Cofense Develops New SOAR Platform That Allows IRs to Block Phishing Attacks Even Faster

The leading anti-phishing solution provider Cofense has developed a new platform that detects and stops phishing attacks in progress even faster. The Cofense Phishing-Specific Security Orchestration, Automation and Response (SOAR) platform is the first such platform to come to market that has been specifically developed to identify and disrupt phishing attacks in progress.

Cofense had already developed its innovative, multi-award winning Cofense Triage platform to help incident responders separate real phishing attacks from the noise in abuse mailboxes. The solution removes benign messages that have been reported by employees as potentially malicious via the Cofense Reporter email add-on, allowing incident response teams to concentrate on real phishing threats.

Cofense Triage integrates with almost two dozen security solutions via the REST API to help security teams deliver an optimized security orchestration response. The solution also supports the use of playbooks – a set of criteria often used in phishing attacks – which allow phishing threats to be automatically mitigated when the playbook conditions are met.

The new Phishing SOAR combines Cofense Triage with a new product – Cofense Vision. Cofense Vision increases the phishing SOAR response capabilities of Cofense Triage saving incident response teams even more time.

When phishing attacks occur, they often include multiple messages. Cofense Vision ensures that prompt action is taken to remove all malicious messages from a company’s email system. Cofense Vision allows incident response teams to quickly search, locate, and quarantine all copies of a malicious message across all of an organization’s inboxes. When a genuine threat is detected, it can be neutralized even faster.

Phishing campaigns may also involve a handful of similar phishing emails. Cofense Vision can be used to find all messages in a phishing campaign. Users can dig deep and query attachment names, attachment hashes, senders, message subjects, dates and other criteria to easily identify patterns and find phishing threats. When all instances of a message are identified, those messages can be quarantined with a single click.

Cofense will be attending the Black Hat 2018 conference at the Mandalay Bay Convention Center in Las Vegas on August 8/9 and will be showcasing the new Phishing SOAR platform at booth #936.

General release of Cofense Vision is expected in Q4, 2018.

Author: NetSec Editor