Cofense Secures Additional Investment from Funds Managed by BlackRock

Company Reaffirms Commitment to Deliver Reliable Phishing Technology and Awareness Training to the Global Market

Leesburg, VA Cofense™, the global leader in intelligent phishing defense solutions, today announced that funds managed by BlackRock Private Equity Partners have taken an additional ownership position in Cofense, having acquired the equity of former investor Pamplona. Cofense is pleased to expand the partnership, initially inked in 2018, which will continue to support the company’s mission to help organizations stop phishing attacks in their tracks.  Private Equity Partners is BlackRock’s fund of private equity funds platform that sources and evaluates the full spectrum of private markets investing, including partnerships, direct co-investments, and secondary transactions.

“We met with dozens of world-class financial institutions who were keen to invest. We’re delighted that BlackRock was the winning bidder, as they are familiar with our business and already have a strong relationship with Cofense,” said Rohyt Belani, Co-Founder and CEO, Cofense. “BlackRock’s expanded investment is a direct reflection of their confidence in our company and the growing market opportunity. Cofense has a history of successfully uncovering and reporting threats from all corners of the globe, but we are particularly proud of our track record for taking all possible measures to protect our customers, partners and prospects from phishing attacks.”

In the previous 12 months, Cofense has accelerated its efforts to bring reliable, best-in-class phishing defense solutions to the global market, and as a result the fourth quarter (2018) and first quarter (2019) were the two most successful in company history. The company has close to 2,000 enterprise clients in over 150 countries, representing every major vertical from energy, financial, healthcare to manufacturing and high-technology. Since July 2018, Cofense has expanded its product suite to deliver turnkey solutions for employee education and awareness to phishing response. The company will continue investing in R&D to provide their customers with peak phishing protection across the organization.

In addition to technical accolades, including being positioned as a Leader in the Gartner Magic Quadrant for Security Awareness Computer-Based Training for the fourth consecutive year, Cofense has been recognized for its culture and team leadership. The company was named a 2018 Best Place to Work by the Washington Post and Washington Business Journal and included on the Inc. 5000 list of fastest growing companies. Most notably, Cofense has been honored multiple times in 2019 for raising the standards of excellent customer service, as a finalist for the 2019 SC Awards and HDI Team Awards, and as a winner of the ISPG Global Excellence Awards. The company also successfully completed a Service Organization Controls (SOC) 2 Type II examination for Cofense PhishMe™ and Hosted Cofense Triage™.

About Cofense
Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact
press@cofense.com

Cofense and CNA Strengthen Security Awareness Within Cyber Insurance Industry

Leesburg, Va. – August 15, 2019 –Cofense™, the global leader in intelligent phishing defense solutions, announced its strategic relationship with CNA, one of the largest commercial property and casualty insurance companies in the United States. Cofense will provide security awareness training as part of CNA CyberPrep, the latest addition to CNA’s suite of cyber liability insurance products designed to help companies take a holistic approach to cyber threats.

Phishing attacks remain the top attack risk facing organizations. As a result, educating and training employees is a critical part of a robust cybersecurity platform. CNA policyholders can take advantage of Cofense’s world-class, human-driven training tools to include a fully functional-learning management system and more than 20 cyber-related computer-based training modules. Cofense’s Learning Management System (LMS) helps administrators manage content and ongoing education about cyber security risks, meanwhile the company’s Computer Based Training (CBT) educates users on today’s biggest threats with interactive modules. This two-pronged approach empowers users to input their own lessons and manage Cofense and non-Cofense learning materials all in the same place.

CNA policyholders will get access to all Cofense solutions at a preferred rate, and will be eligible for a Cofense Managed Phishing Assessment to provide a benchmark of their current phishing risk and resiliency. This assessment helps companies to improve their threat identification, mitigation and response operations.

“Our relationship with CNA brings together multiple types of risk management services. We are helping to create a comprehensive solution for businesses to remain prepared and competitive,” said Rohyt Belani, CEO and Co-Founder of Cofense. “Working together seamlessly with the other components of CNA CyberPrep, we are confident that our security awareness solutions can help CNA’s policyholders fight phishing threats.”

“In today’s technology-driven world, it is clear that cyber threats represent a critical and growing risk,” said Brian Robb, Underwriting Director and Cyber Industry Leader, CNA. “Businesses must stay ahead of emerging cyber risks and the security threats they pose, and we want to make sure CNA policyholders have access to the best services and technology available. Cofense is an industry leader in phishing defense solutions and security awareness training, which will deliver great value to our policyholders.”

