Transcript
David Littman: Hi Dave. Littman Truth in IT. Welcome to today's webcast. New School Security Awareness Training. We have a web demo today from KnowBe4 and of course, today's event is sponsored by KnowBe4. And in just a second I am going to be bringing out Jeffrey Gelinas. Jeffrey is product manager with KnowBe4. He's going to be taking us through a demo of some of KnowBe4 newest features. But before we do that, a few housekeeping tips. We expect today's event to go probably about 30, maybe 35 minutes, and we will be taking your questions and comments in the chat room. So please keep those coming. If you have any questions about the content or about the audio stream or video quality or anything like that, we've got staff standing by from Truth in IT to answer any of those questions. So without further ado, let's get to it. Jeffrey, welcome. Jeffrey Gelinas: Hello. Hi, Dave. David Littman: Hey, great to have you back, Jeffrey. So I understand there's some new stuff I want to give you a chance to get to that I know you got a lot to cover, so I'm going to turn it over to you. Maybe just, you know, interrupt here or there. But for the most part, I'll let you take it away. Jeffrey Gelinas: Awesome. Perfect. Happy to be here. So, yeah, so like Dave said, product manager here at KnowBe4. And today I'll be taking you through some of the different things that we have inside of the platform and also some new features like our callback phishing that we've recently added into the platform. So I'm kind of going to just jump right in here. So one of the first things that you're going to see when you sign into the platform is going to, of course, be the dashboard. And the first thing you see on the page is going to be the risk history over the last six months. And you'll see that my risk scores continue to decrease as I've run simulated phishing tests as well as sent out security awareness training to my users of my organization. Beneath that is going to be the phishing area, and that's going to show you the different phishing security tests as they sit over the last six months. You'll notice that we have a number of different failure types as well that are inside of our different phishing campaigns. So you can have users that might click on on a link, but also people who may actually enable a macro on a particular attachment or even reply back to the message, perhaps with like banking information or other types of sensitive contents. Right. We even have some things that are QR code based too. So that's something that we've been seeing is that, you know, to get around the the the email security gateway, it's to throw the Phish link inside of a QR code. So that way it's an image and send it in that way. But we have a way to simulate that as well. Over here on the right hand side is a way for you to see how you measure up to your peers in the same industry and organization size and also your program maturity, you know, so it's kind of a fair way to measure, you know, have I been running this program for 90 days or have I really been, you know, in this for over a year or more? The next section is going to be the fish alert button area. This area here is around the fish alert button, which is inside of the user's inbox and lets them report what they consider to be a suspicious message. Whether or not it's simulated, we'll be able to determine that and mark it as reported inside of our simulated campaign. But if it's non simulated, that could go into our platform, which is a platform that will allow you to ingest that message and analyze it and maybe run some rules and quickly remediate it and maybe even take it a step further and rip it out of other users inboxes using our fish rip functionality. But that's a webinar for another day. Moving on down here to is going to be the learner platform, which will show you the training platform area that your users are taking training on. So whether it's a desktop mobile or a KnowBe4 Learner app which is available on iOS and Android devices so users could take their training on the go as well as offline too. It's also something that we recently added into the Learner app is going to be offline mode so that way users can take that when they don't have a connection. Get the things down here are going to be things measuring your users proficiency as well as your users culture. Two different things around security awareness, such as social media awareness or passwords and authentication and even getting into some things around like the behavior and cognition around like different types of security policies or different attitudes to those types of things in your organization. All right. So moving from the dashboard page, guess I can kind of head on over into one of the other things that we wanted to talk about here, which is one of our newer features under the fishing area. Right? So we've been doing a lot of things around fishing, and you can kind of come in here and create your campaigns and you'd send out an email template and inside of that template it would either have, you know, like I mentioned, a link, an attachment or something of that nature for the user to fail on. But we've kind of taken it a step further with our new feature of callback fishing. And so I kind of want to show that off here real quick. So over here is going to be the callback fishing area. And so the premise of this type of an attack is we're going to we're going to send out a simulated fish that's going to have into the phone number and a code that's unique to that user. So when the user receives that email, they can choose to then pick up the phone, dial that number and input that code. And then also you can ask them for a second failure step, which might be like to enter in their Social Security number or enter in some other form of account number. That's a certain number of digits in your organization. See if the user would do that. So it consists of a few different things, including the email template, which is going to be what we're sending to the user first to actually get them to maybe call us, right. So I'm going to follow this idea of a workstation security alert that's happening from the IT team. So here we'll see that this is the message that's going to be sent to the user and it's going to have the dial the phone number and enter in that one time use MFA code to see if we'd be able to capture that. All right. So then now that that user has chosen to call us, we actually will have what the user is going to hear when they when they call the line. Speaker3: Thank you for calling the department. To verify your MFA authenticator. Please enter your security code from your email. Jeffrey