Documentation


Creating An Account

To get started using vThreat, you need to first create an account. You can create your own username and password credentials on the sign up page, or just use an existing Google account to sign in.

signuppage.png

Help With Your Account

When you sign up to create an account (not using Google credentials), you should receive an email asking you to confirm your account within a few minutes. If you don’t, you can use the Resend Confirmation option on the sign up page to have the confirmation email sent to you again.

After you’ve created your account, if you ever forget your password, just use the “Forgot Password” option on the Login page to reset your password.

If you ever encounter any issues creating or accessing your account and the above steps don’t work, you can get help from us directly by emailing support@vthreat.com.

Getting Up and Running

When you log in, you’ll be greeted by the vThreat dashboard.

At the top of the dashboard screen is the menu bar, which contains options to set up environments you wish to analyze, customize how you gather vulnerability data, as well as set up scheduled and ad-hoc attack simulations. There are a number of settings and options here you’ll need to set up if you are using vThreat for the first time, which we’ll walk you through below.

The vThreat Analytics Screen

Beneath the menu bar is the vThreat analytics screen, which shows you the current status of devices and vulnerability trends in your environments, including: * Overall vulnerable clients * Plugins vs. Vulnerable plugins * Vulnerable Flash vs. Flash * Vulnerable Java vs. Java * Operating Systems * Browsers * Mobile Devices

In addition, the Analytics screen shows the potential for data and financial loss in your environments. The losses are calculated via simulated data exfiltrations on your existing vulnerabilities.

You can toggle the analytics screen to display trends over the last week or over the last 6 months.

dashboard.png

Add An Environment

Once you’ve signed in to vThreat, one of the first things you’ll need to do is add an environment to analyze, so you can start reporting on vulnerability trends and potential data loss.

To add an environment to analyze, just click the Environments > All Environments option at the top of screen, above the dashboard. Then click “New Environment” to add an environment to monitor.

Set Up Passive Vulnerability Detection

For vThreat to start tracking vulnerabilities in your environment, you have two options: Place custom Javascript code on a shared internal-facing page, or set up a custom redirect for all users within your environment. We’ll explain both options below.

Option 1: Insert The Custom Javascript Snippet

First, make sure you have selected the Environment you wish to analyze. Make sure the environment’s name appear in the top menu bar (to the right of “Simulation Results.”)

Next, in the top menu, click the Environment Variable (looks like a link) icon to the right of your environment’s name.

Then select the first item on the menu that reads “Analytics Code.” A lightbox will appear with the custom Javascript snippet you’ll need to place in the header or footer of an internal-facing page that your organization controls and that your users frequent.

analyticscodelightbox.png

For example, we recommend intranets, or internal-facing instances of platforms like Wordpress, Confluence, Sharepoint, Jive, or Wikimedia. The key thing is that it is in the header or footer of an internal-facing page that your users frequent.

You can post this same Javascript snippet in multiple places if you’d like to get a cumulative understanding of threats across all your environments.

Alternately, you can generate new Javascript snippets for each of your environments. This can be beneficial if you’d like to compare and contrast performance between different environments, for example, between different office locations or localizations.

Option 2: Set Up A Redirect

If you don’t have the ability to place the Javascript snippet, or just prefer to use another method, you can also set up a redirect URL. vThreat will create a gateway page that runs a vulnerability check on the end user’s system, but the end user will be sent right to their normal default website.

For example, if your company has a default setting for all browsers to have the company website as their homepage, set up the redirect URL in vThreat to your company’s website, and vThreat will generate the gateway URL for you, which you will want to set as the new default for all users you wish to monitor. The gateway will seamlessly redirect users to the company website, so their experience remains the same.

To set this up, first click the Environment Settings (gears) icon in the top menu bar, and then select “Redirect URL.”

On the next page, click “Add Redirect URL” and enter the URL you want your end users to be redirected to after the gateway page, like your company’s website for example. Make sure to put the full path (e.g. https://www.foo.com) and not just foo.com. Hit save.

Next, to grab the gateway URL, click the Environment Variable (looks like a link) icon in the menu bar and then click “Landing Link” in the drop-down menu. A lightbox will appear with the URL you’ll want to send users to. We recommend setting it as their browser’s default homepage if possible.

landingpage.png

Configure and Schedule Automated Attack Simulations

In order to determine the true risk presented by vulnerabilities in your environment, you’ll want to run simulations. While you can run simulations on an ad-hoc basis (which we’ll cover later), we strongly recommend running simulations whenever vulnerabilities are detected.

