Social Engineering Simulation Workflow Appliance

US 20170264633A1
Filed: 06/01/2017
Published: 09/14/2017
Est. Priority Date: 02/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method of reducing organizational susceptibility to social engineering, the organization having a plurality of sources, the method comprising:

providing a computer appliance;

providing a computer platform remote from the computer appliance;

receiving at the computer appliance contact information for a plurality of members of the organization;

monitoring at the computer appliance each of the sources for triggering events;

receiving at the computer platform signals from the computer appliance indicative of the detected triggering events and delivery identifiers associated with the triggering events;

preparing at the computer platform communications including templates based on each of the triggering events, wherein the computer platform is configured to compile information regarding triggering events and to evaluate susceptibility of the organization to social engineering based on the triggering events, and wherein the computer platform does not receive the contact information of the plurality of members from the computer appliance;

transmitting the communications including templates to the computer appliance;

identifying at the computer appliance at least one member of the organization as an intended recipient based on a detected triggering event;

preparing at the computer appliance a message to the intended recipient based on characteristics of the detected triggering event, the message soliciting an action by the intended recipient;

transmitting the message to the intended recipient;

determining whether the intended recipient acts as solicited by the message; and

evaluating the action of the intended recipient.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for evaluating the susceptibility of an organization to social engineering, the organization having a plurality of sources and a plurality of members using electronic devices, is provided. The system includes an appliance in communication with the plurality of sources configured to retrieve contact information of members and to detect triggering events from the plurality of sources. The system includes a platform remote from the appliance configured to receive signals from the appliance indicative of the triggering events and to prepare and send communications, including templates based on each of the triggering events to the appliance. Upon receipt of the communications, the appliance is configured to retrieve the contact information of intended recipient members, to create messages based on the templates, and to send the messages to the intended recipient members. The platform does not receive the contact information of the plurality of members from the appliance.

Citations

20 Claims

1. A method of reducing organizational susceptibility to social engineering, the organization having a plurality of sources, the method comprising:
- providing a computer appliance;
  
  providing a computer platform remote from the computer appliance;
  
  receiving at the computer appliance contact information for a plurality of members of the organization;
  
  monitoring at the computer appliance each of the sources for triggering events;
  
  receiving at the computer platform signals from the computer appliance indicative of the detected triggering events and delivery identifiers associated with the triggering events;
  
  preparing at the computer platform communications including templates based on each of the triggering events, wherein the computer platform is configured to compile information regarding triggering events and to evaluate susceptibility of the organization to social engineering based on the triggering events, and wherein the computer platform does not receive the contact information of the plurality of members from the computer appliance;
  
  transmitting the communications including templates to the computer appliance;
  
  identifying at the computer appliance at least one member of the organization as an intended recipient based on a detected triggering event;
  
  preparing at the computer appliance a message to the intended recipient based on characteristics of the detected triggering event, the message soliciting an action by the intended recipient;
  
  transmitting the message to the intended recipient;
  
  determining whether the intended recipient acts as solicited by the message; and
  
  evaluating the action of the intended recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the sources include at least one directory, at least one database, and at least one messaging system.
  - 3. The method of claim 1, wherein contact information includes an e-mail address book including e-mail addresses for members of the organization, the method further including periodically determining from at least one of the sources whether the e-mail address book for the members of the organization has been updated.
  - 4. The method of claim 1, wherein contact information includes at least one of telephone numbers for members of the organization for voice phishing testing, mobile phone numbers by which SMS texting messages may be transmitted to members of the organization, and social media identifiers for members of the organization.
  - 5. The method of claim 1, wherein the delivery identifiers do not provide information to the computer platform.
  - 6. The method of claim 1, wherein the computer platform is configured to create different templates for triggering events having different characteristics.
  - 7. The method of claim 1, further including the steps of:
    - including at the computer platform a tag in at least one of the templates; and
      