Gelinas: And then if they entered in the wrong code. Speaker4: Oops. Speaker3: Looked like you entered the wrong code. Jeffrey Gelinas: Or if there's any other kind of error. Speaker3: Like something went wrong. Jeffrey Gelinas: But in the case of it being a success, then we can actually send the user some kind of a response and direct them to the next, you know, branch of this type of simulation. Right. So thank you. Speaker3: Received your code, your security code, your authenticator has been verified. Have a nice day. Jeffrey Gelinas: And so that is the entire callback fishing kind of simulation attack right there. So the email template, so calling us to the greeting template and then the response when the user has entered in that code. So all of that's going to be tracked here inside of the campaign itself. So here I'm going to go ahead and look at what that would look like in a campaign so we can look at the initial failures in the first eight hours and also different metrics around like, you know, the status of it. Also the phishing email that was sent and preview it here and also see the phone number that the user was supposed to have called and also preview that greeting template and response template right here from this overview area. Now, if I go into the users area here, I can actually see the people who were delivered open that message and those who actually called us back. And we can choose to actually store the number that that user called from as well. So if you're curious around what the dialed in on, do they call from their work or their cellular phone the type of metric you can also choose to record inside of here and also just how long that phone call lasted. We can also see the people that entered in the data right. So did they enter in the right number of digits for when they were prompted? And if they did, then we can assume that they actually entered in the code that we were looking for. The other thing too, that we have is the ability to show who reported it. Right. So these are going to be the people who use the fish alert button on the initial email message. And so these are the people who truly passed this because they not only realized that it was a fish, but they took the right action and chose to report it to the IT security team to actually remediate it. And so that is our new feature of callback fishing. All righty. So, you know, that's just one of the many different things that we have around here. So I also mentioned in our fishing area, too, that we had, um, QR code based templates. So essentially what one of those look like here. So if we go into our email templates and our system templates, we can go ahead and look at some of the different ones that are available here for QR code. And so let's take a look here. So I'm going to go ahead and look at this for following that to for kind of a theme here for an authenticator update where you would scan this and then that would take you to the landing page and the user would would actually fail the phishing test. Now, what do users see when they fail a traditional phishing test? Well, they're going to be taken to one of our landing pages. So some of these here can be really rich in content. So I'm going to show you our social engineering indicators landing page. And so this would be what the user would be shown if they were to have failed. And so now on this, they'll see the, you know, the one, two and three rules to hopefully not wind up on this page the next time, but also the email message itself. Right? And so all our templates, we actually localize a majority of our templates into over 34 languages and also they include red flags if there are. So we'll actually put in here the different things that the user should have looked for inside of the message and those will be localized in that language too. So right here at the point of failure, you're able to quickly review what it was in that message you should have been aware of. So hopefully not wind up here in the future. They're really good, really good point in time type of training and reinforcement during the simulation. All right. So that's kind of the fishing area of things here. And I'll get into some of the reporting on both the fishing and the training areas towards the end. But I guess the next thing that I'll kind of take us to is the training area. So before we can go into the training tab, one of the things that we need to talk about is our content, right? So what can we actually send out in a training campaign and all that's going to live inside of the Mod Store? And so we have a number of different modules here. We have different content types too. So whether it be newsletters and documents or it's a game video module or a training modules even, we have mobile first modules which are meant to be, you know, for that type of, you know, vertical scroll, quick text based type of learning that you can do while you're on your mobile device. And that's also available inside of our monster, too. We have, you know, live action style type of training like our Inside Man series, which is just finished up on a season release of Season five at the beginning of this year. And so that's a really good series where you'll see that your users are actually going to, you know, want you to actually give you the next episode of of of the training that you're doing. And that was a frequent ask that we get to see that we have some things here for Cybersecurity awareness month. But scrolling down here we also have some stuff for our compliance plus offering, which is like typical compliance training, things that you might see that are, you know, delivered from the HR department, typically like sexual harassment, ethics and code of conduct and a few others like GDPR and even ladder safety. And we recently released some modules on ladder safety in the workplace, too. So just like kind of expanding beyond the horizon of, you know, what you typically would consider our, our normal content, but really quality content because we found that that was kind of lacking in the marketplace. All right. So once I've kind of done that and got all the things that I need to put into a campaign, let's go ahead and look at the training area here and kind of see what we can do. So now that I'm in the training area, this will be where you're going to actually assign the things to the user. So I'm going to go ahead and look at the sales ongoing campaign. And here you'll see that I have my users that are being assigned a policy. So they're actually going to accept a particular policy. And also they're doing some kind of a introductory module to GDPR. I can also see at a glance the percentage of