RAZOR THORN SECURITY LTD

Phishing and Security Awareness (SAT) - Cofense

Cofense Provide Software & Services for both Phishing Detection and Response and Security Awareness Training (SAT). We focus on catching phishing threats that other technologies miss, turn it into Threat Intelligence and use it to help our customers better defend against the threat of Phishing.

Features

• Phishing Specific Threat Intelligence.
• Phishing Simulations.
• Learning Management System and Cyber-Awareness Content.
• End User Phishing Threat Reporting from the Inbox.
• Rapid Reported Threat Analysis & Prioritisation.
• Rapid Threat Quarantine of Analysed Threats.
• Auto-Quarantine of Known Threats, Instrumented by our Proprietary Intelligence.
• Fully Managed Phishing Detection & Response Service.
• Fully Managed Phishing Simulation Service.

Benefits

• Utilise phishing threat intelligence to fortify organisational defences against cyberattacks.
• Train end users by simulating real threats to enhance awareness.
• Implement Static CBT for heightened cyber-awareness within your organisation.
• User email reporting button enhances SOC threat visibility and responsiveness.
• Triage reported threats, filter out noise to focus on real-threats.
• Allow the SOC to quickly quarantine phishing threats from inboxes.
• Automatically Quarentine known phishing threats from all inboxes instantly.
• Fully Managed, Turnkey, Phishing Defence Service delivered by Cofense experts.
• Fully managed Phishing Simulation Service, delivered by Cofense Experts.

£30 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

724494254696260

Contact

Sophia Durham
+447470334993
sophia.durham@razorthorn.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Cofense commits to same-day response to customer tickets, offering various contact methods. Customers can reach the Cofense Support Team through Email, Website, Phone, or Live Chat via the Cofense Resource Centre.; ; Email/Website support operates 24/7, with tickets actively managed during regular support hours. Users can submit tickets via email at support@cofense.com or through the Support site. Phone support is available during standard operating hours, with calls outside these times converted to tickets. Live Chat operates Monday to Friday, 8:00AM-8:00PM EST, and offline inquiries are converted to tickets. The Cofense Resource Centre provides online assistance 24/7, featuring help articles/ticket creation.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: When can users get web chat support? Live Chat is available : Monday – Friday, 8:00 AM - 8:00 PM Eastern Standard Time (EST).; Live Chat is available via the Cofense Resource Centre.; Chat sessions initiated outside of chat hours will be converted into support tickets and worked on during regular support operating hours.; What accessibility standards does your web chat meet? Describe any web chat testing that you’ve done with assistive technology users. - Cofense has not performed any kind of testing with Assistive Technology users for our Live chat support functions.
• Web chat accessibility testing: N/A
• Onsite support: No
• Support levels: Cofense customers are all assigned a Customer Experience representative who provides a post-sales, single point of contact for that customer for the life of their contract. The CX rep can direct queries and manage any open support tickets a customer may have. Technical support is provided on any topic and tracked as a ticket whilst that ticket is open.; All support and maintenance is included in the price of the software solutions/services.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: When your Cofense phishing simulation solution has been activated, the CX team will work with you through a formal onboarding process. The process includes technical steps such as whitelisting IPs and working with gateway filtering devices as well as more programmatic efforts focused on developing recipient groups and a structure for a successful phishing simulation program.; ; Our onboarding documentation and associated training provides an overview of the Cofense solutions, details the methodology in creating a scenario, and outlines reporting features and functionality.; ; For all other solutions, we provide documentation for all of our software and subsequent training around our phishing detection and response solution can also be provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Production data is anonymised or deleted within 30 days of license expiration. Backup data takes an additional 30 days to be overwritten. Cofense recommends contacting our Technical Operations Centre on or before the license expiration date if you wish to obtain a copy of your data. Once the data has been anonymized or deleted, it is no longer recoverable.
• End-of-contract process: Production data is anonymized or deleted within 30 days of license expiration. Backup data takes an additional 30 days to be overwritten. Once the data has been anonymised or deleted, it is no longer recoverable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: User reporting of Phish in their inbox can only be effected on mobile devices if the user is reading emails in the Microsoft Outlook app on the mobile device. Beyond that, other elements of user interaction where necessary are delivered through the browser on the device.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: This is relevant only for the PhishMe Simulation solution, the Triage Detection and Response solution, the Vision Quarantine solution and the Intelligence Portal. In each case, access is provided to known admin users via a browser interface.
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Cofense PhishMe API: allows the download of simulation based reporting data, such that it can be fed into another reporting solution.; Cofense Triage API: allows access to a large number of endpoints, to retrieve and access data/metrics from Cofense Triage, including analyst confirmed indicators of compromise (IOCs). Some data may also be written to Cofense Triage, for example IOCs, Yara rules and Cofense Reporter reputation scores.; Cofense Intelligence API: allows access to up the date feeds of machine readable, phishing specific threat intelligence, containing human verified IOCs for threats that exist outside the network.; Cofense Vision API: allows control of search and quarantine operations from outside of the Vision GUI or Cofense Triage interface, and access to the audit logs.; Cofense Reporter: has no API.; Cofense LMS: The Cofense LMS API can be used to programmatically create, extract, update, and delete data from Cofense LMS.
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Software cannot be customised, however, some of our content within our SAT training solutions can be fully customised. IOCs and Threat data can be added to the Triage solution via the API or GUI. Our fully managed Services can be customised to some degree, depending on customer need, eg, reporting output, etc.

