Page 18 - Cyber Defense Magazine - Global Print Edition 2018
P. 18

11:49 a.m. Reported emails go to  of both worlds. Automation greatly  lateral movement.
        Cofense  TriageTM for machine  accelerates  email analysis  at  “We removed the email quickly,”
        and human analysis.                 scale, while human vetting makes  said  the VP of Information
        The company relies on Cofense  use of insights machines can’t  Security,  “though in the  space
        Managed  Triage  for phishing  deliver.                                 of a few minutes a lot of people
        response.  Reported  emails  first  12:07 p.m. Cofense  completes  clicked. Once we contained the
        undergo    automated     analysis.  the investigation  and  alerts the  threat,  we started  on repair and
        Then human  analysts at the  company.                                   recovery work, seeing who clicked
        Cofense Phishing Defense Center  Upon wrapping up the investigation,  and mitigating problems linked to
        (PDC) investigate further to verify  the PDC called the company’s VP  their accounts.”
        whether an email is malicious.      of Information  Security. Cofense  “All of this was the result of a single
        PDC     research    shows     that  Triage  automation  and human  well-crafted phishing email.”
        crimeware  as a percentage of  expertise  enables  the company  The VP  of  Information Security
        reported emails can range  from  to respond to the threat in real  adds, “If we hadn’t been prepared,
        practically nothing to  over 90%  time. The possibility of a breach is  the damage would  have been
        monthly. From one month to the  detected in minutes, not months.        worse. We were able to retract the
        next, it’s not unusual for a company  Not  bad,  when  you consider  that  email in under 20 minutes.”
        to see dramatic swings.             IBM Security and the Ponemon  Good thing this company had built
        12:00 p.m.  The  investigation  Institute      report  the   average    a complete, collective  phishing
        escalates.                          business detects a breach in 196  defense,      protecting    against
        As users reported more emails and  days2—and that most breaches  phishing  attacks from the inbox
        more evidence emerged, the PDC  begin as phishing emails.               to the SOC. By striking a balance
        escalated the initial investigation.  12:07  p.m.   The    healthcare   between automation and human
        The threat analyst conferred with  company responds.                    intuition, the  company was
        his manager on duty.  Cofense  After consulting with Cofense, the  ready when trouble loomed—and
        Triage  groups  malicious  emails  company blocked the phishing site  equipped to prevent a disaster.
        into common clusters. Further,  and began to mitigate the attack.  By Cofense CTO and Co-Founder
        the PDC team applies  human  Incident  responders  retracted the  Aaron Higbee
        intelligence  to  confirm  a  phishing  bad email from inboxes, monitored
        campaign.                           behavior  from  affected  Office365
        The approach combines the best  accounts, and disrupted any










                                       Aaron Higbee,
                                       Chief Technology Officer and Co-Founder
                                        Aaron is the Co-Founder and CTO of Cofense (formerly PhishMe), Inc. directing all aspects of development and
                                       research that drives the feature set of this market leading solution. The Cofense method for awareness training was
                                       incubated from consulting services provided by Intrepidus Group, a company that Aaron Co-Founded with Rohyt
                                       Belani in 2007.

                                       Aaron remains on the board of directors for Intrepidus Group to ensure it focuses on forging new service lines and
                                       attracting motivated researchers and consultants.

           Before Cofense and Intrepidus Group, Aaron served as Principal Consultant for McAfee’s Foundstone division where he was a lead instructor and known for his ability
           to mentor and develop junior consultants into expert penetration testers. Prior to his seven years of consulting experience, Aaron worked for large Internet Service
           Providers handling security and abuse incidents, subpoena compliance, and datacenter security. Aaron’s biggest achievement is building industry recognized
           Intrepidus Group and incubating Cofense out of it.He enjoys the diverse personalities in the information security community and is known for building creative
           environments needed to promote rich personal and professional development. His creative touch is evident in the unique way he recruits and retains talent and
           his style further extends itself into his leadership role at Cofense. Aaron is a speaker at regional conferences and associations as well as large conferences such as
           BlackHat, DefCon, Shmoocon, etc. His expert opinion is a valuable resource for many media outlets interested in security.




        18 CYBER DEFENSE MAGAZINE – ANNUAL GLOBAL PRINT EDITION 2018  – SPONSORED BY TREND MICRO
   13   14   15   16   17   18   19   20   21   22   23