Barracuda PhishLine

Defend Your Business Against Social-Engineering Attacks Fight phishing and other potentially-devastating attacks that can slip through security gateways. These evolving and sophisticated attack techniques, designed to fool employees, put your business at risk for data loss, financial fraud, and embarrassing exposure. Transform employees from potential victims into a layer of defense with Barracuda PhishLine. With PhishLine, you guard against every facet of social-engineering threats with continuous simulation and training for employees. Show them the latest attack techniques, how to recognize the subtle clues and help stop email fraud, data loss, and brand damage. Embed learning into your everyday business processes with customized simulations that test and reinforce good behavior. Only PhishLine helps you defend against a range of threats with patented, highly-variable attack simulations for multiple vectors, including phishing, smishing, vishing and found physical media.

• Easy-to-implement cloud-based solution
• Patented simulation of email, SMS, voicemail and USB attacks
• Analytics and reporting based on thousands of data points
• Automate simulation campaigns with address book integration
• Large library of SCORM-compliant courseware

Train Employees To Recognize Phishing Emails, Voicemails, and SMS Messages Guard against every facet of social-engineering threats by training your employees to identify and report them. PhishLine provides patented, highly-variable attack simulations for multiple vectors, including phishing (email), smishing (SMS), vishing (voice) and found physical media (USB/SD card). Plus, use multiple simulation templates in a single campaign, to conduct hypothesis-based A/B tests and prevent users from receiving duplicate mock phishing templates. With PhishLine, you train employees to recognize threats from multiple sources and test them the way an attacker would. Customize Training to Make it Engaging and Relevant to Your Users PhishLine’s simulation and training content is easy to use and is fully customizable. You get a wide variety of materials: Choose from hundreds of easy-to-use simulation templates, landing pages, risk assessment surveys, and engaging multi-lingual training content in the online PhishLine Content Center Marketplace™. Materials can be used individually or integrated into simulated phishing and social-engineering campaigns. New simulation and training content is added daily, to reflect the most recent threats and training resources available to help protect your business. PhishLine lets you deliver training as soon as the need is identified, using a built-in workflow engine. For example, you can use a landing page for in-the-moment training when someone performs an unsafe action as part of a mock phishing campaign. You can also send training invitations to specific employees based on their past actions and risk profile. Plus, you can schedule training invitations and post on-demand training on your intranet. PhishLine makes it easy for employees to instantly report suspicious emails to your help desk or incident response team. The built-in Phish Reporting Button is a simple, powerful solution that gives you complete control over the entire process at all times. Identify Human Risk Factors in a Non-Threatening Manner Do employees truly understand that information security policy they signed? Did a recent information security announcement have any impact on their perceptions of risk? Is your security awareness program addressing the real needs of employees, from their perspectives? These are some of the questions addressed by PhishLine’s Risk-Based Survey module in a thoughtful, perceptive, and non-threatening manner. These unique, qualitative, risk-assessment capabilities allow for discovery in the “voice of the employee.” Back-end analysis capabilities lead to a unique and powerful assessment tool that quantifies risk by impact and likelihood scores. You can objectively evaluate your organization’s human-risk factor based on meaningful feedback from your employees. Protect Your Business With Updated Content That Guards Against The Latest Threats With PhishLine, there’s no need to recycle the same old training and testing materials. The Content Center Marketplace is constantly updated by security experts to reflect the newest threats and the training resources available to protect your business. Engage employees – and keep their interest – with a wide variety of choices and materials designed to fit your corporate culture. In addition, PhishLine provides Click Thinking™, a monthly bundle of content updates. Each update is aligned around a hot topic, and includes a new training video, email template and landing page.  