NC Nov-Dec 2023
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
PRODUCT REVIEW<br />
Hornetsecurity<br />
Security<br />
Awareness Service<br />
PRODUCT REVIEW<br />
PRODUCT<br />
REVIEWPRODUCT RE<br />
Cybercriminals never sit still and are<br />
always looking for new ways to outwit<br />
businesses and breach their security<br />
controls. Email spear phishing is still one of the<br />
most successful and prevalent forms of attack,<br />
so businesses must be more robust in their<br />
defences and stop seeing staff as just another<br />
security risk.<br />
Security Awareness Service (SAS) from<br />
Hornetsecurity is an innovative solution that<br />
turns staff from a potential liability into an extra<br />
defence layer. Using Hornetsecurity's patented<br />
Spear Phishing Engine (SPE), it tests and e-<br />
trains them in attack recognition and<br />
avoidance techniques.<br />
SAS goes further than many competing<br />
solutions as, instead of merely providing<br />
templates to help build phishing scenarios, the<br />
SPE does it all for you by automatically creating<br />
realistic simulated phishing emails, based on<br />
the most current types of attacks.<br />
Even better, it employs its Awareness Engine<br />
and patented Employee Security Index (ESI®)<br />
to regularly evaluate each user's behaviour<br />
and increase or decrease the level of training<br />
intensity to help them achieve a strong<br />
security mindset.<br />
Deployment is swift, as you whitelist the<br />
spoofed mail domains used by SAS, and onboard<br />
users and groups from Active Directory<br />
(AD), Azure AD, LDAP or via CSV upload.<br />
Ongoing management is equally simple, as<br />
SAS uses the same web portal as all other<br />
Hornetsecurity products to provide a single<br />
pane of glass. From the SAS configuration<br />
page, you view all evaluated users and groups,<br />
enable phishing simulations and set up e-<br />
training. For phishing simulations, you can hand<br />
the whole process to the Spear Phishing Engine,<br />
which automatically generates and sends<br />
simulated phishing emails, based on each user's<br />
measured security level.<br />
Plenty of customisation is available,<br />
as you can have personal evaluations sent to<br />
each user, so that they can view them in their<br />
own Security Hub portal and choose to view the<br />
types of phishing emails, with options for<br />
emails containing attachments, macros,<br />
credential phishing and domain spoofing. A<br />
Report Phishing for Outlook plug-in is also<br />
available, so users can report suspicious emails.<br />
The e-training module is activated for all users<br />
and you can specify the number of training<br />
sessions it should carry out each year. The<br />
Awareness Engine is very smart, as its Single<br />
User Booster feature ensures weak users in a<br />
group receive more training, while the<br />
Productivity Booster reduces training for those<br />
with high security scores.<br />
At this point, you can leave SAS to get on with<br />
its job in the background and as users receive<br />
their test phishing emails, it watches what they<br />
do with them. If they recognise and report it,<br />
they'll improve their security score; but, if they<br />
click on a link or open an attachment, the e-<br />
training module kicks in, right at the 'most<br />
teachable moment'. Users that were tricked are<br />
redirected to an advisory web page, which<br />
provides interactive e-training that teaches them<br />
all the things they need to look out for. It shows<br />
how to validate the sender's address, hover the<br />
cursor over a link to see its real destination and<br />
question the message content - all simple, but<br />
important, precautions.<br />
The SAS dashboard shows your current and<br />
projected ESI® scores and enables selfgovernance<br />
with knowledge, as it compares<br />
your company's rating with the industry average.<br />
A statistics page provides charts of all actions<br />
carried out on test emails, their success rates<br />
and which psychological tricks are proving<br />
to be the most effective.<br />
Hornetsecurity's Security Awareness Services is<br />
a staunch ally in the fight against phishing. It<br />
can turn staff into a valuable security asset, and<br />
its power-ful automated phishing simulation,<br />
response and e-training capabilities make it<br />
remarkably easy to deploy and to use. <strong>NC</strong><br />
Product: Security Awareness Service<br />
Supplier: Hornetsecurity<br />
Web site: www.hornetsecurity.com<br />
Tel: +44 (0) 203 0869 833<br />
Sales: sales@hornetsecurity.com<br />
Contact Hornetsecurity for pricing.<br />
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER <strong>2023</strong> 19<br />
NETWORKcomputing<br />
@<strong>NC</strong>MagAndAwards