Cofense Vision Launched: Accelerated Phishing Threat Detection and Remediation
Cofense has announced the general availability of Cofense Vision: An alert system that provides real-time visibility into current, unreported phishing threats and accelerates detection and remediation.
Phishing defenses should naturally include email gateway controls to block threats before they are delivered to inboxes, but no solution will provide total protection. It is inevitable that some phishing emails will be delivered to end users, even with multiple anti-phishing solutions in place. Training is essential to ensure those threats are recognized by employees, but given the sophistication of today’s phishing threats, some employees are sure to respond.
Cofense Vision is a new solution that helps security operation center (SOC) and incident response (IR) teams to identify all instances of phishing messages in their email system and deal with those threats with greater speed and efficiency. The solution works in tandem with Cofense Triage, a solution that allows first responders to prioritize and understand reported phishing threats.
An analysis of more than 2 million suspicious emails delivered in 2018 showed that one in seven of those messages was malicious. The 2018 study uncovered 55,000 credential harvesting threats which exploited SSO architecture and more than 25,000 phishing campaigns that used cloud services to hide malicious files from gateway email security solutions. Identifying and blocking these threats rapidly is critical. The longer those messages remain in inboxes, the greater the chance that employees will respond to those messages and install malware or divulge their credentials.
Cofense Vision helps SOC and IR teams identify phishing emails that are part of a campaign but have not been reported by end users. The solution can be used to quickly quarantine all instances of a malicious message in the entire email system directly from Cofense Triage.
“The email search and quarantine tools on the market today are not fast enough, and don’t have the oversight in place needed to operationalize an auditable workflow inside of SOCs,” said Cofense CTO, Aaron Higbee. “Vision, either in combination with Triage or connected with existing SOC tooling, will deliver immense productivity gains for SOC and IR teams, so they can execute their jobs efficiently and better protect the company.”
The solution allows SOC and IR teams to search for IoCs and TTTPs of cyber threats within their entire email environment. Vision Discover allows all instances of messages to be found, while Vision Quarantine removes those threats with a single click.