      adding at the computer appliance information into each of the messages regarding the intended recipient of the message based on the tag.
  - 8. The method of claim 1, further including the steps of providing the computer appliance inside a firewall of the organization and providing the computer platform outside the firewall of the organization.
  - 9. The method of claim 1, further including the steps of aliasing at the computer appliance at least some of the identifying information and replacing the contact information with identifiers to create an aliased address book, and receiving at the computer platform the aliased address book.
  - 10. The method of claim 1, further including the steps of:
    - monitoring at the computer appliance responses to the messages from the intended recipients;
      
      aliasing at the computer appliance portions of the responses and leaving other portions of the responses un-aliased;
      
      profiling portions of the responses based on a predetermined algorithm; and
      
      sending the aliased, un-aliased, and profiled portions of the responses to the computer platform.
  - 11. The method of claim 1, further including the step of compiling at the computer platform statistics regarding the triggering events, messages, and intended recipients'"'"' actions in response to the messages.

12. A system for evaluating the susceptibility to social engineering of an organization having a directory, a plurality of databases, and a messaging system, the system comprising:
- an appliance configured to receive an address book having contact information for members of the organization from the directory and to connect to the plurality of databases and the messaging system, the appliance being configured to monitor the plurality of databases and the messaging system for triggering events; and
  
  a platform configured to receive signals from the appliance indicative of triggering events identified by the appliance, to create templates based on the signals, and to send the templates to the appliance;
  
  wherein the appliance is configured to create messages to intended recipients based on the templates;
  
  wherein the platform is configured to determine whether the intended recipients take a predetermined action in response to the messages; and
  
  wherein the platform is configured to compile statistics regarding the triggering events, messages, and intended recipients'"'"' actions in response to the messages.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12, wherein the appliance is configured to be inside a firewall of the organization and wherein the platform is configured to be outside the firewall of the organization.
  - 14. The system of claim 12, wherein the platform is configured to create different templates for triggering events having different characteristics.
  - 15. The system of claim 12, wherein the platform is configured to include a tag in at least one of the templates, and wherein the appliance is configured to add information into each of the messages regarding the intended recipient of the message based on the tag.
  - 16. The system of claim 12, wherein the platform is configured to analyze susceptibility to social engineering of the organization over a time period and to send the analysis to the appliance and wherein the appliance is configured to incorporate information regarding the identity of members of the organization into the analysis.
  - 17. The system of claim 12, wherein the appliance is configured to forward the messages to the intended recipients through an e-mail server of the organization.

18. A system for evaluating the susceptibility of an organization to social engineering, the organization having a plurality of sources and a plurality of members using electronic devices, the system comprising:
- an appliance configured to receive an address book from at least one of the sources including identifying information and contact information regarding each of the plurality of members of the organization, the appliance being configured to alias at least some of the identifying information and to replace the contact information with identifiers to create an aliased address book, the information to be aliased being determined based on a predetermined algorithm;
  
  a platform configured to receive the aliased address book from the appliance;
  
  wherein the appliance is configured to detect a triggering event from the sources and to transmit an indication of the triggering event to the platform;
  
  wherein the platform is configured to provide a communication to the appliance including a message template based on the triggering event, an indication of a delivery mode, a delivery identifier known by the appliance to map to one of the members of the organization, and scheduling instructions;
  
  wherein the appliance is configured to create a personalized message based on the template for each of the intended recipients from information in the address book;
  
  wherein the appliance is configured to send the messages to one of a plurality of servers separate from the platform based on the type of the message, the one of the servers being configured to send the messages to the intended recipients;
  
  wherein the appliance is configured to monitor responses to the messages from the intended recipients; and
  
  wherein the appliance is configured to alias portions of the responses, leave other portions of the responses un-aliased, and to profile portions of the responses based on a predetermined algorithm and to send the aliased, un-aliased, and profiled portions of the responses to the platform.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the servers include a telephony server, a text message server, and an e-mail server.
  - 20. The system of claim 18, wherein the appliance acts as the plurality of servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Phishline, LLC (Barracuda Networks Incorporated)
Inventors
Chapman, Mark T.

Granted Patent

US 9,871,817 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

Social Engineering Simulation Workflow Appliance

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Social Engineering Simulation Workflow Appliance

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links