Updated: 3 January 2020
This appendix to the service terms describes features and functionality which is made available for subscription through various pricing plans.
The description of a service component in this document does however not grant any rights for the customer to access or use this service component, unless such inclusion has been made by reference in the service agreement.
New functionality may be introduced and accordingly described in this document at any time without further notice to the customer, unless the new functionality is already included in the service agreement.
2 MailRisk add-in for Outlook
A button which any licensed email user can use directly insider their email client to invoke a security analysis of the currently opened email, and communicate this to the end-user in an educational fashion.
Through the add-in interface, users may also report their suspicion so that IT administrators may be notified according to indvidual preferences for such notifications, or request a manual risk assessment of the email if the automated analysis does not satisfy the user's needs.
The analysis is performed as a combination of heuristics and signatures available through the service, machine learning (see below), plus several other data sources (including external ones) which are checked for matches against known threats. No data will however be automatically shared or transferred to third parties during automated analysis unless otherwise requested by the customer, except to an authorized partner in the case where the service agreement is owned by the partner who is already acting as a processor for the customer, and the provider is accordingly defined as a sub-processor in relation to the customer.
The add-in requires Office 365, or Exchange Server 2013 or newer to be installed. Supported clients include Outlook 2013 or newer on PC, Outlook 2016 or newer on Mac, and Outlook Web Access (OWA) via any OWA-supported web browser. On mobile devices, the add-in is available through the Outlook app on iOS and Android, but only for customers using Office 365.
3 Machine learning threat detection
When the MailRisk add-in invokes an analysis of an email, the service will at the same time perform correlation with other emails and attempt to classify the analyzed email through use of machine learning.
The use of such automated analysis will reduce the need for manually assessing the risk of similar emails, and to a larger extent be able to notify both the end-user as well as IT administrators who subscribe for such alerts whenever a particular risk threshold has been exceeded.
4 Portal for analysis and response
IT administrators can access the data collected by the MailRisk add-in through a web based customer portal. This includes both email metadata and full contents, including attachments, as well as results from automated lookups and analyses performed for threat detection.
The customer portal is where feedback can be sent to end-users who have requested manual analysis, and where administrators can set their notification preferences to be made aware of pending requests and detected threats. Administrators are also provided an opportunity to remove analyzed data from the service, in order to exercise control over personal data processed under the service agreement.
In addition, the customer portal facilitates creation and review of signatures which form the basis for further automation in the feedback to end-users, as well as further use of qualified data in response to the detection of threats which happens outside of scope for the provided services.
5 Managed analysis of suspicious emails
If the customer prefers not to perform any manual analysis of suspicious emails which users have asked for feedback on, it is possible to enable managed analysis as a service add-on for the customer based on an outsourcing relationship with Secure Practice or potentially another managed (security) services partner under a separate agreement.
The customer may purchase managed analysis directly from Secure Practice in cases where the customer has fewer than 250 licensed users, with a guaranteed response time of less than 4 hours within office hours (Monday through Friday, 08:00-16:00 CET).
For larger organizations, the customer may use a partner authorized by Secure Practice for enabling this service add-on, however note that this will be subject to pricing and terms at the specific partner's own convenience, and not be covered by any agreement with Secure Practice.
6 Statistics for suspicious emails
Through the customer portal, IT administrators can access advanced metrics for both operational analysis and retrospective review, based on data from collected emails and analyses performed on these.
The metrics are also available through querying the API (see below), and can be filtered on date range along with several dimensions of metrics including risk and usage.
7 API access
IT administrators can choose to access customer data and perform a range of actions programatically through documented Application Programming Interfaces (APIs).
Authenticated API access is an enabler for custom integrations with other software, and customers can manage authentication keys via self-service in the portal.
8 Posters for awareness (PDF)
In order to facilitate security awareness and service adoption among end-users, the customer is licensed to access and use a number of relevant resources in high-quality PDF documents.
By uploading the customer's company logo via the customer portal, posters can automatically include this logo in the print-ready PDF.
9 Simulated phishing (templates)
The phishing simulator can be used to create awareness and train desired habits for safe handling of suspicious emails, by having an IT administrator or authorized partner facilitate sending simulated phishing content, to a specified list of end-user recipients inside the customer's organization.
Phishing simulations based on a selection of pre-defined templates will typically contain a given email which contains a link or other content which leads the recipient to a simulated phishing website, called the landing page. The landing page may for instance try to collect information or mislead the user to download content which under other circumstances would be considered a breach, optionally revealing what is called the debriefing page which contains information to the user that this was a rehearsal, and possibly (link to) some further training content.
IT administrators can access statistics for how many users visited the landing and debriefing pages, and also how many recipients used the MailRisk add-in in conjunction with the simulated phishing email.
10 Simulated phishing (customized)
The phishing simulator is extended with functionality for manually editing the content of emails and messages, landing pages and debriefing pages.
This also includes the possibility to simply composing brand new simulated phishing campaigns from the bottom up, if the pre-defined phishing templates do not suffice.
11 Simulated phishing (automated)
Instead of sending simulated phishing campaigns manually on a case-by-case basis, the automated simulation functionality allows a number of templates to be scheduled for sending over a longer period i time, either based on complete automation, or with some manually configured parameters.
Each participant will follow their own individual progress, based on their ability to perform desired actions in relation to each simulation they receive, and new participants can be added to start their own progress at any time.
12 Portal for end-users
To support ongoing awareness and training efforts, we provide a portal where end-users may access their personal profile, available training content, surveys and other end-user facing functionality as included in the service agreement.
The end-user portal can be accessed at any time on any device using a modern web browser.
13 Reporting of all incident types
Incident reporting is an important part of continouos improvement, and includes many different types of cases worth reporting like scam phone calls, SMS-es, strangers in restricted areas, policy violations, etc.
Through a user friendly form in the end-user portal, employees are enabled to report on any such incidents in a streamlined fashion which faciliates effective follow-up from administrators.