Scaling

• Independence of resources: The capacity of Cofense's hosted services is monitored consistently. Cofense utilizes Amazon Web Services (AWS) cloud hosting service exclusively to host our SaaS applications. The high level of geographic and IT infrastructure redundancy provided by AWS addresses our requirement for redundancy. AWS allows for increased computing as needed based on load.

Analytics

• Service usage metrics: Yes
• Metrics types: The Cofense PhishMe dashboard offers comprehensive metrics on company-wide training effectiveness, identifying vulnerable employees and areas. Each scenario generates detailed reports on responses, including browser analysis, device usage, and geographic data. Cofense Triage delivers HTML-formatted summaries, detailing cluster and email activity, rules, playbooks, and system stats. These reports can be scheduled and customised for delivery. Cofense Intelligence provides threat reports, flash reports, and executive summaries to combat phishing threats. Cofense LMS offers six report types, including quiz results and enrolment data, to monitor learner engagement and progress effectively.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Cofense

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Each Cofense solution that holds user data offers data export to CSV file through the user interface.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLS
  • PNG
  • PDF
  • JPG
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Data in transit between the customer network and Cofense network/applications is TLS-encrypted.
• Data protection within supplier network: Other
• Other protection within supplier network: All customer database-resident Cofense application data is encrypted at rest using industry-accepted AES-256 encryption.

Availability and resilience

• Guaranteed availability: Our Master Software and Services Agreement (MSSA) states that Cofense will use commercially reasonable efforts to provide Customer administrators with online availability to Cofense SaaS hosted solutions 99.8% of the time in any calendar month (“Uptime”), excluding downtime caused by Scheduled Maintenance, force majeure events, or acts or omissions of Customer not in accordance with the Agreement and Documentation. Please see the link to the Cofense MSSA here: https://cofense.com/legal/mssa/.
• Approach to resilience: The data centre electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide backup power in the event of an electrical failure for critical and essential loads in the facility. Data centres use generators to provide backup power for the entire facility. These units are tested at least annually.
• Outage reporting: Cofense reports any outages to customers via email. For product-specific information regarding commitment to uptime and metrics, please see our MSSA: https://cofense.com/legal/mssa/.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Cofense PhishMe offers login via username/password with multi-factor authentication. Additionally, it supports SSO with SAML 2.0, configurable through Cofense Support upon request.; ; For Cofense Triage, login is via local accounts (username + password) or AD/LDAP integration for on-premise deployments. SSO configuration is available for both on-premises and Cofense-hosted cloud instances.; ; Cofense Reporter does not require login.; ; For Cofense Intelligence, access to the portal is through username/password.; ; Cofense LMS offers local authentication, where users receive an activation link to set up their password and multi-factor authentication. With SSO, users log in using their authentication provider's credentials.
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: Cofense PhishMe offers login via username/password with multi-factor authentication and supports SSO with SAML 2.0, configurable through Cofense Support.; ; Cofense Triage allows login via local accounts or AD/LDAP integration for on-premise deployments. SSO configuration is available for both on-premises and Cofense-hosted cloud instances.; ; Cofense Reporter does not require login.; ; Cofense Intelligence portal login is via username/password.; ; Cofense LMS users receive an activation link for local authentication to set up their password and multi-factor authentication. With SSO, operators log in using credentials from their authentication provider.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: MSECB. www.msecb.com
• ISO/IEC 27001 accreditation date: 23/07/2019
• What the ISO/IEC 27001 doesn’t cover: The scope of the audit is to ensure the security of Cofense business data as well as the operation of software and services used to process the data, are protected against internal, external, deliberate, or accidental threats that could result in the compromise of confidentiality, integrity, and availability, in accordance with the Statement of Applicability (SoA), Ver. 1.033 dated 2021-01-12.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Sysnet Global Solutions
• PCI DSS accreditation date: 23/02/2023
• What the PCI DSS doesn’t cover: This validation status is based on the self-assessment provided by COFENSE INC regarding compliance with the Payment.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • AWS
  • ISO 9001 /27017 /27017 / 27018
  • SOC 1 / SOC 2
  • SOC 3C5 (Germany)
  • DoD SRG
  • FedRAMP
  • FIPS
  • IRAP
  • MTCS