About Cofense

CofenseTM, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact

press@cofense.com

 

Cofense Labs Publishes Database of Over 200 Million Compromised Accounts Targeted by Sextortion Email Campaigns

Leesburg, Va. – August 5, 2019 – CofenseTM, the global leader in intelligent phishing defense solutions, today published a database of over 200 million compromised accounts being targeted by a large sextortion scam to ensure potential victims and their employers can address the threat of sextortion and prevent lost wages and productivity. Cofense Labs, the newly formalized research and development arm of Cofense, discovered a “for rent” botnet in June 2019 used primarily to send sextortion emails. The research team is monitoring the botnet’s activity on a daily basis to observe changes in the malware it is spreading as well as tracking new email addresses being targeted for sextortion phishing emails.

Sextortion is an email-based scam that relies on emotion-driven motivators such as fear and urgency to extort a ransom payment in return for the scammer’s commitment not to leak sensitive information. The method has become an increasingly pervasive threat, with Cofense Labs analysing over 7 million email addresses impacted by sextortion in the first half of 2019 alone. Cofense also assessed that more than $1.5M in payments were made to bitcoin wallets associated with sextortion campaigns this year. Poor password hygiene, including infrequent changes and reuse across multiple sites, add further credibility to sextortion threats being made.

“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” said Aaron Higbee, Cofense Co-Founder and CTO. “If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource center so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom.”

Data breaches continue to headline the news, and as a result, massive sets of email addresses and passwords are making their way to the criminal corners of the internet. Cofense Labs’ research indicates that the hackers behind this sextortion campaign are recycling old email addresses and passwords – dating back at least 10 years – for new monetization purposes.

“Cofense Labs advises that owners of emails included in the database should change any passwords for accounts associated with that address. And most importantly, if a sextortion email is received, we do not recommend responding to the email or paying the ransom,” added Higbee. “The release of this sextortion database is just one example of the pioneering work Cofense Labs is conducting. Our team is committed to expanding visibility into the evolving phishing threat landscape and sharing tools, techniques, and insight with the security community.”

There are several actions consumers and organizations can take to prevent sextortion and deal with the threat, including: employing a password manager to keep passwords strong and unique; enabling two-factor authentication whenever this is an option for online accounts; and covering all computer cameras. To view the full database provided by Cofense Labs, as well as a guide for employers and employees, click here.

The mission of Cofense Labs is to provide leading edge, innovative research and subject matter expertise to address real-world cyber security challenges. The research and development team’s insights aim to provide actionable intelligence to assist with proactive defense. Where appropriate, Cofense Labs will make the output of its research freely available to encourage and enable collaborative defense. Projects will be made available at cofenselabs.com.

About Cofense

CofenseTM, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact

press@cofense.com

 

Cofense Named a Leader in the 2019 Gartner Magic Quadrant for Security Awareness Computer-Based Training for the Fourth Consecutive Year*

Company continues to positively impact employee behavior with effective solutions for phishing protection.

Leesburg, Va. – July 31, 2019 – Cofense™, the global leader in intelligent phishing defense solutions, today announced their position in the Leaders quadrant of the 2019 Gartner Magic Quadrant for Security Awareness Computer-Based Training*. This is the fourth consecutive year that Cofense has achieved this position. Cofense believes being positioned as a leader in the quadrant is a testament to the company’s continued ability to deliver innovative solutions backed by superior customer experience.

“We are proud to be designated a leader in Gartner’s Security Awareness Computer-Based Training report,” said Rohyt Belani, CEO, Cofense. “We feel this industry recognition validates and reinforces that Cofense solutions, especially Cofense PhishMe™, offer the enterprise an effective security awareness solution that positively impacts employee behavior.”

Cofense provides a turnkey phishing defense solution that helps our customers leverage their conditioned employees to rapidly identify phishing attacks bypassing their email gateways and most importantly, give the security operations teams the products to streamline the detection and response cycle that ensues. In essence, Cofense customers are able to operationalize the training provided by Cofense PhishMe to demonstrably stop phishing attacks in their tracks.

Despite billions of dollars invested in perimeter controls, 90% of the emails reported with Cofense have bypassed at least one secure email gateway. In June, the company released its 2019 Phishing Threats and Malware Review which highlights the latest evolutions to threat actor campaigns and enhanced capacity for malware to evade perimeter controls and penetrate user inboxes. The trends further emphasize the need for all organizations to focus more on embracing the human element of cyber security.

In addition to Cofense receiving recognition for Security Education, Incident Response, Cyber Threat Intelligence and Managed Security Service in the Cyber Security Excellence Awards, the company has also received customer recognition and was also named a January 2019 Gartner Peer Insights Customers Choice for Security Awareness Computer-based Training Software.

To connect with the Cofense team at Black Hat USA in Las Vegas from August 6-8, please click here.

