Respond to Real End-User Behaviors
Education Triggers integrates with endpoint security software platforms that monitor end-user behaviors. When a trigger (risky behavior) is detected, the end user receives a Teachable Moment that is designed to explain the dangers associated with that particular action and prevent ongoing risky behavior.
We isolate Education Triggers by monitoring security events identified by endpoint threat detection products like Carbon Black Enterprise Response. Here’s how our triggers work with the Carbon Black solution:
1. A Wombat Threat Intelligence Feed has been incorporated into the Carbon Black Enterprise Response system. This feed seamlessly integrates with your current implementation of the Carbon Black software.
2. Once you activate the Wombat feed, the defined risky behaviors (e.g., interacting with the Dropbox application, use of the TOR browser, and malicious file detection) will trigger a response within our platform. (Note that you set the threshold for the number of end-user actions that must occur before a response is triggered.)
3. If a risky behavior is detected, we deliver a Teachable Moment email to the end user (once your threshold is met). This message alerts the user to the mistake that was made and offers advice about avoiding the behavior in the future.
4. Administrators can also assign more in-depth training to end users if they feel the need to escalate the situation (e.g., a user has made a similar mistake multiple times).
5. A business intelligence report gives you the ability to view the number of “hits” by type, over time, and whether a Wombat Teachable Moment was triggered. This information helps you to identify the types of risky behaviors that are happening on your network, as well as the employees who are taking those risks.
Teachable Moments help end users understand the risk they are imposing on the organization, and help raise awareness about how to avoid the risky behavior in the future.
We have seen the value of this type of real-time interaction within our simulated attack products, which immediately display Teachable Moment messages when a user interacts with a phishing test. Our training statistics show the impact of in-the-moment messaging, and the willingness of users to learn how to prevent future mistakes. Our Education Triggers make this possible in real-life situations, not just as a result of simulated attacks.
Administrators can view activities and adjust parameters within the Education Triggers tool as needed. Not every risky behavior needs to result in a Teachable Moment or training assignment, which alleviates concerns about training fatigue. The following parameters can be customized by administrators:
- The threshold for each trigger (i.e., the number of “hits” that must occur before a Teachable Moment is sent to a user)
- The text with the Teachable Moments that are sent to end users
- The maximum number of times a Teachable Moment email should be sent within a set timeframe (which protects end users from receiving too many messages)
Administrators can use our business intelligence tools to monitor users with the most risky behaviors, enabling additional training and direct intervention if necessary. Our reporting features give you access to the following data points:
- The total number of hits across all users and triggers
- Number of hits and responses sent to users
- Detailed insights into the Carbon Black information generated by the hit