Content Hundreds of Email Lure Templates, Landing Pages and Domains New content is added every day creating endless combinations of email templates, landing pages, email account senders and web server domains. As the threat landscape changes so will our tests, giving you access to the most up-to-date content. PhishLine Content Center Marketplace™ All content can be found in the PhishLine Content Center Marketplace, a one-stop-shop for browsing, selecting and importing the perfect content to craft your continually evolving campaigns. Customized Templates Add that special touch by customizing any of the templates so your simulated attacks come from people in positions of trust, effectively testing your workforce and teaching them to be wary of threats that only your organization may have seen. Testing Patented Multi-Variable Attack Simulations In today’s threat landscape, you can be phished from more than just email. Train your team on every facet of threat with PhishLine’s multi-variable attacks with campaigns that include Smishing (SMS/Text), Vishing (Voicemail) and Found Physical Media. This unique capability will help prevent users from receiving the same mock phishing template in a campaign and can allow for hypothesis-based testing (A/B tests). Smishing (SMS/Text) Protect your user base by training them to recognize unfamiliar outgoing texts with our industry-leading smishing simulation. The innovative incoming mode allows you to email requests to text custom phone numbers as the call-to-action for otherwise innocuous emails, catching what would be a normally unknown vector before it can be used against your workforce. Vishing (Voicemail) Employees get many phone calls each day, which one of those will cost the company? With PhishLine’s anti-voicemail phishing or ‘Vishing’ we provide fully customizable simulated threats that will compliment any security awareness campaign. Found Physical Media (USB/SD Card) Using the same Smart Attachment technology found in our email campaigns, you can distribute files on portable drives and cards with watermarks in a variety of file formats to track who is willing to plug it into your network. The files won’t cause security problems even if non-employees find them as the content redirects users to landing pages designed to educate on the perils found in anonymous portable media. Advanced Threat Simulation Features Crafting effective scenarios is paramount when developing an effective anti-spearphishing campaign especially in long-term approaches where users would start seeing repetitive emails. Prevent that by using PhishLine’s advanced threat simulation features including time stamping to create a sense of urgency prompting users to respond before they can think it through, phone home macros, DLP tagging, geo-location and more. Our patented system allows for multiple combinations of email templates, landing pages, email account senders, and web server domains within a single campaign. Reporting Phish Reporting Button Enable easy tracking of user phishing attempts with the Phish Reporting Button, simplifying the task of reporting possible threats while tying in user reporting to your training regimen. Robust User Attributes Why stop at user name and email address when you can test based on location, job function, tenure, privileged credentials, or access to sensitive networks and applications? PhishLine gives you granular control for your reports, that your mid-level marketing managers in Kansas are more likely to click a link in an email on Tuesday, as well as testing and education so your workforce isn’t inundated with emails they shouldn’t get. Extensive reporting and metrics More than 16,000 data points are at your disposal with PhishLIne’s advanced metrics and reporting. Identify levels of risk at macro and micro levels within your organization to help expedite remediation while keeping your workforce at maximum efficiency by targeting training to only those who need testing at that moment. Data Loss Prevention (DLP) Worried about data leaking from your organization? With PhishLine’s built-in Data Loss Prevention Activator, you can track where those PhishLine campaign emails and portable media drops go and who accesses it to know who might leak your company data as well. HTTP/SSL Is your workforce leaning hard on whether there’s an encryption symbol next to the URL when they click links in their emails? With HTTPS and SSL landing pages you can collect information from your users without the possibility of people snooping that information and using it against you while convincing your users that they are safe. Education Program Gamification Engage your users and make the cat-and-mouse aspect of security awareness fun by turning the workflow into a game with leaderboards and user leveling systems. This will help train users to spot and report threats while keeping the idea of spearphishing at the forefront of their mind. Levelized Programs Measure and communicate the success of your security awareness efforts. A leveling program gives you the ability to create a custom program based on the hallmarks of a healthy security culture: training completion, avoiding interactions with simulation messages, and reporting suspected phishing. As employees move through the program, they are presented with on-level training and simulation content that challenges their security awareness, enabling the administrator to track and report on overall program effectiveness and individual user awareness. (Available in PhishLine Concierge only.) Risk-Based Surveys Should a CEO or accounts payable team get the same test as your engineer, nurse or teacher? With PhishLine you can issue risk-based surveys that provide unique insights into your user level security posture. By being better informed about your user level risk and validating it throughout the year you will maintain a security plan that mirrors your organizational objectives. Bonus Security Awareness Training Materials To support your computer-based training initiatives, PhishLine provides supplementary materials such as two-minute best practice videos covering topics such as Malware Awareness and Password Security. In addition, there is an array of bonus training materials including posters, newsletters, infographics, and tip sheets. PhishLine has partnered with several reputable content vendors to augment our built-in content.