Cofense Triage Enhances Incident Response Orchestration to Reduce Noise and Stop Threats in Real-Time
New features speed visibility into “who else” received a malicious email, the power to take action, as well as provide advanced API integrations and noise management
LEESBURG, VA. – April 10, 2018 – Cofense™, the leading provider of human-driven phishing defense solutions worldwide, today announced updates to Cofense Triage™, its phishing incident response platform. The new capabilities in Cofense Triage are focused around helping to automate and orchestration across the Incident Response (IR) workflow with enhanced ability to identify and stop real threats in-progress.
It’s a fact – phishing emails get past the perimeter. Once an email penetrates an organization’s virtual “four walls”, rapid detection and response is critical. The key is for operators to have the power to share information across every department, see what is actually a threat and stop attacks in progress before they lead to a breach.
Key enhancements to Cofense Triage include:
- Cofense Triage Noise Reduction – “Commercial emails”, such as newsletters, social media updates or spam are often reported by users as threats, but in reality, are just noise. To drive efficiency for security analysts, Cofense Triage Noise Reduction reviews, scores and categorizes reported emails with rules provided by Cofense. Cofense Triage Operators can then use this information to automate the processing and removal of this noise, to allow them to spend more time on real phishing threats.
- “Who Else” – With this new capability, IR teams can see who across their organization received a reported malicious email and take the appropriate action – such as quarantining or deleting the emails. Once a reported email is determined to be a threat, IR teams can search across both on-premises Microsoft Exchange or cloud-based Office 365 to see if other employees have received and opened a specific email. This new capability enables operators to see how widespread a threat is and orchestrate and automate the incident response process.
- Cofense Triage API – To further streamline the incident response process, Cofense Triage API allows customers to create their own custom integrations across security solutions extending integrations available through the Cofense Technology Alliance Program (TAP) and expanding the platform’s security automation and orchestration capabilities. For example, customers can use the API to integrate their Cofense Triage instance with a home-grown ticketing or SIEM solution for faster resolution times.
“When defending against today’s top threats, fast response times are crucial to preventing attack escalation,” notes Rohyt Belani, co-founder and CEO of Cofense. “Leveraging the speed at which employees read email and technology that is purpose built to help identify malicious emails at scale, Cofense Triage is helping our customers identify phishing, ransomware, BEC, and malware attacks that bypass secure email gateways on a daily basis. The power of human and technology working in concert is incomparable to relying on just one or the other.”
Cofense Triage is the first phishing-specific incident response platform that allows security operation (SOC) and IRs to automate the prioritization, analysis and response to phishing threats that bypass email security technologies. It integrates with existing security solutions including SIEM, anti-malware, analysis and threat intelligence solutions and shares indicators of compromise and phishing with upstream security teams to block future attacks.
Customers can expect Cofense Triage enhancements to be released before the end of the month.
For more information about Cofense Triage, please visit: https://cofense.com/product-services/triage.
Cofense™, formerly PhishMe®, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.