FINAL WORD
“
WE’VE NEVER MET AN IT
PERSON WHO HAS TIME TO SPARE, SO
WE’RE MAKING OUR SOLUTIONS AS
EASY AS POSSIBLE.
In turn, the SOC or incident response team
can analyse this information and act on
verified threats. While automation plays a
growing role in Cofense response solutions,
human analysts make the key decisions that
accelerate mitigation. In our approach, human
intelligence and control cannot be replaced.
What is SOAR and how is Cofense
using it to improve response?
SOAR stands for Security Orchestration
Automation and Response. Together, the
pieces of the acronym add up to more
efficiency and speed in battling threats.
There are a number of SOAR platforms that
provide a broad set of solutions.
Cofense is the first to apply SOAR to
phishing defence. Our phishing-specific
approach to SOAR helps organisations
respond faster and more efficiently. When
attacks hit, you’ll use fewer man hours to
analyse threats and ramp up mitigation –
stopping attacks in their tracks in minutes
rather than days or months. And, your highly
trained, expensive and over-worked SOC
analysts can better prioritise threats and
thus their time. They can insert themselves
into response at the right moment, with the
greatest impact and the fastest results.
to spot the tactics threat actors are using
today. We have beginner, intermediate and
advanced simulations as well as templates
based on active threats.
Likewise, Cofense Triage uses automation
to get the job done faster. After verifying
threats, it uses its own Playbooks to
automate repeatable responses. Typically,
your Playbook would start by creating a help-
desk ticket. Next, it automates the analysis
of malicious URLs or attachments. Then it
determines who else received the phishing
email but didn’t report it and instructs the
proxy team to block the URL or domain.
Finally, the Playbook notifies (and thanks)
any user who reported the phony message.
Once you create a playbook, you can save
and reuse it.
Why is orchestration key to
phishing response?
Your phishing response needs to engage
the right teams and technologies at the
right time. To make that happen, Cofense
Triage starts by reducing noise with an
advanced spam engine, removing benign
emails and freeing your team to focus on
real threats.
Our API enables seamless integration with
SIEM solutions, ticketing systems, threat
intelligence system and even sandboxing tools.
This makes it easier to examine emails for
overt threats or links to compromised servers.
Your current security systems each play an
important role. However, they’re not designed
specifically to combat phishing. For example,
what if you need to connect phishing threat
intelligence on a suspicious URL to logs
generated by your firewall and endpoints?
Along with the new API, Cofense Triage
integrations make such orchestration
possible, working seamlessly with almost
two dozen security solutions. The SIEM
can be updated to search for indicators of
compromise. The network team can receive
real-time threat intel to automate response
and update firewall rules. And an operator
working within Cofense Triage can push
details about a phishing campaign to the
help desk. Every team and every player can
do their part faster and better.
To sum it up, how does
Cofense stop phishing attacks
and prevent breaches?
It all comes back to a collaborative
defence. Properly trained users collaborate
with SOC teams to find and report bad
emails. Phishing-SOAR helps teams
collaborate on response. Automation
makes this possible by helping analysts
focus on decision-making. All of this
starts to happen as soon as a phishing
email lands in user inboxes. Your entire
organisation works together to stop it and
avoid a breach. Nothing less will do. n
What is the role of automation
across Cofense solutions?
At Cofense, we’ve never met an IT person
who has time to spare, so we’re making our
solutions as easy as possible. We’ve added
automation to our solutions, most notably
with playbooks.
Cofense PhishMe Playbooks automate your
entire phishing awareness programme, in
just a few clicks. In a matter of minutes,
you can schedule a whole year’s worth of
phishing simulations and trainings and have
reports sent automatically to your inbox.
Our templates are sequenced so users learn
116
INTELLIGENTCIO
www.intelligentcio.com