KnowBe4, the world's largest security awareness training, and simulated phishing platform, announced the release of a new security tool for IT admins, the Mailserver Security Assessment (MSA).
It is well-known within the InfoSec community that email is the No. 1 attack vector for social engineering, malware delivery, and exploitation. However, IT can run into problems when trying to check their own email server configurations from within the organization. KnowBe4 has now made it easy for IT pros to test their email server configurations and see what can types of malicious email can penetrate their organization's network from the outside.
KnowBe4's new complimentary security assessment tool, MSA, automates the process of sending dozens of simulated malicious email message that contain a variety of different message types including email with attachments that contain password-protected, macro zipped, and .exe files or have spoofed domains.
MSA helps IT pros assess how their organization's email server either blocks or allows each potentially malicious message type through to the employee inbox. By using MSA, they will learn if their current email filters are secure or not and help them determine if any rules should be adjusted for their organization's requirements.
Stu Sjouwerman, CEO of KnowBe4 said, "IT admins can now do an automated assessment of their email security. Armed with that data they can see what emails may make it through, and take steps to lower the risk of social engineering attacks making it to their users."
MSA can deliver over 30 different emails and test how an organization's email configuration handles a multitude of message types in as little as an hour such as:
- SPF Testing - Use a domain with an SPF record that has a soft fail or hard fail)
- Domain Spoofing - Spoof customers domain (from only, reply to only, altered top level domain
- Punycode domain - Use puny code domain for the from/reply to
- Microsoft Office Docs - Word, Excel, PowerPoint
- PDF - Attach PDF (normal, w/script, w/script zipped
- HTML - Attach HTML (normal with link, w/redirect scripting, zipped and w/password
- Attachment Exe - Benign, zipped, zipped w/password, EICAR and EICAR zipped
- Attachment Powershell