SafeTitan Demo Script
SafeTitan Demo Script
(Revised – October 2023)
Demo Instance Credentials:
URL = https://demoportal.safetitan.com
Username = emea@safetitan.com
Password = EMEA@Sft22
URL = https://demoportal.safetitan.com
Username = na@safetitan.com
Password = NA@Sft22
SafeTitan Overview
SafeTitan is a cybersecurity platform that offers cybersecurity training and phishing simulation for your company or your customers.
The first line of defense in any company against cyber threats is its employees, so SafeTitan turns your staff into a human firewall.
Developed in Microsoft Azure Infrastructure, Safetitan is a cloud solution that combines the latest security training techniques with real-time data analytics. SafeTitan helps mitigate human error and delivers security training when and where it is needed the most.
With SafeTitan, you can schedule unlimited regular and advanced phishing campaigns to assess the level of phishing vulnerability in your business.
SafeTitan also offers a range of training in Email Security, Social Engineering, Web Security, and others designed to educate your staff —because employees who recognize the threat of bad actors, viruses spam, phishing, and other online scams, will add an important layer of protection for your business.
SafeTitan Infraestructure:
SafeTitan is deployed on Microsoft Infrastructure in the following regions:
- Europe
- US
- Australia
- UAE
- South Africa
- United Kingdom
- Singapore
- Canada
These allow customers to take full advantage of the cloud.
SafeTitan can also include:
- Unlimited Phishing Simulation
- Unlimited Assessment Quizzes
- Training Courses
- Training Videos
- PowerBi Risk and Compliance Reporting Suite
- Admin Management Platform
- Real-time response events
- SoardPhish
- Training Upload
Integrations:
- Integrates perfectly with Office 365, Teams and Azure AD, SSO, Okta, OneLogin, PeopleHR, On-Premise, and also with Google Workspace.
How it works:
For MSPs, through the MSP dashboard, you can easily create an account for your customers and start creating phishing and training campaigns through a single interface.
Customer’s account creation:
In the Content Preview tab, you can see some available phishing templates, including some login pages and our available training.
SafeTitan has a library with thousands of templates with simulated phishing attacks.
Here you can show the client some available phishing templates, I always like to include the Microsoft template with the Login page.
Phishing Templates:
Phishing Forms:
Here you can also point out that we use 21 domains and the customer can select the email that best fits his campaign. In the example above we are using the e-messsages domain.
The client can also define what will be the triggers for the login page on their phishing campaign, 'enters field, types in field or posts form'.
The templates chosen above are for this demo purposes only, you can also customize your demo by choosing templates that are most relevant to your client or the industry they fit into.
Training Videos and Interactive Courses:
Regarding training, there are short videos that usually last no more than two and a half minutes, and all have subtitles, so you can provide training for your employees while still ensuring work efficiency from them.
There are SafeTitan training content gamified, some highly interactive courses, and they are all enjoyable for employees and can be accessed via a browser from anywhere. Since no module is longer than 10 minutes, training is easy to fit into even the busiest workflows.
You can show the customer an example of a phishing video:
In terms of training, I usually like to show this social engineering series, 'what's social engineering?'.
In series like this one, you can point out that users have to complete six lessons on this topic, the content includes videos, and at the end, users can still take a quiz to test their knowledge and whether they have assimilated the course or not.
For the customer to start using our system, basically two things are necessary, import users to the system and then whitelist our IP addresses and domains.
For customers on Microsoft, we offer very easy integration with Azure AD Sync, Direct Email Injection & SSO.
In the User Manager > Organization Users tab I usually show the customer how easy it is to add users to the system manually if necessary, and the same for administrators.
I also tend to show that if the customer doesn't have Active Directory and has a large number of users, they can easily use a bulk user upload (CSV file) to bring their user into the system. This option is usually used by Google Workspace users. We provide the CSV template, so the customer just needs to populate it with the necessary information.
We also offer SafeTitan AD Sync with On-Premise, Okta, People HR, OneLogin, and as previously mentioned Azure AD.
In Configuration > Phishing Email Settings, we can do what we call direct email injection, this way, for customers on Microsoft 365 with Azure working, manual whitelisting of our IP addresses is not necessary. Phishing emails leave SafeTitan directly in the customer's inbox.
Phishing Manager > Phishing E-mail Templates:
In this section, you can show the customer some more available phishing templates and talk about the available categories, the level of complexity for each template, etc.
You can tell them how easy it is for the client to filter and find templates that best fit the phishing campaigns they are trying to implement.
Phishing Templates Categories:
Phishing Templates Types:
Phishing Template Complexity Level:
And user can also do a normal search for some kind of template they want:
Templates can be cloned and the customer can change some information if necessary and customize it to what they want.
Creating a campaign is also very easy and the customer has the option of selecting normal, batch, or burst.
Phishing campaigns can be customized with fake login pages or attachments.
In terms of login pages, there are numerous templates you can choose from, in the example below you can check out the login page for Microsoft:
You can see at the top of the screen that we are using the e-messsages.com domain. With SafeTitan, there are 21 domains that you can select to send your phishing campaign.
In the Phishing Manager, when creating a phishing campaign, you also have the option to enable reactive training. That way, if someone fails the phishing campaign, it will trigger training that will be automatically sent to your users.
You can also select your reactive training criteria:
In Reports and Stats > Organization Report Portal, the user can also check the type of reporting that is generated over time according to the phishing campaign or training published. For demo purposes, I'll focus on the phishing campaign data.
Analytic Reporting Portal > Phishing Reports > Summary
In the Summary Report interface, you can demonstrate the number of campaigns sent, the company’s phishing response in that period, and the company's performance compared to other enterprises in the same sector.
In the Top Report, you can see who the repeat offenders are. This is one of the most interesting data on this list because everyone likes to see who are the recurring offenders that can compromise the company's infrastructure or employees or departments that need more cybersecurity training:
In the example above, we can see that the repeat offenders are ‘James, Stephen and Sean’ and that perhaps the departments that would need more training would be ‘Emerging Risk’, ‘Internal Marketing’ and ‘Mother Tongue’.
In Phishing Training Effectiveness, we can see the degree of complexity of our campaigns. You can see that in the beginning, our phishing campaigns had a lower level of complexity, but a high phishing response. Over time, the level of complexity increases, but the phishing result decreases, which may explain more efficient training and employee awareness.
There are several other statistics that you can access with SafeTitan like campaign time effectiveness and campaign time response, but the above was just to name a few examples.
Additional:
Training Upload
Not only the company can use our content, but they can also upload any of their existing content if they choose to do so. It can be policy documents, word, PowerPoint presentations, courses, or videos, they can upload those on any topic, and they can schedule them to go out and track and check if people have received their policy.
SoardPhish
SOARDphish is an automated system that quickly reacts to emails reported by staff – resulting in more cost-effective and reliable mitigation of cyber phishing threats.
Through the use of our outlook plug PhishHook, staff can report malicious emails or suspected phishing emails. These emails are then captured and analyzed in our SoardPhish feature to check whether it is a risky email or not and automated messages can be sent to the customer after that.
RealTime Response
SafeTitan allows timely training to be provided, not just in response to clicks in phishing simulations, but also in response to other security errors. Real-time intervention training can be triggered in response to a risk taken by an employee. This is important as the employee may not even be aware they have engaged in risky behavior and will likely continue to take risks in the future if there is no intervention.
