Email Threat Simulator
By learning new generation phishing attacks, email threat simulator can test new generation APT products (Fireeye, Deep Security, etc.) and the anomaly detection systems (SIEM) along with traditional protection mechanisms (Antispam, Antivirus, Content Filter, etc.) and configure the protection options you observe.
95% of all cyber attacks on enterprise networks are the result of successful spear phishing.
At SMSAM Systems, we have taken a holistic approach to this problem by creating complimentary product modules that focus on People, Process and Technology.
Our Email Threat Simulator module regularly tests your technological investments (such as firewalls, anti-spam and anti-virus), using simulation logic to mimic the attack vectors targeting organisations through your email services.
The results allow you to discover weaknesses in your technology in a safe environment and take the necessary action proactively before you’re attacked.
Included in the Email Threat Simulator module is the email harvesting feature. We scan the wider web ecosystem to quantify traces of your organisational and employee email addresses which could be harvested for spam and spear phishing.
Also known as CEO fraud, domain squatting is the process of mimicking your corporate domain with alternative, similar domains to attempt to trick employees into responding with sensitive data. Our Email Threat Simulator tests your technology infrastructure to quantify the deliverability of such emails and thereby assess vulnerability.
This feature scans your email service against known vulnerabilities. It integrates with automation scanning software, such as Nessus and Nexpose, as well as with third-party services such as Mxtoolbox.
Client Side Attacks
These are attacks that target vulnerabilities in client applications, forcing them to interact with a malicious server or process malicious data. Our Email Threat Simulator tests the detection and delivery of such attacks.
Our Email Threat Simulator contains known harmful substances in email attachments. Harmful attachments not recognised by anti-viruses are also available, and they are expected to be detected by behaviour analysis. This feature integrates with the Metasploit penetration testing tool and various other third-party services.
Ransomware is a type of malicious software that blocks access to the victim’s data or threatens to publish or delete it until a ransom is paid. Our Email Threat Simulation contains annotations that simulate known ransomwares and their actions.
Our Email Threat Simulation inspects your infrastructure to test for known and frequently misconfigured functions in your email services. Additionally, it also has test scenarios to determine sub-optimal configuration and make best practice recommendations.
Our Email Threat Simulator includes penetration tests that contain a link or abusive piece of code that exploits the known vulnerabilities of internet browsers.
File Format Exploits
Many popular file formats (pdf, mp4, html, doc, etc.) can contain exploits. The Email Threat Simulator contains all these known file format exploits and integrates with the Metasploit penetration testing tool and various other third-party services.