TrustRadius Insights
Cofense Triage offers a range of valuable use cases for users seeking to improve their email security. With its automated scanning and …
Overview
What is Cofense Triage?
Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized Dashboard (35)8.080%
- Live Response for Rapid Remediation (31)6.969%
- Integration with Other Security Systems (34)6.767%
- Attack Chain Visualization (27)6.666%
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Cofense Triage?
Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://cofense.com/pricing
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
9 people also want pricing
Alternatives Pricing
What is CrowdStrike Falcon?
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no…
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…
Features
Return to navigation
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Cofense Triage?
Cofense Triage is a phishing-specific solution for qualifying, investigating, and responding to phishing attacks. Cofense Triage integrates intelligence-driven rules to reduce the noise generated by a reporting culture and surface those threats that put an organization at risk. Playbooks enable security operations teams and threat analysts to reduce their workload by automating the analysis of and response to known events, freeing up time to investigate the latest threats to the organization. And, with a fully documented API, Cofense Triage integrates with existing security investments, including ticketing systems and SIEM and SOAR platforms.
Cofense Triage Features
Incident Response Platforms Features
- Supported: Integration with Other Security Systems
- Supported: Attack Chain Visualization
- Supported: Centralized Dashboard
- Supported: Live Response for Rapid Remediation
Additional Features
- Supported: Extensive & regularly updated rules library to identify emerging & evolving phishing threats
- Supported: Smart clustering to group reported emails based on threat payload
- Supported: Noise Reduction Engine to aid classification and processing of non-malicious reported emails
- Supported: Integration with VirusTotal and other security tools including SIEM & Threat Analysis solutions
- Supported: Comprehensive API
- Supported: Create Recipes to automate processing of reported emails
- Supported: Integrate with Cofense Vision for quick-click phish threat hunting and quarantine
- Supported: Provide feedback to users who report to support awareness programs
- Supported: Triage Community Exchange enabling crowdsourced threat intelligence
Cofense Triage Screenshots
Cofense Triage Video
Cofense Triage
Cofense Triage Integrations
- VirusTotal
- SIEM solutions via Syslog
- Cisco Umbrella Investigate
- Lastline Analyst
- Palo Alto Wildfire
- Cuckoo Sandbox
- ServiceDesk solutions via Email
Cofense Triage Competitors
- Agari Phishing Response
- KnowBe4 PhishER
- Avanan
- Proofpoint/Wombat PhishAlarm Analyzer
Cofense Triage Technical Details
| Deployment Types | On-premise, Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Windows, Linux, Mac, Linux virtual appliance |
| Mobile Application | No |
| Supported Countries | Global |
| Supported Languages | English |
Cofense Triage Downloadables
Frequently Asked Questions
Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.
Reviewers rate Centralized Dashboard highest, with a score of 8.
The most common users of Cofense Triage are from Enterprises (1,001+ employees).
Cofense Triage Customer Size Distribution
| Consumers | 0% |
|---|---|
| Small Businesses (1-50 employees) | 1% |
| Mid-Size Companies (51-500 employees) | 13% |
| Enterprises (more than 500 employees) | 86% |
Comparisons
Compare with
Reviews and Ratings
(70)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
Cofense Triage offers a range of valuable use cases for users seeking to improve their email security. With its automated scanning and analysis capabilities, it helps users identify phishing and spam emails, reducing the risk of falling victim to cyberattacks. By integrating a button into the email platform, end users can easily report suspicious emails, increasing user reporting and further enhancing email security. This feature has been well-received by customers, who have praised its effectiveness in identifying malicious emails.
Administrators also benefit from Cofense Triage as they can set up triage and roles for employees, streamlining the process and enabling efficient threat remediation and user education. The software's comprehensive history and analysis of phishing and spamming emails are highly regarded by users as it aids in minimizing the impact of data breaches and assists in creating rules to prevent future phishing attempts.
Users appreciate the customization options provided by Cofense Triage, allowing them to create rules and recipes tailored to their specific requirements. This customization not only enhances their threat hunting skills but also automates responses, saving time and improving efficiency. Additionally, the software's ability to analyze email headers and detect suspicious emails has proven to be a valuable time-saver by presenting important information upfront and reducing the time spent on spam and benign messages.
