The real winners are the talented employees at PhishMe. These awards are proof of the hard work and dedication of every member of the PhishMe team.”

Belani and Higbee have led PhishMe from its infancy to a company with more than 200 employees and 892 percent growth in just 3 years, establishing themselves along the way as thought leaders in the cybersecurity industry. The company has secured several other major industry accolades including recognition in the 2016 SC Magazine Awards, Inc 5000 and the Deloitte Fast 500.

PhishMe’s world-class solution has emerged as a dominant force in the phishing threat management space with almost half of the Fortune 100 companies using its platform for attack identification, human-verified intelligence and incident response. The company’s achievements in 2016 have cemented its position as an innovator at the forefront of phishing defense technologies and laid the groundwork for further innovation in the coming years.

We look forward to seeing you all at RSA Conference in San Francisco, where we have two different booths: S1715 in the South Expo and N4601 in the North Expo.

 

To learn more about the 2017 Info Security PG’s Global Excellence Awards, visit http://www.infosecurityproductsguide.com/world/.