Cofense Vision 3.0 detects how users interact with phishing messages

Cofense has launched Vision 3.0, the latest enhancement to its Phishing Threat Detection and Response (PDR) platform, which significantly improves incident response times. This new version provides security teams with detailed visibility into user interactions with phishing emails that bypass perimeter defences. Building on the existing “Who Opened” feature, the updated “Who Clicked” functionality allows analysts to monitor in real time whether a user opened a malicious email, clicked a link, downloaded a file, or connected to a suspicious domain. This enriched behavioural context enables teams to swiftly isolate threats, reset credentials, and implement follow-up actions without delay or uncertainty. Additionally, Vision 3.0 supports hybrid deployments, allowing organisations to operate seamlessly across both on-premise and cloud infrastructures, ensuring consistent and scalable protection in complex environments.

In 2024, the Cofense Phishing Defence Centre reported detecting a malicious email every 42 seconds, marking a 26% increase from the previous year, largely due to threat actors leveraging generative AI for attacks. While many vendors respond with AI-based automation, these solutions often replicate the limitations of traditional in-line gateway filtering. Missed emails are typically routed to abuse mailboxes, where automated tools attempt to rectify the oversight, still relying on flawed foundations. Cofense adopts a different strategy, drawing intelligence from over 35 million users globally, which allows for the identification of “post-gateway” threats that others may overlook. Each detection is supported by human curation, ensuring unmatched accuracy. Jason Meurer, Senior Technical Product Manager at Cofense, emphasises that human-vetted intelligence is crucial for effective cybersecurity. Vision 3.0 equips analysts with immediate insights into user engagement with threats, facilitating rapid actions such as endpoint isolation and credential resets, while also addressing sophisticated threats like .ICS-based calendar phishing through its new Calendar Quarantine feature.