Item: Cofense Triage
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

Multiple business units use Cofense Triage for processing potential phishing emails. Many are auto-processed but I am part of a team that manually reviews submissions that are not processed automatically.

Pros and Cons

The auto-processing engine seems fairly accurate reducing the number of submissions to be processed manually
The auto-processing responds to users reinforcing them when they report bad
The console design is user-friendly for the analyst, e.g., the grouping and cataloging of multiple similar submissions
The Cofense Triage tags are helpful to the analyst when a submission is ambiguous, they can help point you in the right direction to dig deeper

It would be nice to integrate with other tools to easily see how our firewall/email gateway is handling potentially bad links if users have clicked or opened attachments, and how many other users got similar emails but didn't report them

Return on Investment

The first thing that comes to mind is that Cofense Triage has stopped bad from happening by making it easy for users to submit suspicious emails, reducing the workload for analysts through auto-processing, and making it easy for analysts to process the ones that are not auto-processed
The console design is intuitive and efficient
As per number one above, I imagine we are in better compliance by having this system in place
Also per number one above, re automation, I worked at a place that did not use autoprocessing and the analyst would spend the whole workday wading through the spam submissions for the few true positives

Alternatives Considered

KnowBe4 PhishER

The other product had a lot of fails on the auto-processing and did not integrate well with our current environment. One issue had to do with the way it sends the submissions to its processing engine—our email gateway configuration would have blocked this traffic. I also did not like the user interface.

Key Insights

Do you think Cofense Triage delivers good value for the price?

Not sure

Are you happy with Cofense Triage's feature set?

Yes

Did Cofense Triage live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Cofense Triage go as expected?

Yes

Would you buy Cofense Triage again?

Yes

Other Software Used

FireEye Cloudvisory, pfSense, McAfee Endpoint Security, Symantec Endpoint Security, Splunk Enterprise Security (SIEM), IBM QRadar, Mimecast Secure Email Gateway, Palo Alto Networks WildFire

Likelihood to Recommend

It's hard to imagine very different scenarios. I am reviewing Cofense Triage that is an email processing engine so the scenario is pretty straightforward. I will say sometimes we get company-wide emails, like ones that inform users they are signed up for training and hundreds of them submit them but they don't get auto-processed. The solution for me was to let the collect all together in one group (as I mentioned before a benefit is that similar emails are placed together and can be cataloged as a group) and process them all at once at the end of the day.

Cofense Triage a good catch

Overall Satisfaction with Cofense Triage