Email threat simulationOrhan Sari
Keepnet Email threat simulation is an excellent opportunity for testing cybersecurity posture. It examines your border protection systems with next-generation phishing and exploitation techniques and lets you harden your security configurations, such as Firewall, AntiSpam, Anti-Virus, and Security Information & Event Management.
95% of successful attacks on corporations are based on phishing e-mails. According to Gartner, “Phishing e-mails will continue to be the primary method used by advanced attacks until 2020.” To minimize these threats, Keepnet Labs presents a holistic security approach that focuses on people, processes, and technology. In this context, Keepnet Labs offers regular testing and remediation services for testing, improving and taking additional measures of technological investments. Moreover, with simulation logic, Keepnet Labs tests the attack vectors targeting the institutions through the e-mail service and helps to take the necessary actions according to results.
When you share the information and configuration options for your test account, it sends attack vectors to test email address then connects to the mailbox of the test email address and checks their status. A sample workflow is shown below.
Note! ETS does not operate by involving with the traffic between client and server. Security audits carried out by intervening with traffic are insufficient for Antispam, Antivirus and Email services. Therefore, Keepnet Labs ETS service provides for conducting real-world mxtoolbox risks.
Unlike the other cyber threat simulation platforms, Keepnet Labs offers some unique methods, which will convince individuals to use it:
- Unlike known vulnerability scanning services, it controls missing/incorrect configuration options.
- Systems that test active network devices by moving traffic are insufficient, and this lack is sustained by real attack vectors by Keepnet Labs.
- It reports about intrusions with domain squatting features and its integrated cyber intelligence services.
Integration Options for Corporates Network
There are full integration options for organisations that have shut down services such as Pop3 and Imap to the outside world and offer web-based email access to their users. In this sense, to connect to the test e-mail box, the integration with “Outlook Web Access” option is the right solution.
Cyber Threat Intelligence
This option allows you to take action against the attacks and its effects early by learning sensitive data belonging to the company (e-mail address, password, domains similar to the domain name, etc.) from leaked data and anonymous sources.
It is the process of obtaining lists of e-mail addresses using various methods. These e-mails, which are usually captured, are then used for mass e-mails or spam.
Company employees are becoming clear targets of spam or spear phishing attacks with traces left on the internet by corporate e-mails.
It is an attack vector made with domain names created by imitating the value of a company’s domain name.
Firms or customers can be victims of imitations of their domain names or brands they own and target-oriented spear phishing attacks.
It scans your e-mail service against known vulnerabilities. It works integrated with automation scanning software such as Nessus and Nexpose as well as with third-party services such as Mxtoolbox.
These are attacks that target vulnerabilities in client applications that interact with a malicious server or process malicious data. Here, the client initiates the connection that could result in an attack. It requires users such as tempting them to click a link, open a document, or go to a malicious website. It includes attack vectors such as internet browsers, media players, adobe, java, etc. client-side tools for Internet users.
It contains known harmful substances in email attachments. In this category, malicious attachments not recognised by antiviruses are also available, and they are expected to be detected by behaviour analysis. It works integrated with the Metasploit tool and various third-party services.
Ransomware is a type of malicious software that blocks access to the victim’s data or threatens to publish or delete it until a ransom is paid. It contains annotations that simulate known ransomware and their actions.
It inspects missing, faulty configurations. It tests known and frequently misconfigured configurations with active scan options, and it also has test scenarios to determine if you are implementing the best configuration options.
It contains e-mails that contain known vulnerabilities of internet browsers. It sometimes contains a link or an abused piece of code.
File Format Exploits
Many file formats (pdf, mp4, HTML, doc, etc.) can contain exploits. This module includes known file format exploits. It works integrated with known file types (pdf, word, mp4 etc.) with Metasploit tool and various third-party services.
Sign up for Keepnet Labs
You can sign up for free at https://dashboard.keepnetlabs.com/Modules/User/PRegister.aspx Once you become a member, you can log in at https://ets.keepnetlabs.com/.
Create test account
A test email address and password are required for the service to work successfully. If you do not define a password, the actual risk may not be reported to you, because the delivery status of e-mails can not be checked!
Secure Configuration Suggestions
If your organization has concerns about creating a security risk with this test email address and password, you can make suggestions:
- You can restrict test email’s sending option. There is a guide that show you how you can configure it.
- By requesting the IP address of the Keepnet Labs ETS servers, you can restrict access to these addresses.
Quick Scan Option
You can make your account definitions and start browsing directly. With this option, attack vectors will be simulated in all categories.
Advanced Scan Option
It is the scan option that you can customise settings and connect them to schedule.
The report interface contains all the details of the simulation result. Solution suggestions for findings and references contain guiding details for you to develop solutions.
Interpretation of the Report Summary
Successful attacks are reported as “failed”, which is a problem that you are affected by and should be resolved
Failed attacks are reported as “pass”. This indicates that you are not affected by such attacks.
The summary of the results is listed as follows.
Scorecards and Development Chart
Keepnet Labs ETS gives scores from A to F according to the results. The calculation of these points is as follows;
And the score tables point out:
- Score: The score calculated according to the average of Phishing, Vulnerability, CTI (Cyber Threat Intelligence) scores.
- Phishing Score: The score you have calculated according to what you have received from the Keepnet Labs Phishing simulator.
- Vulnerability Score: The score which is created based on the results of the weakness scan.
- CTI Score: The percentage of points awarded by the cyber intelligence services.
The last 7 scan results provide visuals to report for your progress. You can see your progress based on Passed, Failed and Unchecked output.
Please feel free to contact us with any questions you may have.
About Keepnet Labs
Keepnet Labs is a cyber security awareness and defense platform that provides a holistic approach to people, processes and technology in order to reduce breaches and data loss. Many institution assume technology is an adequate remedy to eliminate cyber threats, however people and processes are integral to a strong defensive posture. Therefore, Keepnet Labs is special in the sense that, it focuses three diverse phenomenon: people, processes and technology. For more information, contact us at [email protected]