Blog
by titanadmin | Oct 10, 2022 | Security Awareness |
One of the fastest areas of growth for Managed Service Providers (MSPs) is managed security services. The number of cyberattacks on businesses continues to increase and there is a major shortage of skilled cybersecurity staff. Further, the cost of hiring new talent can be prohibitively expensive for many small- and medium-sized businesses, who are turning to their MSPs to provide those services. Many MSPs have developed a technology stack to meet the demand and are offering managed security services such as identity protection and access management, endpoint security, spam filtering/email security, web security, data protection, network security, and mobile security, but one area that is often lacking in managed services is security awareness training. Currently, only 60% of MSPs offer security awareness training as part of their managed security services.
Technological solutions are implemented by MSPs to protect against hackers, malware, ransomware, and phishing attacks, and these solutions will detect and block the majority of threats, but it is not possible to prevent employees from encountering all threats. The workforce, therefore, needs to be prepared and be taught how to recognize the signs of phishing and other types of attacks, so that when these threats are encountered, they can be identified as such and avoided.
Studies conducted on companies that have conducted benchmarking phishing tests on employees prior to commencing security awareness training have shown that susceptibility to phishing attacks can be reduced considerably. Across all industry sectors, the average click rate for phishing is 37.9%. TitanHQ’s data shows that with regular security awareness training through the SafeTitan platform, susceptibility reduces to under 3%. Such a major reduction will significantly improve an organization’s security posture, yet as important as security awareness training is, a recent survey has shown that 57% of SMBs provide no security awareness training to their workforce whatsoever.
MSPs that do not offer security awareness training are missing out on easy, regular recurring revenue, and their clients are likely to be at risk of falling victim to phishing and other attacks that target employees. It is also worth noting that 69% of SMBs say they would hold their MSP accountable for a phishing attack!
TitanHQ Launches Security Awareness Training & Phishing Simulation Platform for MSPs
It has been a few months now since TitanHQ launched its new security awareness training and phishing simulation platform – SafeTitan. The initial launch was aimed at SMBs and enterprises to help them create an effective, ongoing security awareness training program for the workforce, and conduct phishing simulations to reinforce training, identify weak links, and track improvements over time.
The platform includes an extensive library of training content on a wide range of topics including security best practices, cyber hygiene, phishing, vishing, and smishing, to allow businesses to easily create training programs to match their needs and risk profiles. The training is gamified, engaging, and delivered in short (max 10-minute) modules, which makes security awareness training enjoyable, while allowing it to be easily fit into busy workflows.
While the platform is well suited to businesses of all sizes, from the smallest of businesses to large enterprises, the platform had to be developed further to meet the needs of MSPs. To make a truly MSP-friendly solution, TitanHQ worked closely with the MSP advisory council and TitanHQ’s extensive MSP customer base to discover exactly what MSPs need to be able to start delivering security awareness training and phishing simulations as a managed service, which lead to the addition of several important new features.
TitanHQ is now happy to announce that SafeTitan for MSPs has now officially been launched. The new product incorporates an intuitive MSP dashboard, through which campaigns can be easily managed. The dashboard gives MSPs real-time live analytics and allows quick actions to be performed.
The phishing simulation platform includes more than 1.8K phishing templates, taken from real-world phishing attempts, with the campaigns easy to schedule for a group of customers, to be run at set intervals every week, month, or year. The platform allows mass training campaigns to be developed, along with mass phishing simulations. The addition of the direct email injection (Graph API) feature allows MSPs to deliver their phishing simulations directly to user inboxes, without having to spend time and effort configuring allowed lists and firewalls.
MSPs also benefit from dynamic user management, so changes can be made quickly and easily to existing campaigns if new users need to be added. If any user fails a phishing simulation, they can be automatically enrolled in relevant training content to provide targeted training on the aspect of security relevant to the failure.
MSP clients will want to be provided with feedback on how their campaigns are progressing and the impact the training is having on phishing susceptibility, and to make this as easy as possible, the platform now includes scheduled reporting. Reports are automated and are sent to clients at regular intervals with no MSP interaction once configured.
Contact TitanHQ Today
If you have yet to add security awareness training and phishing simulations to your managed security services, contact TitanHQ today to find out more about SafeTitan for MSPs on +1 813 519 4430 (US) or +353 91 545555 (IRL).
by titanadmin | Sep 29, 2022 | Email Archiving, Industry News, Internet Security, Security Awareness, Spam Software, Website Filtering |
TitanHQ has collected 5 awards for its cybersecurity solutions in the Expert Insights Fall 2022 ‘Best-Of’ Awards across 5 product categories.
Expert Insights is an online platform for businesses that provides independent advice on business software solutions to help businesses make informed purchasing decisions about software solutions. The advice provided on the website is honest and objective, and the site features helpful guides to help businesses purchase with confidence. The site is used by more than 85,000 businesses each month, with the website helping more than 1 million readers each year.
