Item: Cofense Triage
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

We run Cofense Triage as an MSSP, offering as part of a managed service to our clients. We provide the analysts who Triage the reported emails, make decisions on their authenticity and malicious intent. Our analysts then provide feedback to the reporter and we summarize details of the overall Triage service on a regular basis. We use Triage in conjunction with Vision to provide an overall email security service.

Pros and Cons

Risk rating emails using rules.
Scoring reporters based on their performance at reporting malicious vs non-malicious emails.
Previews and rating attachments.
Integrations using APIs to allow quicker analysis of URLs.

Adding additional mailboxes which can be customised for different analysts or rules to prioritise a 'Suspected Malicious' mailbox over a 'Suspected Spam' etc. mailbox.
Recipies and Triggers appear to be an overlap and 2 features which do the same thing.
Showing comments made on a cluster in the mailbox view can often help save time, rather than entering the contents of a message to see this information.
Automatic comments on messages based on a playbook would be useful, this may be a feature that exists on new versions however.

Return on Investment

Triage has been excellent and has prevented multiple malicious emails from compromising the client.
The analysis of these malicious emails also allowed us to monitor for IOCs, which can prevent further attacks.
Overall, considering the attacks it has prevented, this has definitely been worth the money.

Alternatives Considered

Cofense PhishMe, Cofense Vision, KnowBe4 PhishER, KnowBe4 Security Awareness Training and KnowBe4 KCM GRC Platform

Triage is an excellent solution for analysing and triaging emails. It has a set of rules which can be used to rate the risk of meaages, these rules are updated on a daily basis to keep up with known IOCs of attackers. The support from Cofense is also excellent and reaching out to them for support is always very valuable.

Key Insights

Do you think Cofense Triage delivers good value for the price?

Yes

Are you happy with Cofense Triage's feature set?

Yes

Did Cofense Triage live up to sales and marketing promises?

Yes

Did implementation of Cofense Triage go as expected?

Would you buy Cofense Triage again?

Yes

Other Software Used

Cofense PhishMe, Cofense LMS, Cofense Reporter, Recorded Future, Skillsoft Percipio (Skillport)

Likelihood to Recommend

Triage is an excellent solution for analyzing, categorizing and responding to reported emails. It has a simple interface which is easy to get used to and the features can be used to semi-automate many actions, speeding up the analysis massively. This is a great platform for analyzing small to medium amount of emails (10-20 per analyst per day), however it takes quite a lot of setup of automation to make it useful for larger scale companies.

Cofense Triage from an MSSP point-of-view

Overall Satisfaction with Cofense Triage