Cofense Triage stands out with its capability to prioritize the severity of phishing emails, helping users determine which ones require immediate attention. Integration with Cofense Vision allows for quarantining these harmful emails, preventing potential harm to systems. Users have found this collaboration between the two tools particularly useful in efficiently collecting valuable information while protecting against phishing campaigns.
In terms of management capabilities, Cofense Triage excels at aggregating and organizing thousands of suspicious emails reported by employees. This centralization eases analysis processes conducted by security teams, enabling effective decision-making on remediation actions. Analysts also find value in having a centralized portal to review and respond to phishing emails, greatly enhancing their ability to document and protect against phishing campaigns.
The software's effectiveness in identifying various types of phishing attacks, including credential theft, business email compromise, malware, and social engineering, has garnered positive feedback from customers. Its ability to prevent numerous phishing campaigns by providing distinct insights into the types of emails received daily is highly appreciated.
Cofense Triage caters to users seeking efficiency in their email triage process. It allows for automatic categorization of emails and provides predefined responses based on defined criteria, saving time and improving overall productivity.
Managed service providers also find value in Cofense Triage as it enables them to efficiently triage reported emails and provide analysis for their clients. This streamlines the triage process and supports the analysis of targeted campaigns, ultimately improving the overall efficiency of their operations.
Overall, Cofense Triage serves as a reliable email security solution for both end users and administrators. By automating the scanning, analysis, and blocking of malicious emails, it helps users identify and prevent phishing and spam attacks. The software's customizable rules and recipes enhance threat hunting capabilities, while its detailed history and analysis of phishing emails aid in minimizing data breaches. With its seamless integration with the email platform and ability to prioritize severity, Cofense Triage streamlines the triage process and empowers organizations to effectively respond to phishing threats.
Attribute Ratings
Reviews
(1-9 of 9)Companies can't remove reviews or game the system. Here's why
July 14, 2023
Cofense Triage - 2 years after
We utilize Cofense Triage platform to help us dealing with user-reported emails. Platform is automatically grouping reported emails into so-called clusters, based on sender. (This allows bulk-processing of the emails)
It also enables automatic categorization of emails based on set of predefined and custom rules which streamlines triage process.
Lastly, platform allows automatic response to be sent to the end-user based on defined criterias.
Using Cofense Triage allows us to triage a subset of incoming reports and identify real phishing cases amongst those
It also enables automatic categorization of emails based on set of predefined and custom rules which streamlines triage process.
Lastly, platform allows automatic response to be sent to the end-user based on defined criterias.
Using Cofense Triage allows us to triage a subset of incoming reports and identify real phishing cases amongst those
- Grouping of incoming reports
- Overview of metadata related to email, including rendered preview
- Informative dashboard with quite some indicators available for selection
- Product support could be better - there was an issue with some user accounts which was not resolved for a very long time
- Lacking AI\ML capabilities - platform requires continuous efforts to be invested by the personnel in order to keep the quality of rules\automations high
- Automatic remediation (e.g. purge of emails from mail server) of confirmed Phishing cases is not available - this is a separate product
March 14, 2023
Cofense is on top two and not number two!
I will list the product address and scope of use in one paragraph below. In my organization, we use Cofense Triage for e-mail security. Mainly Cofense Triage automates the scanning, analysis, and blocking of e-mails with malicious intent. Our end users also have the ability to manually report suspicious and potentially malicious e-mails. There is an add-in integrated into our e-mail platform/application, which is a button that end users click to report an e-mail. I receive and see all the e-mails which are reported and analyze which ones are malicious and which ones are not. From there, have an action plan.
- Automated E-mail analysis.
- Automated E-mail scanning.
- Automated Malicious E-mail Blocking.
- Reporting to administrators.
- None
- None
- None
March 25, 2022
Time Saver for SOC Analysts
Cofense Triage is an amazing tool for SOC Analysts. It makes the process of analyzing an email so much easier. The phishing button plugin in Outlook is a great feature and helps us to properly analyze such mails. With various tabs like URL which extracts the URL links from the mail and a preview to see how the mail looks for the user, it makes analyzing easy. Amazing product.
- URL
- HTML Body
- HTML Preview
- Phising/Spam Button
- A button to automatically simplify or beautify the HTML body.
