Free Mailserver Security Assessment Tool Offered by KnowBe4

Security awareness training company KnowBe4 has released a free mailserver security assessment tool that can be used by IT admins to check their email servers for insecure configurations that could be exploited by threat actors in social engineering attacks.

While manual checks of mailserver configurations can be conducted by IT admins, these are prone to error and it can be difficult to accurately assess mailserver security from inside an organization.

Security solutions such as spam filters can be implemented to control which messages are blocked and what is delivered, but unless those policies and controls are comprehensively tested, IT admins cannot be sure the controls are effective.

The new mailserver security assessment tool offered by KnowBe4 helps IT admins accurately check their email server controls to determine which emails are being blocked and whether potentially malicious messages are managing to make it past security controls. Since the process is fully automated, running the test is a quick and simple process and will determine what types of emails are capable of penetrating defenses and reaching inboxes.

The tool can be used to send dozens of different types of simulated malicious emails including messages containing links to spoofed domains and domains with an SPF record with a soft fail or hard fail. The simulations also include messages with a variety of email attachments, including those most commonly used by threat actors in phishing and malware campaigns. The test takes less than an hour to run and will determine how email filtering controls handle .EXE files, PDF files, Office files, HTML, PowerShell and JavaScript attachments.

“IT admins can now do an automated assessment of their email security. Armed with that data they can see what emails may make it through, and take steps to lower the risk of social engineering attacks making it to their users,” said KnowBe4 CEO Stu Sjouwerman.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news