Item: Cofense PhishMe
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

[Cofense] PhishMe is being used by our department in an organization-wide effort to combat our #1 Attack Vector. [Cofense] PhishMe is able to address the queue and automation of submitted emails from our users. [Cofense] PhishMe also address the necessary information needed from emails submitted by parsing accurate and relevant information in our analysts' view.

Pros and Cons

Recipe and rule matching [...] enables an advanced method to target, filter, and take quicker action on suspicious emails.
Clustering similar events [...] organize and save time on MTTD and MTTr for incidents and intervention.
Parsing critical information such as IPs, Email addresses, and URLs to help aggregate all the information into 1 single pane.
Email and HTML preview allow ease of visibility without having to download or find/fetch the original content.

Many of the URLs come in with an unknown reputation and although it may be challenging from threat intel feeds, somehow allowing a more in-depth analysis of the URL can provide better/quicker decision making or validation.
Adjustable widgets for reporting, although the provided are already built very well.
Provide in-house templates or summaries of actionable items, such as a single brief on a major phish.

Return on Investment

Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.

Alternatives Considered

Agari Phishing Defense

Cofense PhishMe is a very usable and customizable suite and compared to a previous product, it's hard to go back. After using [Cofense] PhishMe, I don't want to look for another product since the features are rich and the usability is relatively straightforward. Information and intel are easy [to] parse out, and all of the artifacts are available from one screen.

Key Insights

Do you think Cofense PhishMe delivers good value for the price?

Yes

Are you happy with Cofense PhishMe's feature set?

Yes

Did Cofense PhishMe live up to sales and marketing promises?

Yes

Did implementation of Cofense PhishMe go as expected?

I wasn't involved with the implementation phase

Would you buy Cofense PhishMe again?

Yes

Other Software Used

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP), Palo Alto Networks Cortex XDR, Anomali ThreatStream

Likelihood to Recommend

Attackers targeting organizations require users to reach out or speak up. When a user is able to easily report via [Cofense] PhishMe, an analyst has all the information they need from the submission to take action in their organization in seconds. Phishing scenario targeting HVTs easily is visible in the tool, mitigating future emails are easily done by correlating information collected. Also, when attachments such as dropper malware are included, it is easily identifiable by the information parsed, and the attachments are available for sandbox detonation or static/dynamic analysis. Original content is preserved and cuts down on time to take action on submitted phishing attacks.

Cofense PhishMe Review: Gone Phishing!

Overall Satisfaction with Cofense PhishMe