FINAL WORD
What is the Cofense approach to
phishing defence and how does it
leverage human intelligence?
Our name says it all. Cofense (formerly
PhishMe) believes that only a collaborative
defence can stop phishing in its tracks – as
soon as attacks hit and before they do grave
damage. Our approach begins with human
intelligence and relies on it throughout.
Cofense PhishMe, our security awareness
and phishing simulation solution, conditions
employees to recognise suspicious emails
and report them with one click using Cofense
Reporter. By sending simulated phishing
emails – especially scenarios based on real
attacks – organisations not only educate the
people who are the targets but train them to
help generate a stream of human intel.
In turn, the SOC or incident response teams
can analyse this information and act on
verified threats. While automation plays a
growing role in Cofense response solutions,
human analysts make the key decisions that
accelerate mitigation. In our approach, human
intelligence and control cannot be replaced.
What is SOAR and how is Cofense
using it to improve response?
SOAR stands for Security Orchestration
Automation and Response. Together, the
pieces of the acronym add up to more
efficiency and speed in battling threats.
There are a number of SOAR platforms that
provide a broad set of solutions.
Cofense is the first to apply SOAR to phishing
defence. Our phishing-specific approach to
SOAR helps organisations respond faster
and more efficiently. When attacks hit, you’ll
use fewer man hours to analyse threats and
ramp up mitigation, stopping attacks in
their tracks in minutes rather than days or
months. And, your highly trained, expensive
and over-worked SOC analysts can better
prioritise threats and thus their time. They
can insert themselves into response at the
right moment, with the greatest impact and
the fastest results.
What is the role of automation
across Cofense solutions?
At Cofense, we’ve never met an IT person
who has time to spare, so we’re making our
46
INTELLIGENTCIO
solutions as easy as possible. We’ve added
automation to our solutions, most notably
with playbooks.
Cofense PhishMe Playbooks automate your
entire phishing awareness programme, in
just a few clicks. In a matter of minutes,
you can schedule a whole year’s worth of
phishing simulations and training, and have
reports sent automatically to your inbox.
Our templates are sequenced so users learn
to spot the tactics threat actors are using
today. We have beginner, intermediate and
advanced simulations as well as templates
based on active threats.
Likewise, Cofense Triage uses automation
to get the job done faster. After verifying
threats, it uses its own Playbooks to
automate repeatable responses. Typically,
your Playbook would start by creating a help-
desk ticket. Next, it automates the analysis
of malicious URLs or attachments. Then it
determines who else received the phishing
email but didn’t report it and instructs the
proxy team to block the URL or domain.
Finally, the Playbook notifies (and thanks)
any user who reported the phony message.
Once you create a Playbook, you can save
and reuse it.
Why is orchestration key to
phishing response?
Your phishing response needs to engage the
right teams and technologies at the right
time. To make that happen, Cofense Triage
starts by reducing noise with an advanced
spam engine, removing benign emails and
freeing your team to focus on real threats.
Our API enables seamless integration
with SIEM solutions, ticketing systems,
threat intelligence system and even
sandboxing tools. This makes it easier to
examine emails for overt threats or links to
compromised servers.
Your current security systems each play an
important role. However, they’re not designed
specifically to combat phishing. For example,
what if you need to connect phishing threat
intelligence on a suspicious URL to logs
generated by your firewall and endpoints?
Along with the new API, Cofense Triage
integrations make such orchestration
possible, working seamlessly with almost
two dozen security solutions. The SIEM
can be updated to search for indicators of
compromise. The network team can receive
real-time threat intel to automate response
and update firewall rules. And an operator
working within Cofense Triage can push
details about a phishing campaign to the
help desk. Every team and every player can
do their part faster and better.
To sum it up, how does
Cofense stop phishing attacks
and prevent breaches?
It all comes back to a collaborative defence.
Properly trained users collaborate with
SOC teams to find and report bad emails.
Phishing-SOAR helps teams collaborate on
response. Automation makes this possible by
helping analysts focus on decision-making.
All of this starts to happen as soon as a
phishing email lands in user inboxes. Your
entire organisation works together to stop it
and avoid a breach. Nothing less will do. n
www.intelligentcio.com