End-User Training as Part of a Defense-in-Depth Strategy
Risky employee behaviors permeate all layers of a company’s defense-in-depth strategy — and even the most intelligent technical tools cannot stop unarmed end-users from making bad decisions. An approach that couples endpoint remediation and end-user remediation will get you closer to zero risk than technical safeguards or security awareness training could on their own. Our patent-pending Education Triggers solution allows you to seamlessly deliver education at the desktop, effectively marrying your endpoint and end-user remediation efforts.
Technology Partnerships Strengthen Security Postures
Our partnerships with endpoint protection providers like Carbon Black allow organizations to add a new and important layer to defense-in-depth strategies. Our Education Triggers enable real-time intervention through immediate follow-up in the form of Teachable Moments and training. Using this solution, you can automatically deliver a training assignment to a user who does something dangerous while using on their work-issued PC.
This product is currently available for Wombat customers who also utilize Carbon Black Enterprise Response, an advanced endpoint threat detection and response solution that identifies (among other issues) end users who have received emails with, or downloaded, potentially dangerous files, as well as users who are exhibiting risky online behaviors. By integrating Wombat’s security awareness training tools with their scans, dangerous actions become Education Triggers. Organizations can use this joint solution to sense and interrupt risky employee actions, and then deliver just-in-time training to lower their overall cyber security risk.
We have seen the value of this type of real-time interaction within our simulated attack products, which immediately display Teachable Moment messages when a user interacts with a phishing test. Our training statistics show the impact of in-the-moment messaging, and the willingness of users to learn how to prevent future mistakes. Our Education Triggers make this possible in real-life situations, not just as a result of simulated attacks.
The Technology Behind the Triggers
We isolate Education Triggers by monitoring security events identified by endpoint threat detection products like Carbon Black Enterprise Response. Here’s how our triggers work with the Carbon Black solution:
- A Wombat Threat Intelligence Feed has been incorporated into the Carbon Black Enterprise Response system. This feed seamlessly integrates with your current implementation of the Carbon Black software.
- Once you activate the Wombat feed, the defined risky behaviors (e.g., interacting with the Dropbox application, use of the TOR browser, and malicious file detection) will trigger a response within our platform.
- If a risky behavior is detected, we deliver a Teachable Moment email to the end user at a threshold set by you. This message alerts the user to the mistake that was made and offers advice about avoiding the behavior in the future.
- Administrators can also assign more in-depth training to end users if they feel the need to escalate the situation (e.g., a user has made a similar mistake multiple times).
- A Business Intelligence report gives you the ability to view the number of “hits” by type, over time, and whether a Wombat Teachable Moment was triggered. This information helps you to identify the types of risky behaviors that are happening on your network, as well as the employees who are taking those risks.
The automated nature of our Education Triggers solution not only raises awareness in the moment, it improves the efficiency of training efforts. Administrators can view activities and adjust parameters as needed; not every Education Trigger needs to result in a Teachable Moment or training assignment, which alleviates concerns about training fatigue.
Using Responsive and Proactive Training to Create a Culture of Security
Our Education Triggers are an ideal counterpart to a proactive security awareness and training program. While simulated attacks and knowledge assessments are great diagnostic tools that can give you insights into very real vulnerabilities, at their root, they are based on hypotheticals. Hypotheticals that mirror real threats seen in the wild, yes, but hypotheticals nonetheless.
The marriage of responsive and proactive training allows you to actively identify and address your areas of vulnerabilities. Use your security awareness training program to improve your end users’ behaviors over time, and employ Education Triggers to intervene when actual phishing attacks, malicious websites, and dangerous attachments present themselves to your end users — and your end users engage.
Request a Demo