Cofense Triage a good catch
August 12, 2021
Cofense Triage a good catch
Score 9 out of 10
Overall Satisfaction with Cofense Triage
Multiple business units use Cofense Triage for processing potential phishing emails. Many are auto-processed but I am part of a team that manually reviews submissions that are not processed automatically.
- The auto-processing engine seems fairly accurate reducing the number of submissions to be processed manually
- The auto-processing responds to users reinforcing them when they report bad
- The console design is user-friendly for the analyst, e.g., the grouping and cataloging of multiple similar submissions
- The Cofense Triage tags are helpful to the analyst when a submission is ambiguous, they can help point you in the right direction to dig deeper
- It would be nice to integrate with other tools to easily see how our firewall/email gateway is handling potentially bad links if users have clicked or opened attachments, and how many other users got similar emails but didn't report them
- The first thing that comes to mind is that Cofense Triage has stopped bad from happening by making it easy for users to submit suspicious emails, reducing the workload for analysts through auto-processing, and making it easy for analysts to process the ones that are not auto-processed
- The console design is intuitive and efficient
- As per number one above, I imagine we are in better compliance by having this system in place
- Also per number one above, re automation, I worked at a place that did not use autoprocessing and the analyst would spend the whole workday wading through the spam submissions for the few true positives
I've worked with PhishMe/Cofense at three companies, one had over 400,000 users and it seemed to work well. Currently, the company I'm at has ~5,000 users and it works well there. I've never seen it for a small company.
I'm not sure how the scoring works exactly as my current role is working only with the Triage part and not the other products. For the reputation score, it is helpful to sort by the score in order to address the most potentially threatening submissions first.
The other product had a lot of fails on the auto-processing and did not integrate well with our current environment. One issue had to do with the way it sends the submissions to its processing engine—our email gateway configuration would have blocked this traffic. I also did not like the user interface.
Do you think Cofense Triage delivers good value for the price?
Are you happy with Cofense Triage's feature set?
Did Cofense Triage live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Cofense Triage go as expected?
Would you buy Cofense Triage again?
It's hard to imagine very different scenarios. I am reviewing Cofense Triage that is an email processing engine so the scenario is pretty straightforward. I will say sometimes we get company-wide emails, like ones that inform users they are signed up for training and hundreds of them submit them but they don't get auto-processed. The solution for me was to let the collect all together in one group (as I mentioned before a benefit is that similar emails are placed together and can be cataloged as a group) and process them all at once at the end of the day.