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cofense achieved SOC 2 Type II certification for PhishMe and Triage phishing defence solutions. SOC 2 process includes annual security policy reviews for SaaS products, semi-annual infrastructure security configuration checks, weekly system audit log reviews. Additionally, corporate network undergoes ISO27001 audits, separate from production service networks. Certificates accessed under NDA.
• Information security policies and processes: Cofense has a formal security program that includes a security team drawn from managers and technical personnel specializing in information security. This team meets on a weekly basis and maintains a calendar of security activities that take place throughout the year based on the requirements of our security policies. We have a number of security policies that, together, address every aspect of our IT infrastructure. Information Security policies and procedures are maintained and published in our corporate document repository and updated on an as-needed basis. The designated senior management person for Cofense is Reena Paraguay - General Counsel, Chief Privacy Officer, Data Protection Officer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Updates to Cofense's SaaS software are distributed through an automated process that is described in the redacted document named, "Change Control Process for Cofense SaaS Environments_08Oct2021_Redacted.pdf." This document is available for viewing with appropriate NDA in place. This document also identifies the automated tools that are used to deploy these changes and describes the company's complete workflow for managing patches and software updates.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Cofense follows our published vulnerability management process: performing regular vulnerability scans/management of mitigation and remediation tasks for all identified vulnerabilities. Vulnerability reports may originate from a variety of sources including: Reports generated from automated vulnerability scans against systems and infrastructure. Reports from Cofense personnel who have become aware of vulnerabilities from other sources such as external advisories from vendors or open source projects. Reports of security issues detected in Cofense's products originating from automated security scans/manual security reviews of program source code. Reports identified by Cofense IT. Any findings will be processed by our internal vulnerability assessment remediation process.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cofense's "Security Monitoring and Response Policy" document identifies controls and policies which exist to protect the company from incidents arising from misuse and malicious activity. Redacted copies of this process can be shared at customer request upon receipt of an executed Non-disclosure Agreement (NDA).
• Incident management type: Supplier-defined controls
• Incident management approach: A redacted Incident Response Process named, "Cofense Incident Response Policy and Procedure for SaaS Infrastructure 28Sep2022 Redacted.pdf" is attached for viewing with appropriate confidentiality terms in place between Cofense and the client.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cofense is a software and services provider. Our operations do not have a major impact on the environment, but we support environmental initiatives. However, our cloud hosting provider, Amazon Web Services (AWS) does have multiple initiatives related to reducing its carbon footprint. Information related to how AWS is reducing its carbon footprint is available at: https://sustainability.aboutamazon.com/environment/carbon-footprint.

  Covid-19 recovery

  Covid-19 recovery - At the start of the COVID-19 pandemic, Cofense made a decision to not include any pandemic-related template within our PhishMe library and recommended to our customers that they avoid these themes in their simulation programs due to the levels of concern and uncertainty already felt by their staff, and the risks it places on ensuring legitimate pandemic-related emails are read and understood. Instead, Cofense focused on delivering extensive awareness resources based on real COVID-19 themed phishing threats identified by our Threat Intelligence and Phishing Defence teams. Cofense made these resources available to all to support relevant COVID-19 phishing awareness programs.

  Equal opportunity

  Equal opportunity - The Cofense Global Code of Conduct discusses Cofense's commitment to Equal Employment Opportunity and Diversity. The policy is available in a document named, "COFENSE GLOBAL CODE OF CONDUCT_12-29-19_v1.pdf" available for viewing with an executed non-disclosure agreement (NDA).

  Wellbeing

  Wellbeing - Cofense promote Health & Wellness Internally and employees are encouraged to join in with regular activities organised by our global HR team. These can include "Health Habits" challenges, Health and fitness challenges and other activities to promote overall wellbeing. Further, our employees are offered time-off days to volunteer/contribute to community/social initiatives they care about.

Pricing

• Price: £30 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Ask Razorthorn for more information.
• Link to free trial: Ask Razorthorn for more information.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.