Auto-Quarantine Phishing Threats with Cortex XSOAR and Cofense Vision

Nov 17, 2022
3 minutes

Secure email gateways don’t always catch everything, so identifying and quarantining phishing emails that have bypassed that security is crucial to disrupting an attack and preventing a potential breach across the organization. Unfortunately, security teams rarely have the time or resources to fully protect against evolving phishing tactics. Furthermore, the threat of ransomware from phishing hampers the business. These are just some of the many issues organizations of all sizes struggle with daily.

To overcome these threats, Cofense’s team of analysts leverage a global network of more than 35 million reporters who identify and report on suspicious emails. Cofense Vision takes advantage of this intel to search and automatically quarantine phishing threats even before they are reported, stopping a malicious attack in its tracks. Cofense’s high-fidelity phishing indicators can be consumed in Cortex XSOAR, providing valuable intelligence and context to quickly identify phishing campaigns, allowing SOC teams to take swift action against emerging and active threats.

We are excited to announce the Cofense Vision content pack is now available on the Cortex XSOAR Marketplace! This new content pack provides Cortex XSOAR customers with phishing detection and response by integrating Cofense Vision’s phishing search and quarantine into an automated playbook for intelligent email security. Cofense Vision supports complex queries allowing XSOAR customers to find phishing campaigns based on domains, URLs, attachment names and hashes, and other elements frequently found in advanced phishing attacks.

Designed to speed up phishing detection and response, the Cofense Vision content pack can easily be installed with a few clicks. We make it easy for joint customers to leverage this powerful integration to automatically identify and classify phishing campaigns and quarantine email threats right within Cortex XSOAR.

Let’s take a look at why this is so important for your security program:

Together, Cofense Vision and Cortex XSOAR enable your security and IT teams to automatically quarantine emails that evade detection. Cofense Vision’s intelligent email security solution enables adding custom IOCs, searching for phishing threats, and automatically quarantining threats matching IOCs. Identify and remove threats against credential compromise, ransomware, and malware in seconds.

Shown below, Cofense Vision’s content pack enables analysts to run commands and playbooks outside of Cofense Vision’s UI to:

  • Automate phishing detection and response, matching actionable threat intelligence to discover and stop threats evading defenses.
  • Rapidly respond and quarantine email threats lurking in mailboxes and increase resiliency against new attacks with Cofense intelligent email security.
  • Automatically identify and classify email threats and demonstrate faster mean time to respond (MTTR).
  • Remediate credential theft, ransomware, and malware-based emails waiting to be opened in employees’ mailboxes, without involving the email team.
  • Enable your threat hunting team with intelligence to find attackers and develop new blocking and remediation plans.

Learn More

Build out your security program with the Cofense Vision content pack, available now on the Cortex XSOAR Marketplace. Look up pre-built integrations for your top security tools with over 950 content packs available for Cortex XSOAR, the market’s leading SOAR platform.

Don’t have Cortex XSOAR? Download the Community Edition to get started.

Learn more about Cofense Vision and see additional Cofense content packs, Cofense Intelligence, Cofense Triage, and Cofense Feed, available on the XSOAR Marketplace.

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.