Free Tools Drill Flashcards
PST
Phishing Security Test.
A simulated phishing attack performed by KnowBe4 on email addresses an organization provides us. The purpose of the test is to see how prone the organization’s employees are to click on phishing links.
How it works: The PST user selects a phishing template; then a landing page (where an employee is taken if they click a phishing link). Employees who click on phishing links are taken to that landing page and shown the red flags they overlooked. The PST user will then receive a report with their Phish-prone percentage.
ASAP
Automated Security Awareness Program.
A tool that simplifies the process of creating customized Security Awareness Programs.
How it works: The user completes a questionnaire about their organization and goals. ASAP then generates a custom plan based on the user’s specific needs.
BPT
Breached Password Test. A tool that checks to see if an organization’s users are currently using passwords that are in publicly available breaches associated with the org’s domain.
How it works: BPT checks to see if an organization has been part of a data breach that included passwords. Then it checks to see if those passwords still exist in the organization’s active directory.
PAB
Phish Alert Button.
An email plugin that gives users a safe way to handle actual or potential phishing emails.
How it works: PAB forwards the suspect email to the organization’s security team for analysis. It also deletes the email from the user’s inbox, to prevent future exposure.
EEC Pro
Email Exposure Check Pro.
Identifies the at-risk users in an organization by searching business social media information and hundreds of data breach databases.
The EEC Pro works in two stages:
Stage 1: Does deep web searches to find any publicly available organizational data. This shows what an organizational structure looks like to an attacker.
Stage 2: Finds any users that have had their account information exposed in any of several hundred data breaches. These users are particularly at risk because an attacker knows more about that user, up to and including their actual passwords!
DST
Domain Spoof Test.
A test that checks a domain name—for example, knowBe4.com—to see if it can be spoofed.
For example, a “bad guy” could send an email from badguy@attacker.com, but it would be spoofed to look like it came from goodguy@knowbe4.com.
MSA
Mailserver Security Assessment.
Tests a user’s mailserver configuration to check the effectiveness of the mail filtering rules.
MSA gives the user a quick insight at how their mailserver handles test messages that contain a variety of different message types, email with attachments, or emails with spoofed domains.
RanSim
Ransomware Simulator.
Simulates 13 ransomware infection scenarios to determine if a user’s workstation is vulnerable to infection. RanSim also allows users to see if their antivirus software is incorrectly blocking files.
Second Chance:
A tool that checks links originated in email messages, including embedded links within attached Office Documents and PDFs. It asks the user if they’re sure they want to follow the link, giving them a second chance to evaluate the link.
USB Security Test:
A tool that finds out how users react to unknown USB drives. The purpose is to see how many users will pick up the USB drive, plug them into their computer, and open files.
How it works: When an employee opens the file, it will “call home” and report a “fail” to their KnowBe4 console. If the user opens a doc and also enables macros, (short for microinstruction, which is a mini program) additional data is tracked.
Weak Password Test:
Checks an organization’s Active Directory for several different types of weak password related threats.
How it works: Once the test is complete, it generates a report of the users who have weak passwords. It does not report the actual passwords of the users; rather it highlights which ones should be addressed.
