Cofense Intelligence


We process CofenseTM reports first because we know if Cofense is reporting it, it’s bad. Cofense IntelligenceTM is the most accurate phishing threat info we receive and it’s easy to consume.–Threat Analyst at a Large Financial Organization

Let’s face it, phishing is the #1 attack vector against your enterprise.  When you are under fire, you need to understand the nature of the attack as well as how to quickly and proactively defend yourself. The faster your team can be armed with critical knowledge about an attack, the faster they can minimize the threat.  That’s why Cofense Intelligence delivers phishing-specific threats to help you defend your network. Cofense Intelligence uses proprietary techniques to analyze

millions of messages daily from a wide variety of sources. We automatically dissect messages to identify new and emerging phishing and malware threats. Our team of analysts dive into these messages to eliminate false positives while delivering the right intelligence when you need it. Cofense Intelligence is distributed in multiple formats including Machine-Readable Threat Intelligence (MRTI) for quick and easy integration into other security solutions.

We Know What We're Doing

We have a team that is focused on one thing – finding threats and providing the timely, accurate and relevant information you need to protect your organization. Cofense Intelligence uses multiple collection methods to monitor the ever-growing volume of spam and malware propagated on a daily basis. We deliver a context driven response – not just that something is bad, but the how and why it is bad.

Collection, Analysis and Categorization of Phishing Threats

As we collect suspicious messages, we filter out nuisance emails and spam and focus on the active threats embedded in malicious emails. We focus on the most dangerous threats delivering ransomware, key loggers, RATs, and other types of crimeware. Emails are analyzed to identify clusters and patterns for related threats and campaigns. We connect the dots between the phishing emails and the malware payload and report on it the same day that we see each threat.

Actionable Phishing Threat Intelligence Where You Need It

Intelligence is only good if it gets into the right hands as quickly as possible. Cofense integrates with the top SIEMs, TIPs, and SOAR applications in addition to a growing list of other common security applications. We have over 20 out-of-the-box integrations including Palo Alto Networks, ThreatConnect, Splunk, Centripetal Networks, Recorded Future, Anomali and others. See the complete list here: Cofense Integration Brief.

Customer integrations are supported via a RESTful API. Customers can access Machine-Readable Threat Intelligence (MRTI) in Structured Threat Information eXpression (STIX), JavaScript Object Notation (JSON), and Common Event Format (CEF) formats. Once a threat is detected inside your network response teams can use the threat context to then open the right playbook and assign the right person for the investigation and cleanup.

Cofense Threat Alert

It’s not easy to keep up with today’s threats.  Now, with Cofense Threat Alerts, you’ll have a simple way to stay on top of emerging phishing and malware threats and attacks. Threat Alerts was developed to provide all businesses with fast delivery and immediate visibility into emerging or changing phishing and malware trends.

Key Features

TIMELY: Real-time analysis, Real-time publishing. Cofense publishes new reports as they are confirmed throughout the day.

ACCURATE: More than just IP addresses or bad domains. Our analysts connect the email to the malware to the botnet. We tell you that something is bad, how bad, why it is bad, and which malware family is involved.

RELEVANT: Cofense does the analysis so you don’t have to. Our analysts dissect malware and determine which indicators are important to help you determine if malware is running inside your perimeter and block it before it passes your perimeter.

ACTIONABLE: Delivered in the format you need. Intelligence Feed Formats include: Machine Readable Threat Intelligence – STIX, JSON, CEF; Human Readable Threat Intelligence – PDF, HTML; SaaS Investigation platform – Web, API

INTEGRATIONS: Extending your investments. Cofense Intelligence integrates with your existing security solutions to operationalize phishing threat response.