users that have completed all the content and the status of the campaign and also the notifications that are set to go out to the user. So we do have built in notifications that you can send once a user is enrolled in the training to remind them when the due date is coming up and even like a loop in the manager to, to really kind of get that that buy in to take the training. I can also see a breakdown of the users that have started that are incomplete and also those that have completed. And I see a breakdown of amount of time that they've spent here. So this is the breakdown of just the users that are in this particular campaign. So, you know, now that I've actually, you know, assigned something for my users, what do they see when they they go in to take the training? Because everything that we've kind of looked at so far, this has been the administrator's view of the platform. Right. So let's actually go into the my training area here and see what a user would see. Speaker4: All right. Jeffrey Gelinas: Cool. So this is what the user would see when they sign in. So right now I am showing as Aaron Anderson, which is an admin in the platform, but also I have a training area here, so it looks like I have five assignments that have been assigned to me that I need to actually start and complete. But I also see a breakdown of my phishing test results, the phishing failures, and also if I've reported any phishing emails as well, I also can see my personal risk score badges and leaderboard rankings, but then I can take it a step further and actually see how is my team doing? So I can go into this team dashboard area here and I can see my teams training progress, whether or not they've completed optional learning and how is my team doing on their fishbone percentage or their team, my team's individual risk score. I can go and see a breakdown of these users here and see who are phishing failures and these. These are my four users that have had phishing failures, but which ones have they failed on and when did they do that? So you can really get that kind of buy in from, you know, management across the board in terms of being able to be responsible for their particular phishing percentage and that type of security culture across the organization. And we didn't just stop there. Right? So we actually let you go down three layers deep in the organization's hierarchy. So if I want to look at how some of my reports reports are doing, I can also view that that user's dashboard as well and see just how downline, how, how well is security awareness going to my org? When I go to take my training, I'll skip the tour and I'll kind of show you around here. You'll see that the user can select the language of the module that they want to actually view it in. And also you'll see some different things around, like being able to start and resume things. So if the user starts, they can actually resume pick up where they left off. All right. I'm going to go ahead and return back to the console here. Speaker4: Mm. Jeffrey Gelinas: All right. And so now that we're here, let's see where else we want to go. I think one of the other places that we should probably call some attention to is in our reports area. So we've recently released an executive reports functionality here, which is AA3 different reports that will give you right out of the gate here for the security admin, the CSO and the team manager report. And so these are going to be fully customizable. So with Security Admin report, you'll see that we have the training completion which is grouped by my departments here and also showing the count as percentages of users that are complete in progress or not started. You can also see my risk score trend by department over time and also my training completion over time. And I can also look at my fishbone percentage of my phishing test results here over like my departments and also compared to delivered failed and failed and reported. Right. But now if I wanted to edit this report, I really have a lot of power in editing these different types of things that are showing here. So let's say, for example, this for training completion. If I wanted to change how it would be grouped by, I can come in here and actually say, let's group that by training campaign instead. And so now I've grouped this by my training campaign and I have my users that are taking optional content initial campaign. So my initial campaign is of course, at 100% complete, which is great, right? I can really quickly tell the story that I'm looking to tell. So no matter who it is, it's going to consume this report just right here. By selecting some of these different things, I can even go and say like, all right, well, you know, training campaign by rather than percentage. But let's go by, spend ten minutes. That's a really good compliance metric. Like how many minutes are my users spending in compliance training to actually meet my compliance goals? So really easy for you to do here. And you can also do things like resize these. So if it tells a better story of showing a training completion by time spent in minutes next to percentages of complete, you can absolutely do this here. Once you've saved these changes, you can preview it. You can save them here. I'm not going to save them because this is my demo console, but I can actually schedule this too. So now that I've created this report, I'm going to go ahead and just say, all right, I'm going to I'm going to schedule this here and choose who I want to send it to, maybe my group of auditors. I'm going to send that out on a monthly basis to them. And I'm just going to send that as a PDF right on over to that group of users. That way they get that PDF delivered on a monthly basis of whatever. This is a snapshot in time. So a really, really great way for you to customize your reports and your reporting overall. Other things that we have recently updated to is our fishing activity report. This will show you all your fishing activity across all campaigns over the last 90 days. We've also added some additional search capability inside of here, as well as multiple different columns for you to choose from to customize this. And of course, this can also be saved, scheduled and sent just like the other one. All right. I think that we're nearing the part where I start to take some questions from the from the chat here. You know, Dave, do you have anything for me in the chat? David Littman: Yeah, yeah, yeah, I do. Jeffrey, let's get to a couple of these. Um, for the fish alert button. Will that will that work pretty much on any email client? Jeffrey Gelinas: That's a great question. Yes, absolutely. So we have a few different