KnowBe4 Free Tools

Question 1

PST

Answer 1

Phishing Security Test

A simulated phishing attack performed by KnowBe4 on email addresses an organization provides us. The purpose of the test is to see how prone the organization’s employees are to click on phishing links.

Question 2

PRT

Answer 2

Phishing Reply Test

A simulated phishing attack similar to PST except there are no links or attachments in the email. PRT is looking to see who will reply to the phishing email by impersonating a trusted source.

Question 3

SPT

Answer 3

Social media Phishing Test

A simulated phishing attack similar to the PST and PRT. The purpose of this test is to see which users are likely o fall for social media related phishing attacks.

Question 4

ASAP

Answer 4

Automated Security Awareness Program

The simple process starts with answering 7 questions about your goals and organization (on a questionnaire). ASAP will then create a program and a schedule of tasks for you automatically. The tasks will be based on best-practices in an easy calendar view on how to achieve your security awareness goals and deploy them.

Question 5

BPT

Answer 5

Breached Password Test

A tool that checks to see if an organization’s users are currently using passwords that are in publicly available breaches associated with the org’s domain.

Question 6

PAB

Answer 6

Phish Alert Button

An email plugin that gives users a safe way to handle actual or potential phishing emails.

Question 7

EEC Pro

Answer 7

Email Exposure Check Pro

We do a ‘deep search’ in the Internet’s search engines for all email addresses that belong to a certain domain. We are able to look into PDFs, Word and Excel files as well. IT security specialists call it the ‘phishing attack surface’. Customers that buy the GOLD package get sent an EEC every month. The EEC has been upgraded to EEC Pro spring 2018 and delivers more information.

Question 8

DST

Answer 8

Domain Spoof Test

A service that KnowBe4 provides, which sends an email to a prospect that is spoofed to come from their own domain. This is not supposed to be able to get through to them. Their mail server needs to be configured so that these emails from the outside that have an inside email address are deleted.

Question 9

MSA

Answer 9

Mailserver Security Assessment

Tests a user’s mailserver configuration to check the effectiveness of mail filtering rules.

MSA gives the user a quick insight at how their mailserver handles test messages that contain a variety of different message types, email with attachments, or emails with spoofed domains.

Question 10

RanSim

Answer 10

Ransomware Simulator

Simulates 13 ransomware infection scenarios to determine if a user’s workstation is vulnerable to infection. RanSim also allows users to see if their antivirus software is incorrectly blocking files.

Question 11

Second Chance

Answer 11

A tool that checks links originated in email messages, including embedded links within attached Office Documents and PDFs. It asks the user if they’re sure they want to follow the link, giving them a second chance to evaluate the link.

Question 12

USB Drive Test

Answer 12

A tool that finds out how users react to unknown USB drives. The purpose is to see how many users will pick up the USB drive, plug them into their computer, and open files.

Question 13

WPT

Answer 13

Weak Password Test

Checks an organization’s Active Directory for several different types of weak password related threats.

Question 14

DD

Answer 14

Domain Dopplegänger

Is an “evil twin” domain that looks very much like your own domain but is malicious. It deceives the end-user into believing they are clicking on a legit domain. Bad guys create domains that look almost identical to the original. KnowBe4 has a free tool you can run to see if your domain has evil twins.

We email a summary report PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis. The prospect will also receive a link to the full detailed report of all look-alike domains found similar to their primary email domain.

Question 15

PET

Answer 15

Password Exposure Test

A tool that checks if an organization’s users have exposed emails publicly available on the web and checks the organization’s Active Directory to see if they are using weak or compromised passwords that are part of a known data breach.

Note: In the future, PET will be replacing BPT and WPT. However, currently all 3 are available as free tools.

Question 16

MASA

Answer 16

Multi-factor Authentication Security Assessment

A tool that allows you to check the vulnerability of an organization’s current MFA (Multi-Factor Authentication) solution through a series of questions about how the organization uses MFA and their environment.

Question 17

BPI

Answer 17

Browser Password Inspector

BPI checks the user passwords saved in the web browser against your Active Directory for threats related to weak, reused, and old passwords in use.

Question 18

CARA

Answer 18

Compliance Audit Readiness Assessment

A KCM-oriented complimentary web-based tool that helps the user gauge their organization’s readiness in meeting compliance requirements for the Cybersecurity Maturity Model Certification (CMMC) framework. CARA is a 5-minute self-assessment tool that will help the user define what technical controls are required for a given scope within the regulatory compliance framework.