Phish Fryday – Cutting Through the Noise at IMAX

Security analysts need data – lots of data – to do their jobs defending organizations. It’s easy to drown in all the noise, though, and not be able to find attacks and respond quickly. In this episode we speak with IMAX Information Security Analyst Rob Sipthorpe to discuss the IMAX phishing defense program and how they’re cutting through the noise and finding bad fast.

Learn more:

IMAX

Cofense Triage

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – APIs and Automated Phishing Defense

Cyber defenders are strapped for resources, having to constantly do more with less. The risks are many, the tools are multiplying, and yet the job continues to get harder. Here to talk about how automation and integration through API usage can improve cyber defenses are Pete Smith, Cofense Director of Product Management and Cofense Director of Technical Alliances Mike Saurbaugh.

Learn more

Cofense Triage

Cofense Vision

Cofense Intelligence

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Secure Email Gateways

Phishing continues to be one of the top attack vectors faced by companies. To address this, many organizations deploy a secure email gateway – SEG in InfoSec parlance. In this episode we speak with Cofense Co-founder and CTO Aaron Higbee and Cofense Security Solution Advisor Tonia Dudley about the history and functionality of SEGs and why they aren’t the panacea they claim to be.

Additional Resources

Gartner retires their secure email gateway Magic Quadrant

Phish Fryday – Cloud Services in Phishing Attacks

Get the lowdown on SEGs

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – OAuth2 Phishing Attacks

With credential theft making up a large portion of phishing attacks, many organizations wisely turn to MultiFactor Authentication (MFA) to protect the credentials of their employees. Attackers, however, are upping their game to continue gaining access to corporate accounts. Cofense Threat Analyst Elmer Hernandez joins us this week to discuss a particular attack observed by Cofense that leverages OAuth2 and OpenID Connect instead of passwords.

Learn more

OAuth2 Attack Bypasses MFA

Google Docs Scam

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Risk Management and Phishing Defense

The very act of running an organization includes risk. Successful business leaders understand what those risks are and how to manage them. Operating information systems is no different – they are at risk by nature, but IT and security teams need to recognize those risks and manage them successfully. Here to talk about risk management and phishing defense is Pete Smith, Cofense Director of Product Management for our Triage and Vision phishing defense solutions.

Learn more

Cofense Triage

Cofense Vision

Cofense Intelligence

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Pentesting and Phishing Defense

Organization seek out security through various means – risk analysis, regulatory compliance, alignment to security frameworks – but can never really be sure they are secure. That’s where pentesting comes in – evaluating security controls through an attack methodology. Given the prevalence of phishing in compromises and breaches, how does pentesting take advantage of this? Here to discuss pentesting and its importance in phishing defense is Soteria co-founder Paul Ihme.

Learn more

Soteria

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Beyond the Inbox

Even with users reporting phishing attacks and the best analysis and response tools, there’s a chance someone has already become a victim. Security teams must race the clock to find Indicators of Compromise to identify infected endpoints and spreading malware. In this episode, we’re joined by Alan Rainer, Senior Threat Analyst at Kivu Consulting to discuss how phishing defenders can go beyond the inbox to find and neutralize threats.

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Q1 2020 Phishing Review

Phishing remains one of the top threat vectors used by attackers to breach corporate defenses to inflict harm and make money. Each quarter, Cofense Intelligence analyzes vast quantities of phishing attacks both reported by customers and discovered in other proprietary sources. In this episode, we’re joined by Cofense Cyber Threat Intelligence Analyst and lead author of our Q1 2020 Phishing Review, Aaron Riley.

Resources:

Cofense Q1 2020 Phishing Review

Cofense Intelligence

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Pragmatic Threat Intelligence

Cybersecurity professionals are noted for their suspicious nature. They have to have it. But, whereas we can imagine a million threat vectors, there’s only so much time in the day and we’re forced to prioritize where we spend our resources protecting our organization. That’s where threat intelligence comes in. Active threats and tactics – seen in the wild – can be more important to your organization’s defense than all the 0-days your mind can imagine. To discuss the pragmatic application of threat intelligence is Cofense Manager of Intelligence Solutions Engineering, Wes Smiley.

Resources:

Cofense Intelligence

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Phishing Defense

Phishing attacks are different than other attacks – they tend to be technology light and social manipulation heavy. Defending against these attacks requires a unique set of skills and tools. In this episode we speak with Cofense Director of Product Management Pete Smith to discuss the tools and skills needed for effective phishing defense.

Questions or comments? Reach us at phishfryday@cofense.com