SentinelOne and Cofense Integration

Closing the gap on today’s advanced security attacks requires tight integration between security solutions to detect new and existing threats and to automatically respond within seconds. Traditional antivirus cannot keep up with today’s fast-evolving threat landscape. The integration enables SentinelOne’s autonomous prevention, detection and response capabilities to extend far beyond traditional endpoints in protecting enterprise networks of the future.  With Cofense Intelligence and SentinelOne, security teams can detect and respond based on credible, human-verified phishing intelligence. Cofense Intelligence offers a RESTful API that SentinelOne polls for file hash indicators and cross-correlates in the platform. The constant polling of credible human-verified phishing intelligence associated with malicious files provides security teams with visibility into the latest global phishing threats. An endpoint communicating with phishing file hashes provided from Cofense can quickly be identified and investigated. Analysts have a view into credible phishing threats leading to higher confidence in the action taken based on the indicator results returned to the platform.

Key Benefits

  • Implement next generation endpoint protection, using single agent autonomous AI solution, including:
    • SentinelOne leading EPP capabilities, protecting your assets from malware, exploitation, ransomware, credential theft prevention, and advanced threats.
    • SentinelOne EDR with threat hunting, IOC search, remediation, automated analysis, with  containment and rollback
    • Visibility on all your assets, including encrypted traffic, and any operation on the endpoints
    • Obtain offline protection across all your endpoint assets, including Windows, MacOS, and Linux.
    • Proactively block next-gen threats inside and outside the network perimeter by automatically sharing threat intelligence.
  • Human-verified, timely and contextual phishing intelligence delivered as machine-readable threat intelligence (MRTI)
  • High fidelity intelligence about phishing, malware, and botnet infrastructure
  • Human-readable reports with context behind threat actor infrastructure to understand attacker tactics
  • Real-time response and historical analysis driven from verified phishing threats associated with malicious files
  • Hash file indicators used in phishing campaigns
  • Pinpoint hosts coming in contact with phishing files to take additional incident response action

How it Works

Cofense Intelligence, working with SentinelOne, provides analysts with the ability to investigate, validate, and remediate based on indicator impact from phishing-specific MRTI. Using high fidelity phishing intelligence means that analysts can prioritize and decisively respond to alerts from intelligence consumed via Cofense’s API. With SentinelOne, security teams can operationalize Cofense Intelligence phishing artifacts and indicators.

Cofense Intelligence human-readable reports are linked from within SentinelOne to provide analysts Indicators of Compromise (IOC) with context. This provides the additional insight so security teams can understand the criminal infrastructure and support remediation decisions. Analysts and security leaders will have visibility into email message contents, malware artifacts with full threat detail, and executive summaries to easily understand the threat actor’s operation and the risk to the business.

The combination of SentinelOne and Cofense Intelligence provides clear insight for assertive action from malicious file artifacts. Security teams can respond quickly and with confidence to mitigate identified threats using threat intelligence that is operationalized with a high degree of confidence leads to actionable decisions that are detected and responded to across endpoints.

About Cofense™
Cofense™, formerly known as PhishMe®, is the leading provider of human-driven phishing defense solutions for organizations concerned with their susceptibility to sophisticated cyber attacks. Cofense delivers a collaborative, cooperative approach to cybersecurity by enabling organization- wide response to the most used attack vector—phishing. Cofense serves customers of all sizes across multiple industries including financial services, energy, government, healthcare, technology and manufacturing, as well as other Global 1000 entities that understand how engaging user behavior will improve security, aid incident response and reduce the risk of compromise.

Get in touch with the SentinelOne and Cofense integration experts

Request a demo