Cofense Intelligence

Additional Info

Company size (employees)500 to 999
Type of solutionCloud/SaaS


Cofense Intelligence is human-vetted phishing threat intelligence that provides accurate and timely alerts to strengthen an enterprise’s ability to quickly identify and respond to phishing attacks in progress.

Cofense receives more than a million messages daily from a wide variety of sources. Attacks are analyzed to determine relationships between them, while unique clustering algorithms create populations of attack types. Once a new threat cluster is identified, its characteristics are documented and updated in our threat repository.

Attack payloads for each confirmed phishing campaign are analyzed to determine the nature of each threat. This information updates our data lake for analysis across campaigns and timeframes. Importantly, Intelligence analyzes attacks that don’t have payloads, such as credential phishing campaigns.

This proactive approach enables disruption of potentially malicious attacks. Intelligence exposes tactics used to penetrate the network, creating relationships between phishing campaigns and IOCs. The combination of actionable threat intelligence and understanding the correlation between phishing attacks and their motivators helps teams prioritize, investigate and respond.

Threat intelligence is published in multiple formats for security teams and security infrastructure to consume and appropriately respond: Human-readable threat intelligence reports (HRTI) and machine-readable threat intelligence reports (MRTI).

• HRTI provides deep-dive and trending analysis of your biggest threats, with expert analysis of the attack methodology.

• MRTI feeds directly into security devices and threat repositories. Firewalls, IDS/IPS, SIEM can now detect and block emerging threats at the earliest stages of the attack.

• SaaS investigation apps to investigate phishing and malware attacks. These on-demand tools provide the latest insight on which attacks are related and how the attacks are being executed.

How we are different

* MORE THAN ‘JUST A FEED’: Cofense Intelligence ThreatHQ user interface offers intuitive, interactive, in-depth intelligence for improved phishing defense and strategic planning.

Different types of reports keep customers informed about threats from many different angles. Through different reports, Intelligence supports different roles within a customer’s network defense organization.

Our strategic reports and flash alerts provide TTP-based intelligence. They show what tactics are effective for threat actors in delivering phishing attacks. These will show a customer, for example, the top delivery mechanisms for malware seen in phishing. So, the customer is not only relying on individual IOCs, which expire/change regularly, to block attacks. They know what methods threat actors are using that they need to defend against.

The Cofense Intelligence feed can easily be ingested into third-party platforms for automated actioning/alerting on known malicious IOCs.

* ACCESS TO EXPERT THREAT ANALYSTS: Expert guidance from Cofense’s world-class security team to implement best practices to reduce threats against enterprise networks.

* FOCUS ON HIGH VALUE INTELLIGENCE: Cofense Intelligence provides critical and strategic intelligence combined with campaign-specific intelligence that is more tactical. The focus on Cofense analyst-vetted intelligence has led to an extremely low false positive rate – only 3 total false positives in 2021 and only 2 in 2020.