Cofense phishing defence leverages human intelligence
Cofense, explains how the company is leveraging human intelligence as part of its phishing defence

Cofense phishing defence leverages human intelligence

Phishing remains one of the biggest threats to businesses and organisations, with innovative solutions required to help keep attacks at bay. Alexandre Depret-Bixio, Vice President of Sales – META, Cofense, explains how the company is leveraging human intelligence as part of its phishing defence – and why this works so well.

Why is phishing such a threat to business, especially in triggering data breaches?

Phishing is still the #1 cyberattack vector. The statistics supporting this claim vary but all lead to the same conclusion – phishing is the biggest spearpoint used in data breaches.

According to Verizon’s most recent Data Breach Investigations Report, email is used in 96% of socially engineered attacks. What’s more, Verizon notes that phishing and pretexting represent 93% of all socially engineered data breaches. (Pretexting involves a false narrative designed to trick the user.) And Cloudmark reports that successful phishing attacks on average cost mid-sized companies US$1.6 million.

Phishing emails deliver malware of every type, including ransomware. Phishing is also a handy way to carry out social engineering. For example: an email spoofing the head of HR asking employees to click a link and log onto a page to agree to a corporate policy. Or an urgent message – again, spoofing someone in the organisation, perhaps even the CEO – sent to an employee in finance and requesting a quick wire transfer. The latter is a classic case of business email compromise (BEC), which the FBI estimates will cause over US$9B in losses in 2018 alone.

In short, there is no easier way for fraudsters and threat actors to target your organisation than with phishing emails. It costs the phisher little – he doesn’t need a gun to rob you.

What is the Cofense approach to phishing defence and how does it leverage human intelligence?

Our name says it all. Cofense (formerly PhishMe) believes that only a collaborative defence can stop phishing in its tracks – as soon as attacks hit and before they do grave damage. Our approach begins with human intelligence and relies on it throughout.

Cofense PhishMe, our security awareness and phishing simulation solution, conditions employees to recognise suspicious emails and report them with one click using Cofense Reporter. By sending simulated phishing emails – especially scenarios based on real attacks – organisations not only educate the people who are the targets but train them to help generate a stream of human intel.

In turn, the SOC or incident response team can analyse this information and act on verified threats. While automation plays a growing role in Cofense response solutions, human analysts make the key decisions that accelerate mitigation. In our approach, human intelligence and control cannot be replaced.

What is SOAR and how is Cofense using it to improve response?

SOAR stands for Security Orchestration Automation and Response. Together, the pieces of the acronym add up to more efficiency and speed in battling threats. There are a number of SOAR platforms that provide a broad set of solutions.

Cofense is the first to apply SOAR to phishing defence. Our phishing-specific approach to SOAR helps organisations respond faster and more efficiently. When attacks hit, you’ll use fewer man hours to analyse threats and ramp up mitigation – stopping attacks in their tracks in minutes rather than days or months. And, your highly trained, expensive and over-worked SOC analysts can better prioritise threats and thus their time. They can insert themselves into response at the right moment, with the greatest impact and the fastest results.

What is the role of automation across Cofense solutions?

At Cofense, we’ve never met an IT person who has time to spare, so we’re making our solutions as easy as possible. We’ve added automation to our solutions, most notably with playbooks.

Cofense PhishMe Playbooks automate your entire phishing awareness programme, in just a few clicks. In a matter of minutes, you can schedule a whole year’s worth of phishing simulations and trainings and have reports sent automatically to your inbox. Our templates are sequenced so users learn to spot the tactics threat actors are using today. We have beginner, intermediate and advanced simulations as well as templates based on active threats.

Likewise, Cofense Triage uses automation to get the job done faster. After verifying threats, it uses its own Playbooks to automate repeatable responses. Typically, your Playbook would start by creating a help-desk ticket. Next, it automates the analysis of malicious URLs or attachments. Then it determines who else received the phishing email but didn’t report it and instructs the proxy team to block the URL or domain.

Finally, the Playbook notifies (and thanks) any user who reported the phony message. Once you create a playbook, you can save and reuse it.

Why is orchestration key to phishing response?

Your phishing response needs to engage the right teams and technologies at the right time. To make that happen, Cofense Triage starts by reducing noise with an advanced spam engine, removing benign emails and freeing your team to focus on real threats.

Our API enables seamless integration with SIEM solutions, ticketing systems, threat intelligence system and even sandboxing tools. This makes it easier to examine emails for overt threats or links to compromised servers.

Your current security systems each play an important role. However, they’re not designed specifically to combat phishing. For example, what if you need to connect phishing threat intelligence on a suspicious URL to logs generated by your firewall and endpoints?

Along with the new API, Cofense Triage integrations make such orchestration possible, working seamlessly with almost two dozen security solutions. The SIEM can be updated to search for indicators of compromise. The network team can receive real-time threat intelligence to automate response and update firewall rules. And an operator working within Cofense Triage can push details about a phishing campaign to the help desk. Every team and every player can do their part faster and better.

To sum it up, how does Cofense stop phishing attacks and prevent breaches?

It all comes back to a collaborative defence. Properly trained users collaborate with SOC teams to find and report bad emails. Phishing-SOAR helps teams collaborate on response. Automation makes this possible by helping analysts focus on decision-making.

All of this starts to happen as soon as a phishing email lands in user inboxes. Your entire organisation works together to stop it and avoid a breach. Nothing less will do.

Click below to share this article

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive