With over 90% of breaches attributed to employee targeted phishing, relying on technology alone isn’t enough – we must utilize people to build our best defense. cofense Triage is the first phishing-specific incident platform that allows security operation (SOC) and incident responders to automate the prioritization, analysis and response to phishing threats that bypass your email security technologies, providing the visibility and analytics needed to speed response and mitigate risk.
Why choose Cofense Triage™?
- Unique and comprehensive phishing-specific incident response solution
- Full integration with Cofense Reporter allows threat prioritization based on user reputation, attributes, and threat intelligence
- Allows you to cluster threats based on rules that triggered them
- Integrates with security technologies such as sandboxes, URL analysis solutions, and SIEM solutions for enhanced detection capabilities
- Allows Incident responders to share results with upstream security teams to prevent future attacks
What is Cofense Triage™?
Cofense Triage is the first phishing-specific incident response platform that allows security operations and incident responders to automate the identification, remediation, and sharing of phishing threats. Cofense Triage gives incident responders the analytics and visibility into email-based attacks occurring against their organizations in near real-time. Triage is the only offering that operationalizes the collection and prioritization of employee-reported threats and seamlessly integrates with Cofense Reporter™. Triage is currently available on-premises or as a cloud-based virtual appliance.
3rd Party Integrations
Triage integrates with your existing SIEM, malware and domain analysis, and threat intelligence solutions. Cofense is continuously developing new partnerships and integrations to improve functionality and accommodate market needs. The most current list of available integrations are available online.
Dashboard and reporting – Gain insight into the volume and types of emails being reported by your users and understand attack trends impacting your organization.
Smart Clustering – Triage can identify key commonalities among multiple reports. As these commonalities are discovered, Triage will create a cluster of reports. A cluster of reports can identify a campaign against your organization. Triage or operators can process all reports in a cluster as a single unit rather than having to process each report individually. By enabling clustering, Triage dramatically reduces the volume of individual reports that you must process and helps you identify and track campaigns.
Reporter Reputation – Reporter reputation is the equivalent of a trusted source. Reporters with higher reputation scores do a better job of distinguishing and reporting real threats. Reporters with lower, or negative, reputation scores may have previously submitted reports that Triage determined to be nonmalicious or spam.
User Feedback – Triage allows administrators to customize and automate feedback responses to Reporters—based on the type of email they have reported via Response Manager.
YARA – Triage provides a powerful rules editor that enables you to write and edit strong YARA rules. The rules editor enables you to test a rule immediately to validate that it works against one or more reports. In addition, Cofense shares a substantial library of tested YARA rules that you can use as-is or modify to your specific needs. Cofense uses YARA to develop rules to identify and respond to user reports, while using YARA logic to develop Indicators of Phishing (IoP).