Intelligent CIO Africa Issue 21 - Page 96

FINAL WORD “ WE’VE NEVER MET AN IT PERSON WHO HAS TIME TO SPARE, SO WE’RE MAKING OUR SOLUTIONS AS EASY AS POSSIBLE. In turn, the SOC or incident response team can analyse this information and act on verified threats. While automation plays a growing role in Cofense response solutions, human analysts make the key decisions that accelerate mitigation. In our approach, human intelligence and control cannot be replaced. What is SOAR and how is Cofense using it to improve response? SOAR stands for Security Orchestration Automation and Response. Together, the pieces of the acronym add up to more efficiency and speed in battling threats. There are a number of SOAR platforms that provide a broad set of solutions. Cofense is the first to apply SOAR to phishing defence. Our phishing-specific approach to SOAR helps organisations respond faster and more efficiently. When attacks hit, you’ll use fewer man hours to analyse threats and ramp up mitigation – stopping attacks in their tracks in minutes rather than days or months. And, your highly trained, expensive and over-worked SOC analysts can better prioritise threats and thus their time. They can insert themselves into response at the right moment, with the greatest impact and the fastest results. to spot the tactics threat actors are using today. We have beginner, intermediate and advanced simulations as well as templates based on active threats. Likewise, Cofense Triage uses automation to get the job done faster. After verifying threats, it uses its own Playbooks to automate repeatable responses. Typically, your Playbook would start by creating a help- desk ticket. Next, it automates the analysis of malicious URLs or attachments. Then it determines who else received the phishing email but didn’t report it and instructs the proxy team to block the URL or domain. Finally, the Playbook notifies (and thanks) any user who reported the phony message. Once you create a playbook, you can save and reuse it. Why is orchestration key to phishing response? Your phishing response needs to engage the right teams and technologies at the right time. To make that happen, Cofense Triage starts by reducing noise with an advanced spam engine, removing benign emails and freeing your team to focus on real threats. Our API enables seamless integration with SIEM solutions, ticketing systems, threat intelligence system and even sandboxing tools. This makes it easier to examine emails for overt threats or links to compromised servers. Your current security systems each play an important role. However, they’re not designed specifically to combat phishing. For example, what if you need to connect phishing threat intelligence on a suspicious URL to logs generated by your firewall and endpoints? Along with the new API, Cofense Triage integrations make such orchestration possible, working seamlessly with almost two dozen security solutions. The SIEM can be updated to search for indicators of compromise. The network team can receive real-time threat intel to automate response and update firewall rules. And an operator working within Cofense Triage can push details about a phishing campaign to the help desk. Every team and every player can do their part faster and better. To sum it up, how does Cofense stop phishing attacks and prevent breaches? It all comes back to a collaborative defence. Properly trained users collaborate with SOC teams to find and report bad emails. Phishing-SOAR helps teams collaborate on response. Automation makes this possible by helping analysts focus on decision-making. All of this starts to happen as soon as a phishing email lands in user inboxes. Your entire organisation works together to stop it and avoid a brea 6FrW72vFvB2FR&RbWFF7&726fV6R6WF3B6fV6Rv^( fRWfW"WBBW'6v2FRF7&R6v^( &RrW 6WF22V7276&Rv^( fRFFV@WFFFW"6WF27BF&ǐvF&26fV6R6R&2WFFRW VF&R6rv&VW72&w&RধW7BfWr6Ɩ62GFW"b֖WFW2R666VGVRvRV.( 2v'F`6r6VF2BG&w2BfP&W'G26VBWFF6ǒFW"&W"FVFW2&R6WVV6VB6W6W'2V&࣓`DTĔtTD4wwrFVƖvVF66