Our Approach

We leverage intelligence from our Managed Detection and Response platform, identifying social engineering attacks used to bypass traditional security controls. Our certified technical testing team then works with your internal teams to build and execute customized phishing campaigns that are unique to your organization, in order to generate the most realistic results.

At the end of the engagement, our technical testers will provide a detailed report, with results focused on:

  • Viewed emails
  • Clicked links
  • Interactions with decoy webpages
  • Opened attachments
  • Employee results
  • Remediation guidance

What Capabilities are We Testing?

Prevention
Detection
Response

What Does a Phishing Campaign Help You Answer?

What is our risk from the human factor?

Are employees able to spot and report phishing emails?

Is our security awareness training program effective?

Do we have employees in critical areas that present high risk?

Where should we be putting our security investments to mitigate risk from the human factor?

Methodology

1

Establish Rules of Engagement

  • Goals and objectives
  • Scope and validation of targets
  • Timelines
  • Reporting requirements
  • Personnel, roles and responsibilities
2

Customization

  • Design customized Phishing template to be used within campaign
  • Approval of templates
3

Exectution

Phishing emails deployed.

  1. Email
    • An email customized to fit the interests of the recipients.
  2. Link
    • The email references a link and encourages the recipient to click the link to take action or get more information.
  3. Phishgate
    • The link takes the recipient to a “phishgate,” a mock malicious website that will ask for some information.
  4. Exit Webpage
    • If the recipient interacts with the phishgate, they will be taken to an exit page, usually an error page encouraging them to try again later.
    • Monitor statistics and provide updates to client through testing timeline.
4

Draft and Final Report

Program Deliverables

A detailed report will be provided that identifies the methodology and findings of the engagement. An initial draft report will be created to confirm the validity of the findings upon which subsequent reports may be generated (dependent on the intent of the assessment and its eventual audience).

The report will include:

  • Methodology employed
  • Detailed findings showing the results of each campaign
  • A meeting to share and discuss the findings

Make the Case for an eSentire Phishing Campaign

  • Customized campaigns to ensure simulation of real-world scenarios
  • Leverages the latest phishing tactics that bypass traditional security controls as seen by our Managed Detection and Response platform
  • Phishing campaigns created by experienced and certified Penetration Testers (CEH, OSCP, CISSP, etc.)
  • Clear reporting and detailed findings 
  • Includes detailed discussion with eSentire Advisory Services team members on findings and remediation guidance

View Now