Twice yearly, Best-of awards are given to the top ten solutions in each of the 41 product categories. The awards showcase the best quality solutions that are helping businesses to achieve their goals and defend against the barrage of increasingly sophisticated cyberattacks. The awards are based on several factors, such as the features of products, market presence, ease of use, and customer satisfaction scores, with the award winners chosen by the in-house team of editors. The editorial team conducts research into each solution to assess its performance, functionality, and usability, and assesses the reviews from genuine business users of the solutions.
TitanHQ collected five awards for its products in the Spring 2022 Best-of awards, and this has been followed up with another 5 Fall 2022 Best-of awards. TitanHQ was given a Best-of award for SafeTitan in the Phishing Simulation and Security Awareness Training categories, SpamTitan Cloud received an award in the Email Security category, WebTitan Cloud got an award in the Web Security category, and ArcTitan won in the Email Archiving category. Further, ArcTitan Email Archiving was rated the top solution in the Email Archiving category and SpamTitan was rated the top solution in the Email Security category.
There were several big winners at the Fall 2022 Expert Insights Best-of awards, with TitanHQ joining companies such as ESET, CrowdStrike, and Connectwise in winning big.
“We are honored that TitanHQ was named as a Fall 2022 winner of Expert Insights Best-Of award for phishing simulation, email security, security awareness training, web security and email archiving” said TitanHQ CEO, Ronan Kavanagh. “Our cloud-based platform allows partners and MSPs to take advantage of TitanHQ’s proven technology so they can sell, implement and deliver our advanced network security solutions directly to their client base”.
by titanadmin | Sep 7, 2022 | Industry News, Website Filtering |
WebTitan Cloud is an award-winning DNS filter that prevents access to malicious websites and allows businesses to control the web content users can access with precision. This week, TitanHQ has announced the release of a new version of WebTitan Cloud, that includes new features to improve usability, security, protection for remote workers, and provides greater insights into DNS requests. These new features now form part of an industry-leading feature set that is in a cloud-delivered solution that is easy to set up, use, and maintain.
New UI with Advanced Reporting Features
If you are a current WebTitan Cloud user, the first change you will notice is the new user interface which provides easy access to all WebTitan Cloud features. The enhancements provide intuitive, advanced, relevant, and easy-to-digest data, through new interactive reports and data visualization tools, which are embedded into the UI to improve the user experience.
The advanced security reports show malware-infected clients, malware-infected domains, malware-infected users, blocked phishing sites, blocked phishing domains, and blocked phishing sites by user, and the view can be customized by date and client IP. New reports show behavior, blocked sites, and trends to provide insights into network use and threats. These reports have been added based on the feedback received by WebTitan Cloud users.
Interactive Threat Intelligence with DNS Data Offload
The latest version of WebTitan Cloud provides users with easier access to valuable threat intelligence to aid IT decision-making, network troubleshooting, and security planning. Users can now list DNS request history on screen, download DNS request logs, view all DNS data to gain valuable insights into activity, and easily extract DNS query data for sophisticated integrations and advanced data analysis.
DNSSEC Security Enhancements
WebTitan Cloud now benefits from security enhancements to protect against DNS attacks by strengthening authentication using Domain Name System Security Extensions (DNSSEC). DNSSEC uses digital cryptographic signatures to verify the origin and integrity of data during the DNS resolution process to protect against malicious DNS poisoning attacks. Users of WebTitan Cloud can implement DNSSEC through a simple and straightforward process to improve security.
WebTitan OTG Improvements for Protecting Off Network Users
The WebTitan On-the-Go (OTG) agent allows users to extend the protection of WebTitan Cloud to off-network users, no matter where they connect to the Internet. WebTitan OTG was introduced some time ago; however, the latest release includes several enhancements. The JSON Config filters have been replaced for OTG devices, and the agent used to protect, manage, and monitor off-network users has been significantly improved. It is also much easier to add and update exceptions to OTG devices through an easy-to-use interface.
“This WebTitan release is hitting so many key pillars of success for TitanHQ. The data offload feature has been requested by many customers and creates real differentiation for our solution in the market. This coupled with our new advanced reporting were major requests from our MSP customers,” said Ronan Kavanagh, CEO of TitanHQ. “Finally, security is at the heart of what we do and are, the addition of DNSSEC just continues to add to our credentials.”
by titanadmin | Sep 6, 2022 | Email Scams, Internet Security, Phishing & Email Spam, Spam Advice |
When multifactor authentication is set up on accounts, attempts to access those accounts using stolen credentials will be prevented, as in addition to a correct username and password, another factor must be provided to authenticate users. Phishing attacks may allow credentials to be stolen, but that does not guarantee accounts can be accessed. More companies are implementing multifactor authentication which means phishing attacks need to be more sophisticated to bypass the protection provided by multifactor authentication.
One of the ways that multifactor authentication can be bypassed is by using a reverse proxy. In a phishing attack, an email is sent to a target and a link is provided to a malicious website hosting a phishing form that spoofs the service of the credentials being targeted – Microsoft 365 for example. Instead of just collecting the login credentials and using them to try to remotely access the user’s account, a reverse proxy is used.
