Tuesday, August 25, 2015

Human vulnerability scanner ?? - AVA (Free, open-source) - To identify employees most vulnerable to social engineering attacks




Interesting idea and takes a different approach



From the article:

She realized there’s no real way of knowing whether such training is effective until it’s too late.


First, a hypothetical example of social engineering at work. Imagine you’re a junior help desk technician at a large company. You’re low on the corporate ladder, and constantly worried about keeping your job. One night you get a text from a number you don’t recognize. “It’s Ted,” the message reads. “I need my password reset immediately. Lots of money riding on this deal.”

  1. AVA works in three “phases” to prevent this sort of thing. First, it integrates with corporate directories such as Active Directory and social media sites like LinkedIn to map the connections between employees, as well as important outside contacts.
  2. AVA users can craft custom phishing campaigns, both in email and Twitter, to see how employees respond. 
  3. Most importantly, it helps organizations track the results of these campaigns. 


You could use AVA to evaluate the effectiveness of two different security training programs, see which employees need more training, or find places where additional security is needed.

AVA users can craft custom phishing campaigns, both in email and Twitter, to see how employees respond. Finally, and most importantly, it helps organizations track the results of these campaigns. You could use AVA to evaluate the effectiveness of two different security training programs, see which employees need more training, or find places where additional security is needed.


For more information:

No comments:

Post a Comment