The human-driven phishing defense solution provider Cofense has announced its incident response platform – Cofense Triage – has been updated. There have been several major enhancements to the platform that reduce noise and improve visibility into real-time threats, allowing IR teams to accelerate their response to current phishing threats that have made it past the perimeter.
The update makes it easier for security teams to respond to phishing threats currently in progress and tackle threats before they cause a data breach or costly malware or ransomware infection.
One of the main problems faced by security teams is separating the chaff from the wheat. Security awareness training teaches the workforce to be wary of threats and phishing reporting solutions allow suspicious emails to be sent to IR teams to assess. However, many employees fail to correctly identify emails as benign. IR teams therefore have to sort through many marketing emails, social media updates.
Promotional emails and marketing spam may not pose a threat, but they can slow the response to real threats. The latest update to Cofense Triage helps security teams eliminate the noise and concentrate on real threats. Cofense Triage Noise Reduction assesses reported emails, categorizes them, and assigns them a score. Operators of the platform can then automate the removal of the background noise and spend more time assessing and remediating real threats.
When a real threat is identified, chances are it will not only have arrived in one inbox. Multiple copies of that email are likely to exist but finding all those emails and removing them from inboxes can be a time-consuming task. The new ‘Who Else’ capability of Cofense Triage allows operators to quickly see all individuals in the organization that have also been sent the same email.
The search function can be used to find messages both on on-premises MS Exchange as well as cloud-based Office 365. Security teams can also see if any employees have opened the email. This information can be used to guide the incident response process.
A new Cofense Triage API has also been included which helps incident response teams further automate and orchestrate the incident response process. The API allows Cofense Triage to integrate seamlessly with SIEM solutions, ticketing systems, and threat intelligence systems to streamline incident response and accelerate response times.
Cofense Triage is the first incident response platform specific to phishing that allows SOC and IR teams to automate the prioritization, analysis and response to email threats that bypass security technologies such as spam filters.
The enhancements to Cofense Triage will be made available to all customers at the end of April.