*Gartner Magic Quadrant for Security Awareness Computer-Based Training, Joanna Huisman, 18 July 2019. Cofense previously positioned as PhishMe.
Gartner Disclaimers
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

 

About Cofense
Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact
press@cofense.com

Cofense Report Reveals Weaknesses in Secure Email Gateways, Illustrates Critical Role of Human Intelligence in Phishing Defense

2019 Phishing Threats and Malware Review highlights the latest evolutions to threat actor campaigns and enhanced capacity for malware to evade perimeter controls and penetrate user inboxes.

Leesburg, Va. – June 04, 2019 – Cofense™, the global leader in intelligent phishing defense solutions, today released the findings of their report, “2019 Phishing Threats and Malware Review”, which reveals key insights about how threat actors are evolving phishing campaigns, and provides direction to everyone from network defenders to CISO’s on how to prepare for the unknown. Despite significant investments in next-gen technologies, phishing threats continue to become more sophisticated and effective. The report uncovers how dangerous threat actors, armed with an ever-growing arsenal of tactics and techniques, continue to tweak their campaigns and enhance their capacity to deliver malware, ultimately getting more messages past perimeter controls to user inboxes.

The report features real and simulated threat findings generated from the Cofense Phishing Defense Center (PDC), Threat Intelligence and Research teams, and across a sampling of their global customer base; including real data from 1,400 customers in 50 countries and 23 major industries, and half of the Fortune 100. Specifically, between October 2018 and March 2019, the Cofense PDC verified over 31,000 malicious emails, 90 percent of which were found in environments running one or more secure email gateways (SEGs).

Key findings from the 2019 report include:

  • Between October 2018 and March 2019, 31,429 total threats were reported by end users after delivery to the inbox, which included 23,195 via credential phishing; 2,681 via business email compromise (BEC); 4,835 via malware deliver; and 718 via other scams.
  • Ninety percent of the malicious emails verified by the Cofense PDC during this period were found in environments running one or more SEG.
  • Threat actors are innovating relentlessly and are constantly refining their tactics, techniques, and procedures (TTP’s) as they develop new delivery mechanisms, phishing techniques, and ways to get around network defense technologies. Cofense is seeing activity such as the use of public, open source tools to evade detection and the leveraging of genuine O365 accounts to harvest credentials to increase the odds of reaching the inbox and delivering malware. The report outlines that sextortion and bomb scare extortion pay off significantly when utilized by threat actors.
  • Technologies like email gateways can’t keep pace with the speed of threat actors’ “product development”. SEG’s play a key role in phishing defense, but they are not infallible. The report identifies SharePoint, OneDrive and ShareFile as some of the most abused cloud providers and states that threat actors use geo-location to help prevent analysis by security tools or human researchers; enabling malware to slip through a SEG’s defenses.
  • Collective human intelligence is vital to phishing defense. When the phishing and malware threats analyzed in this report land in users’ inboxes, the human factor becomes decisive. It’s imperative to educate users through a phishing awareness program, focusing on threats that utilize the latest TTP’s. Both user education and incident response thrive when fed by threat intelligence on emerging TTP’s.

“Adversaries are constantly evolving their techniques and changing their infrastructure to complicate detection, meaning that indicators of compromise (IOCs) can grow stale extremely quickly. For holistic defense, users need to be prepared to identify and report any threats that do reach their inbox,” said Aaron Higbee, Co-Founder and CTO, Cofense. “Automated technical defense controls must be blended with a human element in today’s threat landscape. While timely threat intelligence helps head-off attacks and drown out the noise so that SOC teams can prioritize and focus on the most pernicious threats, Cofense is observing an ever-increasing surge of malicious emails that reach user inboxes daily. Once a message reaches an inbox, that end user is your last line of defense.”

Cofense is the only phishing defense company that holistically confronts phishing threats, looking at both the phishing tactics and techniques used to bypass perimeter controls to reach users inboxes, as well as how the malware is executed after delivery. Cofense’s multi-dimensional intelligence enables customers to prioritize and understand threats to mitigate phishing attacks faster.

To download the full report, please visit https://cofense.com/phishing-threat-malware-review-2019

About Cofense
Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact
press@cofense.com

Cofense Achieves SOC 2 Type II Compliance for PhishMe and Hosted Triage

Phishing Defense Leader Continues to Pursue Compliance Certifications for Data Security

LEESBURG, Va.May 16, 2019 — Today Cofense™, the global leader in intelligent phishing defense solutions, announced it has successfully completed a Service Organization Controls (SOC) 2 Type II examination for Cofense PhishMe™ and Hosted Cofense Triage™. These product lines provide technology to help organizations train their employees to identify potential phishing risks and properly handle phishing attacks by individuals attempting to manipulate or deceive email recipients. Coalfire Controls, LLC, an independent CPA firm, conducted the audit.

