• The Most Recognized Security Awareness and Simulation Solution
NETWITNESS SUITE
In 2017, the phishing rate in South Africa was the highest in world, where 1 in 785 emails was a phishing attack1 – that’s a big problem. But what if you could get ahead of the attackers and stop breaches before they happen? With Cofense and RSA, you can. The powerful combination of Cofense® internally-generated attack intelligence, 100% human-verified threat intelligence, and incident response event data made visible and actionable in RSA® NetWitness®, allows security teams to respond quickly and with confidence to mitigate identified threats.

Operationalize Phishing Intelligence for Threat Defense & Response

Cofense® and RSA® NetWitness® Suite interoperate for visibility into one of the biggest cybersecurity risks — phishing. With many of today’s data breaches attributed to phishing, security teams require insight into adversary criminal infrastructure that can be operationalized to alert and respond to phishing threats.

Cofense Intelligence™ is 100% human-verified phishingspecific threat intelligence delivered as machine-readable threat intelligence (MRTI). Customers receive a fullyvetted source of phishing intelligence verified by Cofense researchers. Cofense provides security teams with context around the criminal infrastructure to extend beyond a list of Indicators of Compromise (IOCs), and enable teams to see their adversary’s full operation as opposed to one-offs that change rapidly. By leveraging the STIX standard, Cofense Threat Intelligence data can be imported into RSA NetWitness Suite to diagnose infected corporate systems, and proactively detect or defend against attacks before they happen.

Phishing Intelligence

  • Cofense Intelligence via STIX XML format connects and structures phishing indicators for consumption by RSA NetWitness Suite
  • Relevant and contextual MRTI with no false positives
  • High fidelity intelligence about hpishing, malware, and botnet infrastructure
  • Human-readable reports to understand attacker TTPs
RSA NetWitness

IR Team Challenges

Attackers Evading Technical Controls

As technology evolves to defend against threats, the attackers’ creativity enables them to find ways into the employees’ inbox hoping they will open the attachment or click the link. Employees conditioned to recognize and report suspicious email contribute valuable human intelligence that may otherwise go unnoticed for an extended period of time.

Actionable Intelligence

Security teams are hesitant to trust their sources of intelligence for fear of disrupting the business. Correlation and prioritization of security events and the confidence to deny the communication is absolutely critical when seconds matter in blocking the threat.

Alert Fatigue

Too many threat intelligence feeds are full of false positives that distract security analysts. Excessive alerts only exasperate overwhelmed analysts with a finite amount of time.

The Solution

Cofense Intelligence indicators provide security teams with visibility into phishing criminal infrastructure. Analysts operationalize their response workflow against phishing URLs, IPs, domains, files, command and control (C2), payload, and exfiltration sites, when they configure NetWitness to alert on activity matching the indicators.Additionally, human-readable contextual executive and technical reports that illustrate the phishing infrastructure produced by PhishMe are available. Security teams are much more confident in the action they take based on thorough indicator report analysis when NetWitness correlates activity across their configuration rules. PhishMe Intelligence reports not only identify the security risk, butexplicitly state why indicators are malicious so that analysts don’t have to do additional research. Armed with human-verified phishing intelligence indicators and verbose reports that can be associated with events captured by NetWitness.

How It Works

Cofense Intelligence ingested into RSA NetWitness software connect and optimize the workflow. The phishing indicators in machine-readable threat intelligence (MRTI) correspond to risk-based threat ratings enabling security teams to quickly identify the latest phishing attacks bypassing their perimeter.

The human-verified intelligence from PhishMe affords analysts opportunity to prioritize and decisively respond to events with high fidelity data. Analysts can then navigate to PhishMe’s portal with access to human-readable Active Threat Reports with detailed insight into the attacker TTPs. These reports start with an executive overview and then describe the attack vector used to gain access to your employee’s computer. The PhishMe Intelligence service includes enriched IOC event data such as:

  • URLs
    Infrastructure Type: C2, Payload, Exfiltration
  • Domains
    Filenames and hashes
With the powerful combination of internally-generated attack intelligence, 100% human-verified threat intelligence, and incident response event data made visible and actionable in NetWitness, security teams can respond quickly and with confidence to mitigate identified threats.

About RSA

RSA® Business-Driven Security™ solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and reduce business risk, fraud and cybercrime. RSA protects millions of users worldwide and works with more than 90 percent of the Fortune 500.
Networks Unlimited Cofense

Get in Touch

This email address is being protected from spambots. You need JavaScript enabled to view it.
  • This email address is being protected from spambots. You need JavaScript enabled to view it.

Join our team today!

Networks Unlimited
Offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes.
Copyright 2012 Networks Unlimited | The Key to IT Security & Networking Communications.