Revamped tool identifies at-risk users through deep web searches and hundreds of breach databases for no-charge.
Revamped tool identifies at-risk users through deep web searches and hundreds of breach databases for no-charge.
KnowBe4, provider of the most popular security awareness training and simulated-phishing platform, today announced the release of the new version of its Email Exposure Check (EEC). The new version is called the EEC Pro, has powerful additional features and is still provided at no cost.
While employees give out their corporate email for various reasons, IT is hard-pressed to keep track and manage the risk. EEC Pro helps IT by identifying an organization’s at-risk users by crawling social media information and scouring hundreds of breach databases to identify risk associated with user emails and identities. The more at-risk email addresses a company has, the bigger its attack surface, and the higher its risk.
EEC Pro only requires filling out a form, and works in two stages. The first stage performs deep web searches to find publicly available organization data provided on sites such as LinkedIn and Facebook. This allows the EEC Pro to show what organizational structure an attacker would be able to easily pull together and use to craft targeted attacks.
The second stage of EEC Pro utilizes the Have I Been Pwned data breach service to find users that have had their account information released in any of several hundred breaches. These users are particularly at-risk because an attacker knows more about them, potentially including their actual passwords. As the final step, EEC Pro provides a detailed summary report to the IT team, including an overview of the data found, a summary of organizational risk levels, and a link to a web report that contains a full list of all users found, the breaches the users were found in, and an overview of the data included in the breach. This allows IT managers to ensure exposed emails or exposed passwords are modified.
“Since 91% of data breaches start with a successful phishing attack, an organization must act reasonably or do what is necessary or appropriate to protect its data and take steps to identify weaknesses that expose their employees,” said Stu Sjouwerman, Founder and CEO of KnowBe4. “Employees are the last line of defense within an organization. We want to make it as easy as possible for IT professionals to reduce their attack surface and strengthen their weakest links.You need to create a ‘Human Firewall’”
Exposed emails and passwords can lead to recent data breaches such as those experienced by security companies Mandiant and Enigma where compromised passwords were not changed.
More information about EEC Pro is available here.
About KnowBe4
KnowBe4, the provider of the world’s most popular integrated new school security awareness training and simulated phishing platform, is used by more than 12,500 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO Fraud and other social engineering tactics through a new school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s trainings based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as the last line of corporate IT defense.
Number 231 on the 2017 Inc 500 list, #50 on 2016 Deloitte’s Technology Fast 500 and #6 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is based in Tampa Bay, Florida. For more information, visit www.knowbe4.com and follow Stu on Twitter at @StuAllard.