varieties of it. So we support Office 365 exchange as well as Google workspace. And we do have like for Outlook itself, a client based version of it. So you can install it that way too, but obviously recommend the server based installation. David Littman: Okay, great, great. And on the callback feature, that was really impressive. I must say. A little scary too, I must say. But the question came in like, okay, you know, there's obviously a destination page when someone fails a phishing test, but if someone fails the callback test, sort of what happens? Like, does the administrator just go back out to them and say, Hey, you failed? Or is there like a destination page that says you failed or something? Jeffrey Gelinas: So there's not going to be a destination page that you're going to wind up being brought to. But, you know, when we when we were showing this our response templates and so you can actually create your own templates too, inside of here using text to speech. So if you wanted to at the end inform the user that this was a simulated test and that they failed, you could absolutely do that. So inside of here, I'm kind of creating a new response template. And so I'll just say that this is, you know, in English, right? And it'll let you select the persona. So let's say that keep with the male tone that we had. And from that I can say, you know, you've. Well, there's simulation. Speaker4: So. David Littman: So you can kind of create your own workflow? Jeffrey Gelinas: Absolutely. Oh, absolutely. Yeah. Yeah. So we've we've recorded some of our own like in-house to kind of like emulate, you know, just like what you would normally see, like when you call a hotline type of thing in our greeting templates. So we have 25 of those that we've made. But if you want to create your own, you know, you can do that for greeting and for a response. And of course your email templates, all of our email templates are always customizable too. So if you wanted to add a click based failure inside of there too, you could definitely do that type of thing. So really, you know, the world is kind of your oyster and it's not just text to speech either. So if you want to record your own notice, we do also support uploading your own audio file so you can make it a lot richer if you want to get away from that text and speech type of thing and actually, you know, record maybe your own hotline if it's available publicly to see if you could maybe fish that way. Okay. David Littman: So this one, someone was pretty observant. Jeffrey This had to do with the social engineering. I don't know. I don't know what the acronym is. But see, you had had a page up and in parentheses, I guess it said platinum only, I think. And so the question is, is that like a certain feature that's only available in platinum? Is that a sort of, you know, difference between, you know, what you might get in different levels of the, of the platform, I guess? Jeffrey Gelinas: Yeah, absolutely. Yeah. And that's a, that's a really good, good observation. So yeah, social engineering indicators and those red flags, those landing pages are going to be for platinum and diamond subscribers only. And so we are based on, you know, like a different tiered subscription level. And with the callback tracing, that's also a diamond only feature with our platform. David Littman: Okay, cool. Okay. Couple more questions. This one has to do with the Mod Store. You know, you had mentioned that there was like safety training for like ladder safety. So the question is like, can people upload their own sort of training that's like completely different, like independent of social engineering, independent of safety, but could be something entirely different? Jeffrey Gelinas: Yeah, absolutely. We do allow for you to upload your own content and we allow for the upload of video as well as scorm modules into the platform. And so those can be assigned into the training campaign, just like, like normal. We also allow for policy based uploads too. So if you have a PDF based policy, you can also assign that as a as a piece of content. David Littman: Okay. Question came in about an API. If there's an API such as if someone wanted to connect it to their SIM or D.R. dashboard. Jeffrey Gelinas: Yeah, that's a great question. So we have a few different APIs. So we have a reporting based API which is rest based and that'll get you a majority of the things that are available in the platform around like phishing, training, etcetera. But then we also have a user event API for you to push external events into our platform if you wanted to, and that can be used in a feature that I didn't cover here called Smart Groups, which is a way to automate kind of our platform based on, you know, is an event present or not present or a certain count of them over a certain period of time. Really, That's a that's a feature that I could probably spend 30 minutes on its own talking about because there's so many different levers inside of there. And the last thing that I wanted to say, too, is that we have a webhook based endpoint as well. So if you wanted us to push things to, you know, your your system when a failure occurs or a user completes training or is enrolled in training, we actually can send that payload on over to over a webhook in real time. David Littman: Okay, cool. One more question. What is a password? What is password to. Jeffrey Gelinas: Oh, that's a great question actually. So password is a an agent that is going to sit in line on your Active Directory server. And what it will do is it'll look at the passwords for common password vulnerabilities that we can scan for. So things like an account with a password to never expire, right? Like we really wouldn't want that to happen. Or they're sharing passwords so I can come in here and actually click on these particular vulnerabilities, see what what accounts have those or if they have any weak passwords in particular, and come down here and see who that may be. And also, I can mark one of these maybe as remediated or not. Right. And so this is for on prem only. I don't have the type of access needed on an Azure type of environment to read these. But if you have an active directory on prem, I'm going to be able to scan that and actually present to you these different password vulnerabilities here for remediation. David Littman: Very cool. Very impressive. Okay. Hey, that's all the time we've got for today. Everyone, thank you so much for coming today. Jeffrey Jalinus with KnowBe4. Thank you very much. And thank you to KnowBe4 for supporting today's event. I'm Dave Littman at Truth in IT. Thanks again for coming. We want to wish you all a great day ahead.