A: Yes, you can create and upload your own training in multiple formats like PowerPoint, HTML5, mp4 or others to the platform. Contact with Keepnet Team for more information.
A: No, it does not. No one, including the Keepnet team or Company Admins who manage the Keepnet dashboard, cannot view the contents of any email.
A: Yes, it is. Many institutions manage the add-in (install, uninstall, enable, disable) with central administration tools. For example, Microsoft SCCM, IBM Bigfix.
A: Keepnet generates a random key which is unique for each customer then encrypts all reported emails on disk with AES 256 algorithm. See logging mechanism here.
A: Keepnet uses “Code Signing with Microsoft Authenticode” to protect tools against hacking attempts. For more information please click here
A: Yes, it is possible to integrate any solution. Currently, Keepnet has many platforms like DNS Firewall, Sandbox, exploitation tools and platforms. See the integrations here. Please contact us to for more information from [email protected]
A: Keepnet logs all operations in detail and transmits a copy of them to SIEM products in real-time. In this case, you can observe the behaviour of users, create an alert for abnormal situations and take action, or you can use the logs at audit time.
A: Yes, you have the feature for an automatic investigation by which and you can detect and remove the suspicious email or any of its variants in any of your users' inboxes, and you can automatically report it.
Yes, if you follow the path Incident Response> Task> New Task on dashboard, you can send an email notification to both user and system administrators and alternate SOC teams.
A: The operation is run in a maximum of 60 + random seconds. But we can shorten this time.
A: By default, we ask for the file hash; if it has not been scanned before, we send the file itself. If you do not want to send the file under any circumstances, you can prevent this by creating a task in our interface.
A: We analyze the suspicious email by Header, body and attachment using our third-party engines integrated to our interface. It is possible to add a new analysis service here.
A: An email address with its password will be enough to start ETS. Therefore, we recommend to create a test account for the usage of this service.
Outlook Versions: Outlook 2007/2010/2013/2016
A: Yes, you have the feature for an automatic investigation by which and you can detect and remove the suspicious email or any of its variant in any of your users' inboxes, and you can automatically report it.
A: Yes, all logs are kept under the C:\Users\Public\KeepnetLabs\AuiditLog directory. You can transfer this to Arcsight with your Syslog tool.
A: We can test system resources through stress testing. At the same time, there is a queuing mechanism that we use to prevent the blowout. The mechanism operates by putting the notifications in order.
A: All modules except add-in works everywhere, on the other hand add-in works with MS outlook everywhere.
A: Nothing except .net 2.5 or higher versions.
What is the resource utilization of the plugin and incident responder? How will affect the limited bandwidth?
A: Minimum Computer Specifications:
Outlook Versions: Outlook 2007/2010/2013/2016
CPUUsage: 0%to 5%of CPU
RAMUsage: 120~MB of RAM
DiskUsage: 3MB disk space
Network Traffic: payload size + http requests size = Approx. 230kbps
A: It is an add-in for Microsoft Outlook Desktop and Office 365.
A: It depends on your company policy. If a user has a right to disable it, then the user can disable it. Many organizations handle this process by GPO.
A: Add-in connect to server through HTTPS (port 443)
A: No, you don't. It will be installed directly.
A: Yes, if it is demanded, Keepnet can share every detail.
A: New .msi file shared by keepnet.
A: Please contact with Keepnet team to get on-premise requirement document.
A: We support MS SQL 2016, it won't affect us
A: ISO 27001 audit report as well as pentest reports.
A: We do all queuing services with RabbitMQ for now, we don't have any other application support. If you can share with us the applications that are used and supported by your organization, we add them to our support list for the future.
A: Yes, we can use the instance allocated from corporate MSSQL database to us.
A: No, it does not. The owner will be enough.
A: We have Proxy support for accessing the services on the Internet. By configuring of the Proxy on the interface, you can manage all Internet traffic of Keepnet.
A: - Active: The user who actively uses phishing reporter add-in.
- Passive: The user doesn't use the phishing reporter add-in.
A: The Company API Key and OAuth value are valid as long as the company is active in our system.
There is not any character problem and case-sensitivity issue.
A: Keepnet uses 1028 bit AES encryption in order to encrypt the attached file and store them on the disk.
The system relies on AD integration, therefore, if the user is still active on the AD, they will also be active in the target group.
The system automatically deletes the user from the related target group on the platform if the user is deleted from AD. Also, for future reference, the system adds deleted or disabled users to the "Deleted/Disabled Users" group.
A: The IP addresses are dedicated to Keepnet and the domains are owned by Keepnet. Customers do share the resources, however, they cannot send emails to other customers from their instance of Keepnet. If they tried, it would be blocked.
A: Technically yes, but these IP addresses are only used for phishing simulation or sending training and it is under your control, plus we have security controls and mitigation on our side as well. Without whitelisting, you will very likely experience deliverability issues as your email security should identify our emails as phishing and block them - obviously using Keepnet is not a malicious act, but your security systems will not know this without being told to 'whitelist' or allow this sender in. However, if you are concerned about this, you can use your own SMTP server - it's easy to configure this, please just let us know.
A: Only you can send emails from these IP addresses to your own users, as explained above. If someone tried to use their instance of Keepnet to send phishing emails to your (or anyone else's) users, the Keepnet system would block this action.
A: Yes, it does. MSSQL Express version comes as default in on-premise solutions, however, according to the customer's request, their own MSSQL database can be used. MSSQL Express is self-administered in the client's local network. For detailed information on database storage conditions, see: https://doc.keepnetlabs.com/compliance#data-at-rest-encryption-for-database
Keepnet Labs undertakes the database management for cloud solutions. The cloud database environment is stored in London. However, there are also some local centers changes according to regulations. For more information, send your email to [email protected]
In the on-premise version, IP information is available in the customer's own environment and varies according to the environment in which it is located. However, in the cloud version, IP information is not shared under any circumstances.
A: The only privileged user is [email protected] However, it is only used by the support team for support purposes. All activities of this account are recorded on the system.
A: Although IP restriction is not used by default, it can be configured on-demand. There is no log-on trigger feature in the current interface, but in the new interface, companies are able to activate this feature.
Yes, it is used only when necessary.
There is only one privileged user, no other privileged user is created.
A: Yes, we do.
A: We do not share privileged user information with any customer. Since all license definitions, company information, and application configurations are performed through this account, the account is highly restricted.