Keepnet Labs Phishing outlook add-in for Microsoft’s Outlook: email users simplify the steps to report suspicious emailsOrhan Sari
Keepnet Labs Phishing outlook add-in for Microsoft’s Outlook: email users simplify the steps to report suspicious emails such as phishing with a single click in your company’s SOC team.
Keepnet Labs Phishing outlook add-in works with a button in the Outlook. It helps you easily report misclassified e-mail to responsible people in your company and its affiliates for analysis to help for improving the effectiveness of e-mail protection technologies used. When users suspected an e-mail that might be part of a phishing attack or coming from spammers that they want to ban it on the company’s email server, they can click on the Suspicious E-mail Reporter Reporter button to forward the selected emails as attachments to a special set-up email address. Then, it is possible for the security or IR staff to analyze the email, and when necessary, to blacklist the domain in the company’s spam blocker.
Keepnet Labs Phishing outlook add-in turns everyone into active agents to detect phishing emails.
Keepnet labs Phishing Phishing outlook add-in: applies security best practices to avoid delayed detection of threats. It turns ever user into an active agent detecting suspected phishing emails. It automates the process of forwarding suspicious emails as attachments keeping important email header information.
Keepnet Labs Phishing outlook add-in ensures the notifications to be transferred different platforms
- It can convert to automatic call in help desk
- It can register for central register server
- It may make a positive note to the user due to his/her conscious behaviour.
- It is possible to get a detailed report of suspected emails.
Benefits of Keepnet Labs Phishing outlook add-in
Direct benefit to email user;
- Employees report aggressive attacks with a single click.
- Early “Phishing” warnings are taken from users and a “sensor” network is created.
- The user is notified of this correct action when the user clicks the “Report Phishing” (3) button in a simulated Phishing security test.
- It allows the user to send a suspicious e-mail to analysis services and get a risk score.
- Institution’s security culture strengthens.
- Employees receive immediate feedback that enhances their training.
Benefits to the security operation centre (SOC);
- Unwanted e-mails can be deleted from the user’s e-mail box with information received from the command centre.
- It reports which e-mail message is in an e-mail box of users.
- If the existing security measures are inadequate for analysis, detection and prevention, it gives the occasion to benefit from Keepnet Labs analysis service.
It provides more effective security measures with integration with third-party systems (siem, firewall etc.)
Keepnet Labs Phishing outlook add-in
Once you have logged in to the Keepnet Labs management interface, the Outlook Add-in menu helps you prepare custom plugins.
Keepnet Labs Phishing outlook add-in Setting up
Keepnet Labs Outlook add-in is available in two versions, 32 bit and 64 bit. Both versions support unattended installation.
The following methods can be used to set up with Group Policy over Active Directory. Depending on the version of the domain controller, the steps may differ. In this article, a description has been made on a DC with Windows 2012 R2 operating system. If you would like to follow the video description, you can follow it on YouTube by clicking here.
Prerequisites for Client;
Microsoft Visual Studio 2010 Tools for Office Runtime (x86 and x64)
Microsoft .NET Framework 4 Client Profile (Standalone Installer)
Firstly, the executable file (.msi extension) must be shared. Below is the shared folder that contains this file
The installation of the folder attachment containing the relevant file is shared with the desired group. In this example, the folder is shared with Everyone. It is recommended that this file is shared only with the ‘Read’ authority so that it will not cause any security weaknesses (such as escalation).
Then a Group Policy Object (GPO) is created on the domain.
Below is the Group Policy Object created with the name Keepnet Labs.
Then the group policy is edited and the corresponding executable file is added as a new package. Below is the corresponding screenshot.
Below is the display of this file being added to the policy.
Then you are asked how you want to distribute this file. The ‘Assigned’ option is selected. With this option, a computer in the domain will apply this policy to its first startup and will install the Keepnet Labs Outlook add-in.
Then the new policy is applied to the systems with the ‘gpupdate’ command. If this policy is applied, computers may need to be restarted. In this case, restarted computers will have Keepnet Labs Outlook add-in installed.
The following plug-in has been installed in the Outlook application. With the help of this add-in, employees can easily send emails about suspicious employees.