Cofense PhishMe Review: Gone Phishing!
Updated December 27, 2021
Cofense PhishMe Review: Gone Phishing!
Score 8 out of 10
Overall Satisfaction with Cofense PhishMe
Although we have not started the Responsive Delivery feature yet, we have built templates [that] are very easy to use and are prepared to utilize and send them in the upcoming weeks. We are anticipating very positive feedback, and our users do enjoy the communications on items they submit. Ultimately closing a gap of communication is a positive impact on the organization.
[Cofense] PhishMe is being used by our department in an organization-wide effort to combat our #1 Attack Vector. [Cofense] PhishMe is able to address the queue and automation of submitted emails from our users. [Cofense] PhishMe also address the necessary information needed from emails submitted by parsing accurate and relevant information in our analysts' view.
- Recipe and rule matching [...] enables an advanced method to target, filter, and take quicker action on suspicious emails.
- Clustering similar events [...] organize and save time on MTTD and MTTr for incidents and intervention.
- Parsing critical information such as IPs, Email addresses, and URLs to help aggregate all the information into 1 single pane.
- Email and HTML preview allow ease of visibility without having to download or find/fetch the original content.
- Many of the URLs come in with an unknown reputation and although it may be challenging from threat intel feeds, somehow allowing a more in-depth analysis of the URL can provide better/quicker decision making or validation.
- Adjustable widgets for reporting, although the provided are already built very well.
- Provide in-house templates or summaries of actionable items, such as a single brief on a major phish.
- Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
- With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
- 1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.
The automated features definitely provide us with easier execution. On our playbooks, we are able to follow along quickly without technical issues. The report provides accurate information and solid content in order to truly provide leadership and other analysts the full picture of artifacts or scenarios that have recently occurred in the environment.
The metrics are well constructed. They provided a good insight into the use of our tool and the items that are ingested into the tool from our users. From the metrics, we are able to justify [the cost of] the tools and reflect on the events occurring in our environment and pinpoint trends on attacks.
Cofense PhishMe is a very usable and customizable suite and compared to a previous product, it's hard to go back. After using [Cofense] PhishMe, I don't want to look for another product since the features are rich and the usability is relatively straightforward. Information and intel are easy [to] parse out, and all of the artifacts are available from one screen.
Do you think Cofense PhishMe delivers good value for the price?
Are you happy with Cofense PhishMe's feature set?
Did Cofense PhishMe live up to sales and marketing promises?
Did implementation of Cofense PhishMe go as expected?
I wasn't involved with the implementation phase
Would you buy Cofense PhishMe again?
Attackers targeting organizations require users to reach out or speak up. When a user is able to easily report via [Cofense] PhishMe, an analyst has all the information they need from the submission to take action in their organization in seconds. Phishing scenario targeting HVTs easily is visible in the tool, mitigating future emails are easily done by correlating information collected. Also, when attachments such as dropper malware are included, it is easily identifiable by the information parsed, and the attachments are available for sandbox detonation or static/dynamic analysis. Original content is preserved and cuts down on time to take action on submitted phishing attacks.