Item: Cofense Triage
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

Cofense Triage is used across the enterprise as a tool to report, analyze, and categorize suspicious emails received by users. Cofense Triage rules and recipes help develop a custom logic to eliminate noise (like spam and valid internal emails). Response templates help define canned responses to users and reputation score helps reward vigilant users.

Pros and Cons

Extraction of IOCs
Rules and recipes for automation.
Assist triage

API could be further improved for integration with other tools.
Improve Splunk Phantom App for two way communication.
Enable Catch a Phish support in the latest Mac OS (Catalina).

Return on Investment

Improved compliance.
Saved time.
Reduced staffing needs.

Key Insights

Do you think Cofense Triage delivers good value for the price?

Yes

Are you happy with Cofense Triage's feature set?

Yes

Did Cofense Triage live up to sales and marketing promises?

Yes

Did implementation of Cofense Triage go as expected?

I wasn't involved with the implementation phase

Would you buy Cofense Triage again?

Yes

Other Software Used

Proofpoint Email Protection, Splunk Enterprise Security (SIEM), Splunk Security Orchestration and Automation (SOAR), formerly Phantom

Likelihood to Recommend

Cofense Triage is a suitable tool for organizations to allow users a method to report suspicious emails. There's an Outlook add-on a user can click to simply report an email and get a response from an expert. Cofense also has other tools like Cofense Intelligence and Cofense Phishme for phish simulation exercises seamlessly integrating with Cofense Triage. However, I believe bundling Vision (a feature to search MS Exchange mailboxes for IOCs) with Cofense Triage would add more value to customers. Vision comes as an add-on subscription.

Great tool for protection from Phish

Overall Satisfaction with Cofense Triage