To get started using vThreat, you need to first create an account. You can create your own username and password credentials on the sign up page, or just use an existing Google account to sign in.
When you sign up to create an account (not using Google credentials), you should receive an email asking you to confirm your account within a few minutes. If you don’t, you can use the Resend Confirmation option on the sign up page to have the confirmation email sent to you again.
After you’ve created your account, if you ever forget your password, just use the “Forgot Password” option on the Login page to reset your password.
If you ever encounter any issues creating or accessing your account and the above steps don’t work, you can get help from us directly by emailing email@example.com.
When you log in, you’ll be greeted by the vThreat dashboard.
At the top of the dashboard screen is the menu bar, which contains options to set up environments you wish to analyze, customize how you gather vulnerability data, as well as set up scheduled and ad-hoc attack simulations. There are a number of settings and options here you’ll need to set up if you are using vThreat for the first time, which we’ll walk you through below.
Beneath the menu bar is the vThreat analytics screen, which shows you the current status of devices and vulnerability trends in your environments, including: * Overall vulnerable clients * Plugins vs. Vulnerable plugins * Vulnerable Flash vs. Flash * Vulnerable Java vs. Java * Operating Systems * Browsers * Mobile Devices
In addition, the Analytics screen shows the potential for data and financial loss in your environments. The losses are calculated via simulated data exfiltrations on your existing vulnerabilities.
You can toggle the analytics screen to display trends over the last week or over the last 6 months.
Once you’ve signed in to vThreat, one of the first things you’ll need to do is add an environment to analyze, so you can start reporting on vulnerability trends and potential data loss.
To add an environment to analyze, just click the Environments > All Environments option at the top of screen, above the dashboard. Then click “New Environment” to add an environment to monitor.
First, make sure you have selected the Environment you wish to analyze. Make sure the environment’s name appear in the top menu bar (to the right of “Simulation Results.”)
Next, in the top menu, click the Environment Variable (looks like a link) icon to the right of your environment’s name.
For example, we recommend intranets, or internal-facing instances of platforms like Wordpress, Confluence, Sharepoint, Jive, or Wikimedia. The key thing is that it is in the header or footer of an internal-facing page that your users frequent.
For example, if your company has a default setting for all browsers to have the company website as their homepage, set up the redirect URL in vThreat to your company’s website, and vThreat will generate the gateway URL for you, which you will want to set as the new default for all users you wish to monitor. The gateway will seamlessly redirect users to the company website, so their experience remains the same.
To set this up, first click the Environment Settings (gears) icon in the top menu bar, and then select “Redirect URL.”
On the next page, click “Add Redirect URL” and enter the URL you want your end users to be redirected to after the gateway page, like your company’s website for example. Make sure to put the full path (e.g. https://www.foo.com) and not just foo.com. Hit save.
Next, to grab the gateway URL, click the Environment Variable (looks like a link) icon in the menu bar and then click “Landing Link” in the drop-down menu. A lightbox will appear with the URL you’ll want to send users to. We recommend setting it as their browser’s default homepage if possible.
In order to determine the true risk presented by vulnerabilities in your environment, you’ll want to run simulations. While you can run simulations on an ad-hoc basis (which we’ll cover later), we strongly recommend running simulations whenever vulnerabilities are detected.
To do this, click the Environment Settings (gears) icon in the menu bar and select “Instructions.” In the next screen, you can select what kinds of simulations you want to run whenever vulnerabilities are detected: * Credit card exfiltration * SSN exfiltration * Medical record exfiltration * DNS tunneling * Egress scan * Custom text: You can set vThreat to try and exfiltrate specific strings, such as sensitive text proprietary information relevant to their organization.
By default, credit card exfiltration is selected for you.
To set the custom text to be exfiltrated during simulations, click the Environment Settings (gears) icon in the top menu and select “Custom Text.” In the next screen, you can add the value for the strings by hitting “New Custom Text.” You can monitor for multiple strings, or deselect strings you wish to ignore.
By default, vThreat analyzes and runs attack simulations on each system daily.
If you want fewer alerts, you can modify the system to run scans weekly instead. To do this, click the Environment Settings (gears) icon and select “Interval.” A lightbox will appear with the option to toggle analysis from Daily to Weekly.
Scans occur in the background using passive vulnerability detection, so there’s no need to schedule a specific time for the analysis to occur.
In addition to automated attack simulations, you can also run a number of ad-hoc attack simulations. There are three different ways to run ad-hoc simulations: 1) Test local environments on-demand 2) Send a simulation to someone who might not be on premesis. 3) Email a simulation to test email security systems
Since vThreat is cloud-based, there’s no need to make configuration changes or to set up a VM or an agent to run any of these types of simulations, including those you send to others.
To get started, click the Attack Simulation (►) button to the left of your username. You can scroll through the drop-down menu for the types of simulations available, or just type in a keyword to find a specific simulation.
Local on-demand simulations are at the top of the list and start with “I want to simulate…” Simply click the simulation name and it will run. Click “See Results” when it completes.
In the simulation drop-down list, any simulation that starts with “I want to send…” will send your simulation to someone else.
Select the type of simulation you wish to send, and then enter their email address.
The recipient will receive an email from vThreat, with the subject line of “(your email address) sent a vThreat simulation,” and there will be a link in the email that says “Run Simulation” they’ll need to click so the assessment can take place.
They’ll be able to click “See Results” upon completion of the simulation to see how it performed.
Any simulation in the simulation drop-down menu that starts with “I want to email myself…” will allow you to email yourself a simulation to check that your email filtering is working and that malicious attachments are being blocked as they should be. Attachment types include Meterpreter EXE and JAR files, executables, EICAR, Mimikatz, and Powershell files.
If your systems are working as they should be, you’ll get an email without an attachment (as the malicious attachment should be blocked by your systems). Still, the text of the email you’ll receive will show the hash for the attachment, just in case it does get through and you want to verify the file you received is what vThreat sent.
Important Note: Any ad-hoc simulations are NOT logged in analytics in order to prevent contaminating an environment you’re testing; however, the vThreat analytics dashboards Data Loss & Financial Loss tabs DO reflect the results of ad hoc simulations.
To view the results of your automated attack simulations, simply click “Simulation Results” in the top menu bar.
The Simulation Results screen will show you the type of simulation run (whether it was run locally or sent to someone else), the simulation or exfiltration attempted, whether or not it was successful and when the simulation occured.
To drill down into the results, click on the entry of the simulation. The detailed results screen will show you the full information about how the simulation was run.
Specifically for credit card information, you’ll also see relevant context about compliance.
To add members to your team, click your username and click “Team” in the dropdown menu that appears. Next, hit “Invite Member” and type in your team member’s email address.
Your team member will receive an email letting them know they’ve been invited to the team, and they’ll need to click the link in the email to confirm their registration (it’s not phishing, we promise).
If the team member already has a vThreat account, when they click the link in their email, they’ll be asked to confirm that they want to join your team.
If the team member does not have a vThreat account yet, they’ll first be prompted to sign up and create their account. They’ll then be asked to confirm that they want to join your team.
Note: Only paid license holders can have teams, and only the account owner can add or remove team members. (You cannot use the trial version.) To obtain a license, please work with our Customer Service team. Once your account is activated, if you are still having trouble adding team members, please talk to Support.
If you need to change your password or update the email associated with your account, click your username and then click the “Settings” option.
You won’t see this information if you logged in with OAUTH/your Google account.
You can also cancel your account from this screen using the “Cancel my account” button, though we hope you’ll be in touch and let us know what we could do to improve before you cancel!