Carpinteria, CA, September 14, 2009 — Today Jetmetric announces the launch of its Social Engineering assessment tool Social PET, www.jetmetric.com.
Jetmetric, which provides Web-based security assessment tools for IT and security auditors, has released a new tool that will test and educate employees' on their security policies: SocialPET.
SocialPET is an automated email spoofing tool with easy-to-use drop-down menus. The tool sends out an email to employees, asking them to click on a link to an outside Web page where they will be asked for their logon credentials — a major security no-no. IT managers will see the failure rates in easy-to-read reports.
Users can customize an outgoing message ("It's mandatory that all employees sign up for our new webmail service"), and there are a number of Web page facades to choose from depending on the email system or programs employed by the company. "We found that 94% of the companies that our sister company Redspin (which performs security assessments) was auditing failed an email social engineering test," says Brian Hayes, Jetmetric CTO. In fact, "Nearly a quarter of all the employees who were sent an email failed the test."
Social engineering is a security term used to describe the manipulation of people to get information or system access; the classic con game updated for the Internet age. The social engineering test used by Redspin involved spoofing the IT department's email, and sending employees a link to a fake Web page for a "brand new" Web-based email system. One employee was so excited that after he happily entered his logon information, he wrote back (to who he believed was his IT department),
"You ROCK!!!! I've been wanting webmail forever!!!"
Jetmetric has created this automated version of the tool for busy IT professionals who would like to test the effectiveness of their own security policy.
For obvious reasons, SocialPET will only spoof domains that Jetmetric has validated are owned by their subscribers.
"We see the tool as having two functions," says Hayes. "First, it lets you know whether or not your employees understand some basics about their security policy. Second — and really, this is why I love this thing — it's a great educational tool. After employees click through just one time, success rates shoot way up on subsequent audits. It's so much better to learn about phishing and social engineering this way than when it really counts."
SocialPET is the first automated social engineering tool from Jetmetric, and will join their current lineup of network security assessment tools including FirewallCAT, WinCAT-AD and WebCAT-SQL.
"Employees are great because they're very helpful — which unfortunately makes them ideal targets for social engineering attacks," says Hayes. "My favorite test performed by Redspin was when they put out a candy dish filled with brightly colored thumb drives. Employees snapped them all up and promptly plugged them into their computers. There was a simple little program that launched when the drive was plugged in, which would have been malicious if created by hackers, but just sent out a message. Redspin owned that company's system. They still get hits from the thumb drives, a month or two later.
"We're continuously looking at ways we can help companies educate their employees further on this and other social engineering dangers."
Interested users can find a free trial at: Jetmetric.com.
Multimedia: A video demonstration of Jetmetric's SocialPET (Policy Evaluation Tool)
About Jetmetric — www.Jetmetric.com
Jetmetric is a Web portal offering network security assessment tools to busy IT professionals and auditors. Jetmetric's security assessment tools include firewall analysis, Windows Group Policy analysis, and Website SQL injection testing. Jetmetric security tools are currently used by 3 out of 4 of the biggest technology companies in the world; half of the biggest international accounting firms; government, including the US Air Force, US Navy and the DoD; and world leaders in industries such as oil, entertainment, and finance.
Contact: Deb Montner, Montner & Associates, 203-226-9290, [email protected]