Auto Quarantine can identify and automatically remove malicious emails from recipients’ inboxes – often before users see or have a chance to open them. Auto Quarantine is powered by the Cofense Intelligence network of Cofense researchers, the Phishing Defense Center (PDC) team of analysts, and millions of people around the world identifying and reporting suspected phish. This high degree of automation significantly reduces the time to identify and resolve attacks, provides protection from threats that bypassed the secure email gateways (SEGs) every day, and lessens a security analyst’s time spent hunting malicious email.  

How it Works 

The Cofense team closely monitors the threat landscape and is able to leverage a global network of over 25 million human sensors identifying and reporting on suspicious emails, and a team of advanced researchers and intelligence analysts to create an unparalleled view of threats happening in real time around the world. The moment a threat is identified, Cofense analysts generate an Indicator of Compromise (IOC) tuned to stopping that threat. With Vision’s Auto Quarantine feature, these IOCs are used to identify malicious emails that have bypassed the SEG seconds after they are received. When a match is found, the email is auto quarantined where it can then be examined and, if appropriate, removed permanently. Current Cofense Vision users are observing several such threats being automatically addressed every day, thus significantly reducing the window of vulnerability to active email-borne threats like ransomware, business email compromise (BEC), malware attacks and credential theft.  

Here are some real customer stories: 

Fortune 500 Retail Organization: 

A large retail customer was an early adopter of Cofense Vision with Auto Quarantine. The account team provided an email to the customer with a recently identified public malicious phishing link. The email completely bypassed all the existing email security controls.  But within seconds, and before the recipient could open the email, Vision identified the email as a threat and auto quarantined it. This happened without any human intervention. 

Large, Full-service Mortgage Provider: 

This enterprise organization deployed Vision with the new Auto Quarantine feature across its organization.  During the first week, Vision identified six separate phishing campaigns. Each of these campaigns contained approximately 500 phishing emails that had bypassed existing email security technology and made it to recipient inboxes. The Vision Auto Quarantine functionality immediately quarantined the thousands of emails without analyst interaction and, before a recipient could open the email, quickly and effectively reduced risk to the organization. Prior to Vision, the team did not have visibility into the extent of phishing campaigns, nor any systematic way to identify and remove them.  

Global Construction Company: 

When this global construction company enabled Auto Quarantine, they saw an immediate impact.  A phishing campaign disguised as a Microsoft Teams invitation to a holiday party appeared shortly after Auto Quarantine was configured. The email was immediately identified as a phishing campaign and more than 200 emails were auto quarantined.  After the initial detection, the company continued to be targeted with the same phishing campaign and the auto quarantine functionality in Vision has continued to detect and remove several dozen more attacks. 

 In addition to the Auto Quarantine feature, Vision, a key component of the Cofense PDR platform, has additional enhancements that include:  

  • Reduced remediation time:Cofense Vision actively scans new and existing emails and automatically quarantines malicious emails in near real time. Updates to the user interface enabling Approve and Reject actions in more places in the UI, thus saving valuable time spent on threat remediation and IOC management, and reducing risk to the organization.   
  • Flexibility: Cofense Vision can be set to quarantine emails containing IOC matches automatically or, for more control, operator approval can be required. Cofense Vision also lets teams define an allowed IOCs list – a list of indicators that an organization knows to be safe.   
  • Visibility: Complete visibility into all events associated with Auto Quarantine. The Cofense Vision Audit page contains entries for configuration changes, creation of quarantine jobs, operator approvals, changes to the allowed IOCs list, and any updates to IOCs.   
  • Network effect: The power of Cofense Intelligence services provides IOCs in real time – the moment they are vetted and released by Cofense.  

 Andfor customers of the Managed Phishing Detection and Response (PDR) service, if a threat is found in one customer’s environment, that intelligence is used to detect and quarantine attacks in other customer environments. 

Phishing threats are human-developed, which is why Cofense is helping organizations out-human the phishing threat. By continuously updating our solutions with capabilities to remove real-world threats before anyone in the organization even sees them, Cofense is greatly reducing the risk of a phishing attack. 

Learn more about Cofense Vision and Auto Quarantine, here. 

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. 
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.