How to Orchestrate a Smarter Phishing Response

We’ve been talking a lot recently about phishing-specific SOAR (Security Orchestration Automation and Response). It’s a capability CofenseTM has pioneered to help you mitigate phishing emails faster and more efficiently. Recently, we examined automation, the ‘A’ in the acronym. Now let’s take a deeper look at the ‘O,’ orchestration.

Involve the Right Teams Faster with Cofense TriageTM

Like a symphony conductor waving a wand, your phishing response needs to engage the right teams at the right time. To make that happen, Cofense TriageTM starts by reducing noise with an advanced spam engine, removing benign emails your employees have reported and freeing security teams to focus on real threats.

We also have out-of-the-box integrations with almost two dozen leading security solutions, including:

View the complete list.

Our integrations make it possible, for example, to connect intelligence on a suspicious URL to logs generated by your firewall and end points. Or, an operator working within Cofense Triage can push details about a phishing campaign to the help desk.

For solutions Cofense Triage isn’t integrated with (yet), we have a new API. It syncs to SIEM solutions, ticketing systems, threat intelligence system, and even sandboxing tools, so you can examine reported emails for overt threats or links to compromised servers. Email headers, which are often spoofed in phishing, can be examined too. And even the full text of the message, rendered but not actually assembled to protect the IT teams working within our solution, can be read and displayed.

Our fully documented REST API can pull information on individual emails, entire clusters (phishing campaigns), attachments, reporters, integrations, health stats and more. You can use it the preprocessing stage to notify teams of malicious attachments at soon as they’re reported.

This release also extends syslog alerting with Cofense Triage. With syslog enabled, Cofense Triage can send out alerts to other systems. Syslog alerts can be used to share information like the cluster velocity, operational SLA alerts, platform health, ingestion health and triage recipe monitoring.  This enables Cofense Triage to share alerts across the entire incident response team.

Automation is great—it’s a must in today’s world. But orchestration makes it work all the more effectively. Put the two together and your phishing defense wins. To learn more about Cofense Triage, sign up for a live 1:1 demo.

 

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.

A Staggering Amount of Stolen Data is Heading to Zoho Domains
Potential Misuse of Legitimate Websites to Avoid Malware Detection

Leave a Reply