Tools and Team Together — How Tetra Defense and Cofense Fight Phishing

This blog post was published originally by Cofense. It is reprinted with permission.

Tetra Defense has broadened the partnership with Cofense to include instant phishing detection, showing lightning-fast results by deploying Cofense Protect MSP. This helps keep malicious emails out of inboxes while dramatically reducing the load on security analysts.

Phishing attacks are a massive problem for end users and SOC analysts, and today’s threats are increasingly difficult for humans to detect. Data from Cofense Validator results show that secure email gateways (SEGs) miss roughly half of all malicious URLs, which change faster than blacklists can keep up. Worse, the majority are credential phishing attacks and come with multiple layers, designed to lure the user further away from the initial phish, making them nearly impossible for legacy SEGs to detect. Data from the Cofense 2021 Annual State of Phishing Report shows 57 percent of phishing attacks are aimed at credential theft. An example is shown in Figure 1.

Figure 1: Most phishing attacks are credential-theft themed. This is an example.

This data intrigued Tetra Defense, a company that specializes in managed detection and response (MDR) services, drawing from deep experience in both incident response and cyber risk management.

“We need a system that can detect and stop these URLs before a user can click on them,” said Bradley Roughan, Tetra Defense Vice President of Cyber Defense Operations.

As threat actors change their methods, it’s imperative for security solutions to improve as well. This is an approach that Tetra has embraced for years, now backed by Cofense Protect MSP.

“In the first 4 weeks after installing Protect MSP, we have blocked more actual malicious emails for our client than we found in those reported by users for the entire year…With an immediate 94 percent reduction in volume of threats to be investigated, Protect MSP quickly reduced the window of exposure to our clients. This lowers client risk and lessens the time spent by our threat analysts.”

Bradley Roughan, Tetra Defense Vice President of Cyber Defense Operations.

Because today’s threat actors embed malicious URLs in fake login pages several layers down in the phishing email, SEGs can’t detect them. Instead, Cofense Protect MSP opens all the links in a protected sandbox environment, and follows them to their final destination. This multi-level investigation is something no SEG can do. The ultimate landing page URL is compared to the landing page (often login pages) and, if they differ in the slightest, it’s a phish.

Cofense Protect MSP is the only instant-threat detection solution to emulate the way a human would “see” a phishing email attack. Cofense Protect MSP looks at the target landing pages, using visual perceptual cues, analyzing them against images of legitimate landing pages previously and continuously scanned into its database. Legacy SEGs today are simply incapable of doing this, rendering their end users vulnerable to these sophisticated, yet common, phishing attacks.

Tetra Defense already uses Cofense Triage as part of their Managed Detection and Response services to analyze user-reported suspicious emails. Now, Cofense Protect MSP provides an additional layer of defense: A speedy solution for phishing protection at the inbox that combines Computer Vision and AI to stop phishing emails and websites in real-time, all before they have been reported and added to the blacklists.

“In the first 4 weeks after installing Protect MSP, we have blocked more actual malicious emails for our client than we found in those reported by users for the entire year,” Roughan said. “Another client we installed slightly later shows this same trend. With an immediate 94 percent reduction in volume of threats to be investigated, Protect MSP quickly reduced the window of exposure to our clients. This lowers client risk and lessens the time spent by our threat analysts.”

Saving this time is crucial in the threat intelligence realm where dedicated research and continuous hunting is required to stay ahead of threat actors.

“With nearly 60 percent of all phish aimed at credential harvesting, having such a layered defense is the best way to win,” Roughan added.

Figure 2: This graph displays malicious emails reported and protected with Cofense Protect MSP.

The graph shown in Figure 2 illustrates how the number of phishing detections from Protect rose very quickly immediately after implementing Protect MSP. Within four weeks of implementation, the number of reported malicious emails that Tetra’s Cyber Defense analysts had to inspect decreased by 77 percent. Cofense Protect MSP not only makes the customer more secure, it also empowers Tetra Defense to direct its valuable SOC resources where they make the most impact. This underscores a key requirement in cybersecurity: The need to have both technology and humans to form the most effective solutions.

“You need both humans and smart systems to defeat phish,” said Robert Iannicello, Vice President of MSSP Programs for Cofense.

Using this strategy, Cofense Protect MSP continues to improve detecting and providing email security protection, learning not only through scanning millions of emails and URLs every day, but also through a proprietary feedback loop that delivers phishing intelligence continuously from the global Cofense network to the solution’s AI engine. This makes Cofense Protect MSP smarter every day as it constantly learns from IOCs detected in emails flagged by 30 million human reporters. These are emails that bypassed SEGs and landed in user inboxes.

”Cofense is proud to deliver the unique benefits of rapid phishing detection and user training in one package with Protect MSP,” Iannicello said. “Tetra Defense’s MDR customers can get instant benefit with our 40-second onboarding experience with no MX record changes required. MSPs and cybersecurity teams at Tetra can take advantage of our MSP-friendly NFR licenses to protect themselves, as well as our monthly consumption-based billing, low-touch maintenance and advanced reporting with analytics.”

These unique benefits are a key requirement in cybersecurity. Both powerful tools and knowledgeable teammates combine forces to continually learn, improve and protect organizations of all sizes. Tetra Defense brings this combination to the forefront with their MDR services, leveraging Cofense Protect MSP to not only protect client inboxes but to learn from these messages and shed light on the ever-changing dark-web activity that threatens organizations today.

“We don’t just notify, we take action,” Roughan said. “We optimize the best tools and methods to stop sophisticated cyber threats and detect what may otherwise go unfound. Cofense Protect MSP is part of what lets us go beyond, and it’s only getting better.”

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. Past performance is not indicative of future results.

The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.

Check out some related content on our blog: