Three is the Magic Number

When it comes to prioritizing or recalling information, three is the magic number. Many of us know this thanks to Schoolhouse Rock with the original airing or the newly popular rediscovery of recent generations. Either way, it’s true that our ability to remember more than three things decreases dramatically with each additional thing. And it’s no different with phishing detection and response (PDR). There are a dozen or more capabilities you need to stop phishing attacks but there are three that separate out from the pack.

By Michael Callahan

  1. Breadth of Phishing Intelligence
  2. Ability to Auto Quarantine Attacks
  3. A Feedback Loop that Ensures the System Continues to Get Smarter

They are:

Breadth of Phishing Intelligence. Many companies have threat intelligence. Some track what goes on in their environments with custom solutions. Others have what they capture with their current email security solutions. But to be truly effective, you need to have phishing intelligence. Not only phishing intelligence, but phishing intelligence based on state-of-the-art research and attacks that have made it through all email security systems.

Let’s go through each one.

It’s not enough to know what hasn’t been stopped by one of the legacy, expensive and often redundant secure email gateways (SEGs). You need to know what has bypassed all those systems to effectively understand how attackers are targeting your organization. At Cofense, we see – our phishing intelligence — what gets past all the leading SEGs and the latest IESS/CESS/CAPE startups, and even the smaller market-share email security solutions. In fact, we actively monitor around 20 different email security solutions knowing what they stop and what they don’t stop. No one else has this breadth of phishing intelligence, and it’s why Cofense can stop attacks faster and more efficiently than any other solution.

This last piece is critical.

The effectiveness of Auto Quarantine is based on the high-fidelity intelligence from Cofense Intelligence, and automation technology in Cofense Triage and Vision. It’s important to point out that this instantaneous Auto Quarantine capability doesn’t only work for the company that reported the phishing attack. For Cofense PDC customers, once confirmed, that intelligence is used to automatically and instantly stop attacks in other customer environments. We call this the Cofense Network Effect. If you’re part of the Cofense network, you benefit from the collective intelligence. We’re like the Waze of email security – powered by the crowd and benefiting everyone in the network. But it all boils down to speed and the ability to stop attacks as quickly as possible. In or out of the network, Auto Quarantine ensures attacks against your organization are stopped quickly.

Ability to Auto Quarantine Based on Intelligence. Attackers rely on you being inefficient in response to their attacks. The ultimate tool you have is speed. Once an attack starts, how fast can you confirm you are being attacked and how fast can you respond? Millions of phish bypass existing email security solutions every month. As soon as a phish gets through your SEG, it’s a race against the clock. You have to quickly identify the attack and stop it. The only way to do this quickly is through automation. Once confirmed, you need to auto quarantine all the other emails that make up the attack. At Cofense, we’ve seen millions of attacks. In fact, one reported email resulted in identifying 4,500 other emails that were part of the attack; they were auto quarantined. This happens instantaneously. And this is not the exception; it’s the rule with Cofense. We routinely see attacks consisting of hundreds and thousands of emails stopped in their tracks instantly with Cofense Auto Quarantine technology.

There you have it. Like triangles, tricycles and tripods, those are the three critical capabilities of an effective phishing detection and response solution. There are more capabilities, of course, and I encourage you to investigate them with your Cofense account manager, but those three are the critical ones.

Feedback Loop. What good is intelligence if you don’t use it to get smarter? At Cofense we believe that the best way to continuously stop attacks quickly is by incorporating a feedback loop where all of the email intelligence is fed back to the machine learning algorithm to get smarter. When a phishing email makes it to the inbox, and well-conditioned users apply their own vision (Human Vision) to determine the email is suspect, that email and any other in the attack will be instantly auto quarantined. Once we have that intelligence, it’s used to train the Computer Vision technology in our Cofense Cofense Protect product to get smarter and stop similar attacks in the future as they enter an organization. Cofense is the only company with this feedback loop that continues to make the overall system better, faster and smarter every day. In fact, as a result, Cofense’s Protect product doubles in intelligence about every three months. Computer Vision and Human Vision bookend the protection with the automation technologies in between eliminating the risk and getting smarter through the designed-in feedback loop.

We’re Cofense.  We Stop Phish.

We’re happy to set up a time for you to talk with someone on our team to help stop phishing attacks against your organization. You can send us your information here and we’ll get back to you in less than 24 hours.

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. Past performance is not indicative of future results.
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.

This post was first first published on Cofense’s website by Cofense. You can view it by clicking here