Review: Keeping the bad phish out of your network pond with Cofense Triage

The tool is still evolving, but even now represents one of the most advanced defenses against phishing.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

One of the most popular — and quickest — ways for attackers to enter a network these days is to trick a user into taking an action, whether installing malware or providing their login credentials. And if they pretended to be a company official, a business partner, or a family friend, their chance of success skyrockets.

Phishing e-mails run the gamut from clumsily worded sweepstakes type scams all the way up to highly researched and targeted campaigns designed to attack a handful of key people at an organization. Yet, despite the danger they pose, most organizations have little or no defense against them.

From PhishMe to Cofense

Back in 2008, when the original PhishMe product was deployed, which was also the name of the company at the time, there was also a very low awareness of the danger that these types of e-mails represented. The PhishMe simulation was created to allow network administrators and security personnel to craft their own phishing e-mails to train users about the dangers sometimes hidden in mail messages.

PhishMe Build Sim John Breeden/IDG

The original PhishMe product, the PhishMe simulator, lets administrators create realistic phishing e-mails to help train users what to do, and what not to do, when a suspected e-mail is encountered.

PhishMe is still available today. It was kind of fun to test the interface and see all the different types of phishing e-mails that could be created, and the rate of success each campaign has historically achieved. Given the fact that anyone can fall victim to a particularly good or targeted phishing scam, including technically savvy people, it might be a good idea to include PhishMe as part of an overall cybersecurity maturity program.

As an organization, PhishMe has moved its focus away from pure education into threat remediation. Even the company name is changing, from PhishMe to Cofense, which is a combination of collaborative and defense. One of the first Cofense-branded products, Triage, takes e-mails reported by users as suspected phishing, and helps to manage responses. In one sense, the PhishMe product helps to make users more adept at spotting phishing scams, while Triage creates a way for organizations to tap into the newfound skillset that employees should have learned.

Cofense Triage Main John Breeden/IDG

The main page for Triage looks very much like an e-mail console, so it should be familiar to anyone working in IT.

Deployed as an on-premises virtual appliance, Triage connects with almost any corporate e-mail program. It works with an add-on app called Reporter, which adds a button with a little fish to the standard control ribbon of most e-mail clients. Whenever a user gets an e-mail that they suspect is a phishing scam, they simply push the button to report it. It also works with mobile clients, so users who check mail on their smartphones can still connect to Triage. And incidentally, if a reported phishing e-mail was generated by the PhishMe program as a test, pressing the button gives instant feedback, and thanks, from the IT team for doing the right thing.

To continue reading this article register now