WE ’ VE NEVER MET AN IT PERSON WHO HAS TIME TO SPARE , SO WE ’ RE MAKING OUR SOLUTIONS AS EASY AS POSSIBLE .
FINAL WORD
“
In
WE ’ VE NEVER MET AN IT PERSON WHO HAS TIME TO SPARE , SO WE ’ RE MAKING OUR SOLUTIONS AS EASY AS POSSIBLE .
turn , the SOC or incident response team can analyse this information and act on verified threats . While automation plays a growing role in Cofense response solutions , human analysts make the key decisions that accelerate mitigation . In our approach , human intelligence and control cannot be replaced .
What is SOAR and how is Cofense using it to improve response ?
SOAR stands for Security Orchestration Automation and Response . Together , the pieces of the acronym add up to more efficiency and speed in battling threats . There are a number of SOAR platforms that provide a broad set of solutions .
Cofense is the first to apply SOAR to phishing defence . Our phishing-specific approach to SOAR helps organisations respond faster and more efficiently . When attacks hit , you ’ ll use fewer man hours to analyse threats and ramp up mitigation – stopping attacks in their tracks in minutes rather than days or months . And , your highly trained , expensive and over-worked SOC analysts can better prioritise threats and thus their time . They can insert themselves into response at the right moment , with the greatest impact and the fastest results . to spot the tactics threat actors are using today . We have beginner , intermediate and advanced simulations as well as templates based on active threats .
Likewise , Cofense Triage uses automation to get the job done faster . After verifying threats , it uses its own Playbooks to automate repeatable responses . Typically , your Playbook would start by creating a helpdesk ticket . Next , it automates the analysis of malicious URLs or attachments . Then it determines who else received the phishing email but didn ’ t report it and instructs the proxy team to block the URL or domain .
Finally , the Playbook notifies ( and thanks ) any user who reported the phony message . Once you create a playbook , you can save and reuse it .
Why is orchestration key to phishing response ?
Your phishing response needs to engage the right teams and technologies at the right time . To make that happen , Cofense Triage starts by reducing noise with an advanced spam engine , removing benign emails and freeing your team to focus on real threats .
Our API enables seamless integration with SIEM solutions , ticketing systems , threat intelligence system and even sandboxing tools . This makes it easier to examine emails for overt threats or links to compromised servers .
Your current security systems each play an important role . However , they ’ re not designed specifically to combat phishing . For example , what if you need to connect phishing threat intelligence on a suspicious URL to logs generated by your firewall and endpoints ?
Along with the new API , Cofense Triage integrations make such orchestration possible , working seamlessly with almost two dozen security solutions . The SIEM can be updated to search for indicators of compromise . The network team can receive real-time threat intel to automate response and update firewall rules . And an operator working within Cofense Triage can push details about a phishing campaign to the help desk . Every team and every player can do their part faster and better .
To sum it up , how does Cofense stop phishing attacks
and prevent breaches ?
It all comes back to a collaborative defence . Properly trained users collaborate with SOC teams to find and report bad emails . Phishing-SOAR helps teams collaborate on response . Automation makes this possible by helping analysts focus on decision-making . All of this starts to happen as soon as a phishing email lands in user inboxes . Your entire organisation works together to stop it and avoid a breach . Nothing less will do . •
What is the role of automation across Cofense solutions ?
At Cofense , we ’ ve never met an IT person who has time to spare , so we ’ re making our solutions as easy as possible . We ’ ve added automation to our solutions , most notably with playbooks .
Cofense PhishMe Playbooks automate your entire phishing awareness programme , in just a few clicks . In a matter of minutes , you can schedule a whole year ’ s worth of phishing simulations and trainings and have reports sent automatically to your inbox . Our templates are sequenced so users learn
96 INTELLIGENTCIO www . intelligentcio . com