Find, quarantine phishing emails faster with Cofense Vision

JOHANNESBURG, South Africa –  Value-added distributor Networks Unlimited Africa – local distributors of Cofense™ (formerly PhishMe) solutions – has announced the local availability of Cofense Vision, the company’s newest solution for protecting organisational assets from phishing attacks.

Effective defence against phishing must include visibility into the threats that bypass technical controls and are delivered to a user’s mailbox. Users of Cofense Triage™ can already prioritise and understand these threats, and now with the addition of Cofense Vision, security operations centre (SOC) and incident response (IR) teams can more quickly identify and quarantine all phishing messages that are live in their environment.

Anton Jacobsz, CEO at Networks Unlimited Africa, says threat actors often alter their techniques and when they do, thanks to Cofense Vision, operators can now quickly hunt for similar items mitigating attacks with related patterns.

“The key to managing a phishing threat is being able to determine where the email in which it is lurking is sitting on the server,” he says. “Working with Cofense Triage, the Vision platform intelligently reveals who else might have received phishing emails and, with one click, quarantines the bad messages in Microsoft Exchange and Office 365 from all user inboxes without disrupting the organisation’s day to day operations.

“This solution has the ability to retrieve malicious emails from users within the organisation giving the organisation a second chance, if you will, to effectively deal with a threat that has already passed its security parameters.”

Jacobsz says that Cofense Vision takes things a step further by identifying all emails in a cluster, by sender, subject and data and from across the entire organisation, giving users a fuller picture of an incident, faster.

Put plainly, Cofense Vision simplifies the quick identification of all recipients of a particular phishing attempt, allows single-click quarantine to remove said threat from all mailboxes while proactively hunting for unreported threats across the business.

According to the Cofense web site, Vision enables users to:
·  Find the entire phishing campaign one cluster at a time
The solution stores, indexes and enriches a moving window of emails in a client environment. Using Vision’s Discover feature, security operations teams are able to find the full breadth of an attack, quickly and efficiently. 

Vision Discover can precisely determine all of the messages that are part of a phishing campaign across the entire organisation. It searches all of the messages that meet a set of criteria, so operators can quickly find the emails, quarantine and mitigate the threat.  

· Search against a broader list of criteria
Messages stored in Vision can be queried based upon Sender, Subject and Date, which Microsoft offers today, but they can be further queried with criteria beyond what is available via Microsoft’s API. As threat actors alter their techniques, operators can start hunting for similar items and quickly find and mitigate attacks with similar paterns. 

· Quarantine the threat to ensure it doesn’t spread
Once the threat is detected, Vision Quarantine can  rapidly isolate the messages in the Microsoft Exchange or Office 365 mailboxes. 

“Only those who have been affected negatively by phishing attempts will truly understand the relief proffered by a solution that aims to find and quarantine every email delivered in a phishing attack, even when unreported by end users,” says Jacobsz. “With Cofense Vision, we’re offering SOC teams some respite with the ability to stop these attacks before users begin clicking on links.”