The reverse proxy sits between the phishing site and the genuine service that the attacker is attempting to access and displays the login form on that service. When the credentials are entered, they are relayed in real-time to the legitimate service, and requests are returned from that service, such as MFA requests. When the login process is successfully completed, a session cookie is returned which allows the threat actor to access the genuine service as the victim. The session cookie can also contain the authentication token. In these attacks, once the session cookie has been obtained, the victim is usually presented with a notification telling them the login attempt has failed or they are directed to another site and will likely be unaware that their credentials have been stolen and their account is being accessed.
These attacks allow the victim’s account to be accessed for as long as the session cookie remains valid. If it expires or is revoked, the attacker will lose access to the account. To get around this and gain persistent access, account details may be changed or other authentication methods will be set up.
These types of phishing attacks are much more sophisticated than standard phishing attacks, but the extra effort is worth the investment of time, money, and resources. Many advanced persistent threat actors use reverse proxies in their phishing campaigns and have developed their own custom reverse proxies and tools. There are, however, publicly available kits that can be used in phishing campaigns such as Modlishka, Necrobrowser, and Evilginx2. These kits can be used at a cost and allow MFA to be bypassed, although they can be complicated to set up and use.
Now a new phishing-as-a-Service (PaaS) platform has been identified – EvilProxy – that is being pushed on hacking forums. EvilProxy allows authentication tokens to be stolen from a range of vendors including Microsoft, Apple, Twitter, Facebook, Google, and more, according to Resecurity which recently reported on the phishing kit.
EvilProxy lowers the bar considerably and makes conducting reverse proxy phishing attacks far simpler. The service includes instructional videos, provides a user-friendly graphical interface, and even supplies templates of cloned phishing pages for stealing credentials and auth tokens. Through the graphical interface, threat actors can set up and manage their phishing campaigns with ease. EvilProxy comes at a cost, starting at $150 for 10 days up to $400 for a month. While the service is not cheap, the potential rewards can be considerable. EvilProxy allows low-skill threat actors to gain access to valuable accounts, which could be used or sold on to other threat actors such as ransomware gangs.
Multifactor authentication is strongly recommended as it will block the majority of attacks on accounts; however, it can be bypassed by using reverse proxies. Protecting against reverse proxy phishing attacks requires a defense-in-depth approach. An email security solution – SpamTitan for example – should be implemented to block the initial phishing email. A web filter – WebTitan – should be used to block attempts to visit the malicious websites used in these man-in-the-middle attacks. Security awareness training is important for training employees on how to recognize and avoid phishing threats, and employers should conduct phishing simulation tests as part of the training process. TitanHQ’s SafeTitan platform allows businesses to conduct regular training and phishing simulations with ease.
by titanadmin | Sep 5, 2022 | Industry News, Spam Software |
For more than 10 years, PeerSpot (formerly IT Central Station) has been helping tech pros make intelligent decisions on the best information technology solutions to implement to ensure they get the solutions that perfectly address the needs of their businesses. The PeerSpot Buying Intelligence Platform is powered by the world’s largest community of enterprise tech buyers and bridges the gap between vendors and buyers. Vendors are helped through the voice of their customers, and enterprise tech buyers receive relevant and practical advice to help them make better purchasing decisions. The platform provides in-depth reviews of products, online forums, and tech buyers have access to direct Q&A support.
This year sees PeerSpot launch its first Annual User’s Choice Award program to recognize the products that are helping businesses to achieve their goals. Customers of enterprise technology vendors are invited to vote for their favorite B2B Enterprise Technology products across 11 product categories.
In 2022, those product categories are:
- Endpoint Protection for Business
- Firewalls
- Backup and Recovery Software
- Network Monitoring Software
- HCI
- All-Flash Storage Arrays
- Email Security
- Ethernet Switches
- Application Security Tools
- Functional Testing Tools
- Rapid Application Development Software
In order for a solution to be included in the relevant category, it must be amongst the highest-rated products on the PeerSpot Buying Intelligence Platform. That requires a product to have generated significant user engagement on the platform and to have been rated highly by verified users of the solutions.
The winners in each category will be decided by popular vote.
TitanHQ is proud to have had its SpamTitan solution included as one of the top spam filtering, anti-phishing, and anti-malware solutions in the email security category. SpamTitan provides layered protection for enterprises, SMBs, and managed service providers and blocks email-based threats such as phishing, malware, spam, viruses, and botnets. The solution incorporates signature- and behavior-based detection to block malware threats and predictive technologies to anticipate zero-minute threats. SpamTitan is much loved by users not just for its performance, but also ease of set up, use, maintenance, price, and the industry-leading customer support provided by TitanHQ. SpamTitan has an overall star rating of 4.6/5 on the platform.
If you love using SpamTitan and it has helped your business block more threats, cut down on the resources you have had to devote to email security, or saved you money, TitanHQ encourages you to vote for SpamTitan. Voting will take around a minute of your time. Votes are being accepted until September 16th, 2022, and the winners in each category will be announced by PeerSpot on October 25, 2022.
