When a malicious email slips past perimeter tech defenses, you need to find it and respond in minutes, not two or three months. But no one has unlimited budget or staffing to sift through phishing alerts, verify threats, and help stop attacks in progress.

To analyze and respond to emails faster, CofenseTM adds the power of Security Orchestration Automation and Response (SOAR) to Cofense TriageTM and Cofense VisionTM,  our comprehensive phishing incident response platform.


Save Time: Respond to Email Clusters, Not Every Single Email

Cofense Triage streamlines phishing analysis by automatically clustering malicious emails by campaign.  As it finds similarities in reported emails, our solution creates a cluster of reports. That cluster represents what could be a phishing campaign. With Cofense, you treat an email cluster as a unit, instead of sorting through and trying to match every single message that may be related. This is much, much faster than executing a response to this one, and this one, and this one…ad infinitum.

Our out-of-the-box integrations enable analysts to work with all your existing security tools. This is the “orchestration” in SOAR, with an API that helps involve the right teams quickly.  


Automation with Human Control Gives You the Right Balance

So, now that a threat has been identified, you need to get ahead of it. The Cofense platform can automate your response with playbooks. Once a playbook is created, it can be saved and reused for other threats.

However, while automation vastly improves efficiency, it doesn’t erase the need for “eyes on glass.” Cofense leaves the critical decision-making to human analysts. We give security teams information on phishing clusters, complete with indications of compromise (IOC’s), so teams can apply the human touch as they respond decisively.


You’ve found the threat. Now what?

To pinpoint threats wherever they’re hiding, Cofense VisionTM , a new addition to our phishing response arsenal, stores, indexes, and enriches emails for faster querying and quarantine. You can easily find bad emails, dig deeper, and root out the whole campaign. One click allows you to quarantine emails in Microsoft Exchange and Office365. 

Let’s be clear. A Phishing-specific SOAR won’t replace the need for a broader SOAR platform. Rather, it complements it by speeding response to threats from the #1 cyber-attack vector. Adding a quicker, smarter phishing response to your security stack gets you to mitigation, breach prevention, and peace of mind faster.

Sometimes, one plus one really does equal three.


By: John Fitzgerald, Director of Product Marketing, Cofense