Identifying malicious phishing emails has been an ongoing task when working directly with the individuals who receive the emails. Adding this capability will better allow users to provide first hand identification along with allowing feedback to those individuals. Providing the feedback from these types of events has not been a completely seamless and accurate process in the past.
- Feedback to users
- Initial threat identification
- Still evaluating current processes
January 25, 2022
Cofense Triage Great product
[Has] a clear and easy way for [an] end-user to report potential phishing attempts with the phish me button. We can configure ourselves how much feedback and in which stage of the phishing triage the end-user receives feedback. The tool gives our security analyst the flexibility and capability to handle a high volume of phishing reports in a correct and visible way. In addition the view is perfect for junior analyst to make the right triage on the reported potential phishing e-mails while more senior analyst can turn repetitive work into rules & recipies for a faster and more efficient way of working.
- Overview of all reported mails.
- Customizable feedback towards reporter flexibility
- Customizable Quick action menu
- Integration with other tooling
- Rules & recipies
- Analyzing a mail is made easy due to the way the views are setup for the analyst
- Analyzing attachments is a bit cumbersome
December 19, 2021
Cofense Triage Review
Score 10 out of 10
Vetted Review
Verified User
It is [a] nice simulator for emails. We recently implemented Cofense Protect, which will prevent phishing emails and we have implemented Threat Intelligence integration with other technologies. It is working perfectly, we [are] much impressed with Cofense Triage. I would recommend to all to use Cofense Triage.
- Reported email processing
- Email management
- Email categorization
- Extensive reporting
- Blocking phishing emails
- Inline content filtering
October 20, 2021
Cofense Triage "An Amazing show stopper for Phishing mails"
Cofense Triage is used in our organization for investigation over the reported phishing emails. It is quite an effective tool to analyze the headers for the mail and detect if it is suspicious in nature. There are options to set up parameters in accordance with the organization which helps to prioritize the phishing emails' severity. Also, integration with Cofense Vision helps to quarantine the mail from the inbox.
- Email Header Analysis and severity prioritization.
- Intel fetch for the latest threats in the wild.
- Auto Quarantine mails after integration with Cofense Vision.
- User Interface.
- Rule making should be in high level language.
- Integration with SOAR.
August 15, 2021
Cofense Triage Review
We are using Triage to analyze the user-reported emails through the PhishMe button. Triage helps to segregate the emails of our organization. In normal cases, analyzing mails by .eml is difficult. There is a good chance we might miss some URL or header with malicious mail. Using Triage makes it very easy, and also it has solutions like writing YARA rules, drafting responses, and giving tags to suspicious emails. All of these features are very useful.
- Triage has the option to write YARA through which we can auto categorize mail.
- Triage has the option to tag emails.
- Triage has options to check for other similar emails reported by users.
- Triage has the option to check the score of the reporter through which we can educate users.
- I have seen in a recent update additional tags suggestions are not shown, so fixing that would help.
- It would be easy for analysts working on email if they get highlighted IOCs to see.
- Sometimes emails do not render properly, and attachments are missed for a few emails, so having less of this kind of issue would be great.
Cofense Triage is used by the InfoSec team specifically in the Security Operations Center (SOC) to analyze emails reported by employees company-wide when a user suspects an email is malicious or are simply unsure about the content in an email (links, attachments, etc.). The SOC receives these emails in a format which is pre-parsed by Cofense Triage separating the text, HTML, headers, Mail Exchange (MX) records, URLs, and attachments contained within an email. This application allows the SMC an effective way to investigate suspected emails company-wide and provide easy ticketing and tracking. This application addresses the primary entry-point often attempted by malicious actors through phishing and fraud.
- Parsing email content into a logically organized format
- Organizing reports
- Creating tickets in third-party application
- Responsive support team
- Large amount of community YARA rule contributions
- With most update roll-outs, there are often new bugs introduced which affect functionality of the application. I.e. Trouble with categorizing or sending reports, parsing reports, or issues with YARA rules.
- Cofense Reporter (Report Phishing button) commonly runs into issues where users are unable to report messages as phishing and automatically include email headers.
- Cofense Reporter does not work well with Shared Mailboxes by default.
- Report Clusters (grouped emails showing to match similar content) are not very accurate and often emails matching the same content and sender are not grouped together in a cluster.