Keepnet Labs Logo
Keepnet Labs > blog > do-your-security-controls-work

Do your security controls work?

The Email Threat Simulator is a test product that can assist your business in validating the value of security investments and defending the choices taken while building a security operations plan.

Do your security controls work?

The problem: organizations spend lots of money on security controls. But are they working?

Use our Email Threat Simulator to get protected against email attacks, even ones that have never been seen before, as the cyber-threat landscape continues to get more sophisticated.

Create a threat model specific to your company.

The Email Threat Simulator is a patent pending test product that can assist your business in validating the value of security investments and defending the choices taken while building a security operations plan.

Email Threat Simulator (ETS) from Keepnet Labs defends against email attacks. One of the riskiest types of attacks that result in significant data breaches is target-oriented phishing attacks (also known as spear phishing). As stated by the researchers,91% of the violations were targeted by spear-phishing attacks.It takes an average of 146 days to detect a violation.An average of 82 days is required to prevent cybersecurity breaches.The overall average cost of data breaches is about $ 4 Million.Keepnet Labs sends real attacks to your secure email account to test whether these attack vectors reach your inbox.

Keepnet Labs Email Threat Simulator Workflow

Email Threat Simulator sends genuine attack vectors to your test email to evaluate your business email domain, then connects to the test mailbox to check the vulnerability status when you share the information and set up parameters for your test account.

Awareness Training Modules

Key Differences

Unlike the other cyber threat simulation platforms, Keepnet Labs Email Threat Simulator offers some unique methods, which will convince individuals to use it:

It controls missing/incorrect configuration options, unlike other vulnerability scanning services. Systems that test active network devices by shifting traffic are insufficient, and Keepnet Labs’ real attack vectors exacerbate this deficiency. Its domain squatting features and integrated cyber intelligence services enable it to report on incursions.

Integration Options for Corporates Network

Full integration possibilities are available for businesses that have closed down services such as Pop3 and Imap to the outside world and provide web-based email access to their subscribers. In this case, integrating with the “Outlook Web Access” option is the best way to connect to the test email box.

Key Differences of Keepnet Labs Awareness Educator

Email Attack Vectors and Modules

Vulnerability Scanner

It checks your email service for known vulnerabilities. It is compatible with automation scanning applications like Nessus and Nexpose, as well as third-party services like Mxtoolbox.

Client-Based Attacks

It includes attack vectors for Internet users.

Malicious Extensions

Email attachments contain known malicious documents. These attachments have failed to be identified by antivirus tools and are intended to be detected by behavior analysis. It is compatible with the Metasploit tool and a variety of third-party services.

Ransomware Samples

It includes samples that mimic recognized ransomware and its behaviors.


It examines missing or defective setups. It uses active scan options to examine known and frequently misconfigured configurations, and it also provides test scenarios to determine if you are adopting the best configuration options.

Browser Exploits

It contains emails containing known internet browser vulnerabilities. It occasionally includes a link or a misused piece of code.

File Formats Exploits

It works integrated with known file types (pdf, word, mp4, etc) with the Metasploit tool and various third-party services.

Sign up for Keepnet Labs ETS

Contact to start your free trial.

Create a test account

For the service to function properly, a test email address and password are necessary. Because the delivery status of emails cannot be checked if you do not define a password, the actual risk may not be notified to you! See the technical documentation here .

Secure Configuration Suggestions

If your organization has concerns about creating a security risk with this test email address and password, you can make suggestions:

You can restrict the test email’s sending option. that shows you how you can configure it. By requesting the IP address of Keepnet Labs ETS servers, you can restrict access to these addresses.

Usage Options

Quick Scan Option

You may create your account definitions and begin browsing immediately. This option simulates attack vectors across all categories.

Advanced Scan Option

It is the scan option that you can customize settings and connect them to the schedule.

Interpretation of the Report Summary

Successful attacks are reported as “failed,” which is a problem that affects you and should be addressed. Attacks that fail are referred to as “passes.” This means you are not vulnerable to such assaults. The summary of the results is listed as follows.

Scorecards and Development Chart

Keepnet Labs Email Threat Simulator gives scores from A to F according to the results. The calculation of these points is as follows;






And the score tables point out the following:

Score: The score is calculated according to the average of Phishing, Vulnerability, and CTI (Cyber Threat Intelligence) scores. Phishing Score: The score you have calculated according to what you have received from the Keepnet Labs Phishing simulator. Vulnerability Score: The score is created based on the results of the weakness scan. CTI Score: The percentage of points awarded by the cyber intelligence services. The last 7 scan results provide visuals to report on your progress. You can see your progress based on Passed, Failed, and Unchecked output.

Getting Help with Keepnet Labs Email Threat Simulator

Please feel free to contact us with any questions you may have.



Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate