Keepnet Labs Email Threat Simulator (ETS)Orhan Sari
Keepnet Labs Email Threat Simulator (ETS) against Phishing attacks
Target-oriented phishing attacks (spear phishing) have been one of the most dangerous types of attacks that cause serious data breaches. According to the researchers (2016),
- 91% of the violations were targeted by spear-phishing attacks.
- It takes an average of 146 days to detect a violation.
- Average of 82 days is required to prevent cybersecurity breaches.
- The overall average cost of data breaches is about $ 4 Million.
To minimize the above threats, Keepnet Labs proposes a holistic security approach that focuses on people, processes and technology. In this context, Keepnet Labs offers regular testing and remediation services for testing, improving and taking additional measures of technological investments.
With simulation logic, Keepnet Labs tests the attack vectors targeting your institution through the e-mail service and helps you to take the necessary action for your results.
Keepnet Labs Email Threat Simulator Workflow
When you share the information and configuration options for your test account, ETS sends real attack vectors to your test email to evaluate your corporate email domain then connects to the test inbox to check vulnerability status. A sample workflow is shown below.
Unlike the other cyber threat simulation platforms, Keepnet Labs Email Threat Simulator offers some unique methods, which will convince individuals to use it:
- Unlike known vulnerability scanning services, it controls missing/incorrect configuration options.
- Systems that test active network devices by moving traffic are insufficient, and this lack is sustained by real attack vectors by Keepnet Labs.
- It reports about intrusions with domain squatting features and its integrated cyber intelligence services.
Integration Options for Corporates Network
There are full integration options for organizations that have shut down services such as Pop3 and Imap to the outside world and offer web-based email access to their users. In this sense, to connect to the test e-mail box, the integration with the “Outlook Web Access” option is the right solution.
It scans your e-mail service against known vulnerabilities. It works integrated with automation scanning software such as Nessus and Nexpose as well as with third-party services such as Mxtoolbox.
It includes attack vectors for Internet users.
It contains known harmful substances in email attachments. In this category, harmful attachments not recognized by antiviruses are also available and they are expected to be detected by behaviour analysis. It works integrated with Metasploit tool and various third-party services.
It contains annotations that simulate known ransomware and their actions.
It inspects missing faulty configurations. It tests known and frequently misconfigured configurations with active scan options, and it also has test scenarios to determine if you are implementing the best configuration options.
It contains e-mails that contain known vulnerabilities of internet browsers. It sometimes contains a link or an abused piece of code.
File Formats Exploits
It works integrated with known file types (pdf, word, mp4 etc) with Metasploit tool and various third-party services.
Sign up for Keepnet Labs ETS
Create a test account
A test email address and password are required for the service to work successfully. If you do not define a password, the actual risk may not be reported to you, because the delivery status of e-mails cannot be checked!
Secure Configuration Suggestions
If your organization has concerns about creating a security risk with this test email address and password, you can make suggestions:
- You can restrict the test email’s sending option. that shows you how you can configure it.
- By requesting the IP address of Keepnet Labs ETS servers, you can restrict access to these addresses.
Quick Scan Option
You can make your account definitions and start browsing directly. With this option, attack vectors will be simulated in all categories.
Advanced Scan Option
It is the scan option that you can customise settings and connect them to schedule.
The report interface contains all the details of the simulation result. Solution suggestions for findings and references contain guiding details for you to develop solutions.
Interpretation of the Report Summary
Successful attacks are reported as “failed”, which is a problem that you are affected by and should be resolved. Failed attacks are reported as “pass”. This indicates that you are not affected by such attacks.
The summary of the results is listed as follows.
Scorecards and Development Chart
Keepnet Labs Email Threat Simulator gives scores from A to F according to the results. The calculation of these points is as follows;
And the score tables point out:
- Score: The score calculated according to the average of Phishing, Vulnerability, CTI (Cyber Threat Intelligence) scores.
- Phishing Score: The score you have calculated according to what you have received from the Keepnet Labs Phishing simulator.
- Vulnerability Score: The score which is created based on the results of the weakness scan.
- CTI Score: The percentage of points awarded by the cyber intelligence services.
The last 7 scan results provide visuals to report for your progress. You can see your progress based on Passed, Failed and Unchecked output.
Getting Help with Keepnet Labs Email Threat Simulator
Please feel free to contact us with any questions you may have. firstname.lastname@example.org
Editor’s note: This blog is updated on 8 June 2020.