Cofense Phishing Detection and Response

Additional Info

Company size (employees)500 to 999
Type of solutionCloud/SaaS


Half of all advanced email attacks — business email compromise (BEC), ransomware, credential theft, and credential phishing — evade complex and costly security solutions and account for more than 80% of all reported security incidents.

Organizations require a solution that prevents attacks and evolves with threat actors. Enter Cofense Phishing Detection and Response (PDR) – a comprehensive solution that tackles every element of advanced email security including security awareness, phishing email detection and analysis, as well as automated response.

Cofense’s PDR Platform leverages the power of 30 million users worldwide who are actively reporting suspected phish. Dynamic awareness training based on real, successful phish ensures that phish which bypasses perimeter security solutions are reported quickly. When a phish is identified in one customer environment, that intelligence is shared to stop phishing attacks in other customer environments automatically. In our customer base alone, there are over 1 million malicious phish that bypass existing email security solutions each month with no end in sight. Once a phish has bypassed existing legacy email security controls, we inspect the email with Computer Vision technology in our Cofense Protect product and automatically stop it before it makes it to the inbox. If a phish is unknown to us and made it to an inbox, we use Human Vision (aka people) to report the phish with Cofense Reporter technology. The technology in our Triage product analyzes reported phish with clustering of payloads and reputation scoring and Vision instantaneously automatically quarantines positively identified phishing attacks. Cofense Intelligence is used to make all our products in the PDR platform smarter and is also offered externally as a threat intelligence product, which includes phishing trend reports and a tactical intelligence feed to integrate with other enterprise security solutions like SIEMs, TIPs, and SOARs.

How we are different

Phishing Intelligence Network (PhIN): PhIN is Cofense’s unique data source from 30 million email users reporting suspected phish. Because end users report phish that reach their mailbox, Cofense sees data on every email that evades every existing email security solution and affords the relevant indicators of compromise (IOCs) to arm our customers to prevent these attacks – and variations of them – whether they have been reported or seen before.

Proactive Protection with Computer Vision: Cofense Protect is an instant phishing detection solution that uses Computer Vision to "look" at email after they have passed through existing email security and before they reach the user. Following the same visual perception cues as a human reader would, Protect uses patented AI technology to identify multi-level phishing attacks which escape traditional gateways. Protect learns by scanning 1.5 million emails and over 4.5 million URLs every day.

Automatically Quarantine Threats: Once a phish is confirmed, Cofense AutoQuarantine removes it from inboxes across an organization without requiring intervention from the customer. We have observed this entire cycle from report to removal to be near instantaneous when configured to quarantine without analyst review. The intelligence is then shared with other Cofense customers so the same attack can be stopped in their environments often before any suspected phish is ever reported. When considering customers leveraging AutoQuarantine, 84% of customers had an attack automatically mitigated that nobody at their organization had reported showing the value of intelligence sharing across the Cofense customer base. A potentially significant risk is reduced to zero without requiring human intervention.