SOC 2 compliance is a key industry standard in data security. Designed for entities operating in the technology and cloud computing sector, SOC 2 evaluates a service provider’s ability to securely manage customer data. In pursuit of this certification organizations undergo a rigorous analysis that includes the following trust services criteria: security, availability, processing integrity, confidentiality and privacy. Cofense achieved SOC 2 Type I compliance in February 2018, which is based on having the suitable controls in operation. For Type II, Cofense successfully showed the effectiveness of these controls over a period of time.

“Pursuing industry-leading certifications is just one way Cofense continues to demonstrate our commitment to larger compliance efforts that exceed enterprise standards,” said Keith Ibarguen, Chief Product Officer, Cofense. “SOC 2 Type II compliance is a proven standard to ensure the processing integrity, availability, security, confidentiality and privacy of customer data. Cofense aims to not only help our customers maintain strong security through our innovative technology offerings, but to also maintain strong relationships and trust through our own security and privacy practices.”

“Many organizations outsource information security operations to third-party vendors, and if their data is not handled securely, risk of exposure to data theft, extortion and malware increases dramatically. Given this threat of exposure, SOC 2 Type II is essential for organizations to clearly demonstrate the security control posture of their solutions,” states Chris Beiro, Sr. Director, SOC Practice, Coalfire. “Coalfire examined the PhishMe and Hosted Cofense Triage solutions and found that controls were suitably designed and operating effectively to provide reasonable assurance that the trust services criteria were met throughout the review period.”

The purpose of SOC standards are to help provide confidence and peace of mind for organizations and their third-party partners. Cofense maintains policies, strategies and processes that are designed to satisfactorily safeguard customer data. For more information, please visit http://www.cofense.com.

About Cofense 
Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact 
press@cofense.com

Cofense Partners with NINJIO to Bring Hollywood-Style Storytelling to Security Awareness Offering

Leesburg, Va. – May 8, 2019 – Cofense™, the global leader in intelligent phishing defense solutions, announced a partnership with NINJIO, a leading creator of cyber security awareness training. NINJIO’S cyber security content will be accessible by customers using the Cofense PhishMe™ platform, an award-winning phishing simulation and training solution. Cofense PhishMe administrators can leverage NINJIO videos, or “episodes” as NINJIO refers to them, as part of their on-going security awareness training and phishing defense programs.

Cofense Announces Key Additions to Leadership Team

New Hires to Fuel Company Growth in All Aspects of Sales, Marketing, and Product Development

Leesburg, Va. – April 18, 2019 – Today Cofense™, the global leader in intelligent phishing defense solutions, announced the addition of four security leaders to their executive team. Kevin Fliess joins Cofense as Senior Vice President of Marketing; Keith Ibarguen, as Chief Product Officer; Marcus Conroy, as Vice President of Americas Sales; and David Janson has been promoted to Vice President of International Sales from his previous position as Vice President of European Sales. Following the strongest fourth quarter (2018) and first quarter (2019) in company history, these additions will contribute to Cofense’s leadership and culture as the company executes the next phase of its growth strategy and expansion.

Cofense To Host Fourth Annual Phishing Defense Summit and User Conference

Cofense Submerge features industry expert speakers, including a keynote by FireEye CEO,
and sessions focused on latest security threats and incident response trends

Leesburg, Va. – April 16, 2019 – Today Cofense™, the global leader in intelligent phishing defense solutions, announced that registration is open for the fourth annual Submerge phishing defense summit and user conference. The event, set to take place Sept. 23-24, 2019 in Orlando, Fl., will bring together industry experts with practitioners who are on the front lines to discuss the security threat landscape and share phishing defense strategies. Featured speakers include Kevin Mandia, CEO of FireEye as a keynote, along with Cofense’s Co-Founders, Rohyt Belani, CEO, and Aaron Higbee, CTO.

Cofense Launches Responsive Delivery Capabilities to Strengthen Effectiveness of Global Anti-Phishing Programs

New feature for Cofense PhishMe enables operators to deliver phishing scenarios only when a user is actively performing tasks in their mailbox

Leesburg, Va. – Feb. 28, 2019 – Today Cofense™, the global leader in intelligent phishing defense solutions world-wide, announced the addition of Responsive Delivery to its flagship product for phishing simulations. This first-to-market feature enables Cofense PhishMe™ Enterprise edition operators to deliver phishing scenario emails only when intended recipients are actively performing tasks in their mail client. Responsive Delivery gives operators confidence that simulations will not be missed by a user who is away from the desk and ensures that the scenario email is delivered directly to the inbox without interruption.