Effective in phishing analysis - Always room for improvement
July 27, 2021
Effective in phishing analysis - Always room for improvement
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cofense Triage
Cofense Triage is used by the InfoSec team specifically in the Security Operations Center (SOC) to analyze emails reported by employees company-wide when a user suspects an email is malicious or are simply unsure about the content in an email (links, attachments, etc.). The SOC receives these emails in a format which is pre-parsed by Cofense Triage separating the text, HTML, headers, Mail Exchange (MX) records, URLs, and attachments contained within an email. This application allows the SMC an effective way to investigate suspected emails company-wide and provide easy ticketing and tracking. This application addresses the primary entry-point often attempted by malicious actors through phishing and fraud.
- Parsing email content into a logically organized format
- Organizing reports
- Creating tickets in third-party application
- Responsive support team
- Large amount of community YARA rule contributions
- With most update roll-outs, there are often new bugs introduced which affect functionality of the application. I.e. Trouble with categorizing or sending reports, parsing reports, or issues with YARA rules.
- Cofense Reporter (Report Phishing button) commonly runs into issues where users are unable to report messages as phishing and automatically include email headers.
- Cofense Reporter does not work well with Shared Mailboxes by default.
- Report Clusters (grouped emails showing to match similar content) are not very accurate and often emails matching the same content and sender are not grouped together in a cluster.
- The application provides the ability to set up rules and recipes which facilitate automations with categorizing previously observed benign and internal emails reported and/or suggesting when an email has suspicious content. This has provided a positive impact and reduced the analysis time required by the InfoSec team.
- Identical emails are not always grouped which introduces additional analysis time for the duplicate reports. This item could be improved upon to save more time and reduce staffing needs.
Do you think Cofense Triage delivers good value for the price?
Yes
Are you happy with Cofense Triage's feature set?
Yes
Did Cofense Triage live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Cofense Triage go as expected?
I wasn't involved with the implementation phase
Would you buy Cofense Triage again?
Yes