To do this, click the Environment Settings (gears) icon in the menu bar and select “Instructions.” In the next screen, you can select what kinds of simulations you want to run whenever vulnerabilities are detected: * Credit card exfiltration * SSN exfiltration * Medical record exfiltration * DNS tunneling * Egress scan * Custom text: You can set vThreat to try and exfiltrate specific strings, such as sensitive text proprietary information relevant to their organization.

By default, credit card exfiltration is selected for you.

Add Custom Text

To set the custom text to be exfiltrated during simulations, click the Environment Settings (gears) icon in the top menu and select “Custom Text.” In the next screen, you can add the value for the strings by hitting “New Custom Text.” You can monitor for multiple strings, or deselect strings you wish to ignore.

customtext.png

Modify the Schedule For Automated Attack Simulations

By default, vThreat analyzes and runs attack simulations on each system daily.

If you want fewer alerts, you can modify the system to run scans weekly instead. To do this, click the Environment Settings (gears) icon and select “Interval.” A lightbox will appear with the option to toggle analysis from Daily to Weekly.

interval.png

Scans occur in the background using passive vulnerability detection, so there’s no need to schedule a specific time for the analysis to occur.

Run Ad-Hoc Attack Simulations

In addition to automated attack simulations, you can also run a number of ad-hoc attack simulations. There are three different ways to run ad-hoc simulations: 1) Test local environments on-demand 2) Send a simulation to someone who might not be on premesis. 3) Email a simulation to test email security systems

Since vThreat is cloud-based, there’s no need to make configuration changes or to set up a VM or an agent to run any of these types of simulations, including those you send to others.

To get started, click the Attack Simulation (►) button to the left of your username. You can scroll through the drop-down menu for the types of simulations available, or just type in a keyword to find a specific simulation.

sims.png

Run A Local On-Demand Simulation

Local on-demand simulations are at the top of the list and start with “I want to simulate…” Simply click the simulation name and it will run. Click “See Results” when it completes.

Send Someone Else A Simulation

In the simulation drop-down list, any simulation that starts with “I want to send…” will send your simulation to someone else.

Select the type of simulation you wish to send, and then enter their email address.

The recipient will receive an email from vThreat, with the subject line of “(your email address) sent a vThreat simulation,” and there will be a link in the email that says “Run Simulation” they’ll need to click so the assessment can take place.

sentsimexample.png

They’ll be able to click “See Results” upon completion of the simulation to see how it performed.

Email Yourself A Simulation

Any simulation in the simulation drop-down menu that starts with “I want to email myself…” will allow you to email yourself a simulation to check that your email filtering is working and that malicious attachments are being blocked as they should be. Attachment types include Meterpreter EXE and JAR files, executables, EICAR, Mimikatz, and Powershell files.

If your systems are working as they should be, you’ll get an email without an attachment (as the malicious attachment should be blocked by your systems). Still, the text of the email you’ll receive will show the hash for the attachment, just in case it does get through and you want to verify the file you received is what vThreat sent.

emailsimexample.png

Important Note: Any ad-hoc simulations are NOT logged in analytics in order to prevent contaminating an environment you’re testing; however, the vThreat analytics dashboards Data Loss & Financial Loss tabs DO reflect the results of ad hoc simulations.

Review Results of Automated and Ad-Hoc Attack Simulations

To view the results of your automated attack simulations, simply click “Simulation Results” in the top menu bar.

The Simulation Results screen will show you the type of simulation run (whether it was run locally or sent to someone else), the simulation or exfiltration attempted, whether or not it was successful and when the simulation occured.

simulationresults.png

To drill down into the results, click on the entry of the simulation. The detailed results screen will show you the full information about how the simulation was run.

Specifically for credit card information, you’ll also see relevant context about compliance.

creditcard.png

Account Administration

Adding Members To Your Team

To add members to your team, click your username and click “Team” in the dropdown menu that appears. Next, hit “Invite Member” and type in your team member’s email address.

Your team member will receive an email letting them know they’ve been invited to the team, and they’ll need to click the link in the email to confirm their registration (it’s not phishing, we promise).

If the team member already has a vThreat account, when they click the link in their email, they’ll be asked to confirm that they want to join your team.

If the team member does not have a vThreat account yet, they’ll first be prompted to sign up and create their account. They’ll then be asked to confirm that they want to join your team.

Note: Only paid license holders can have teams, and only the account owner can add or remove team members. (You cannot use the trial version.) To obtain a license, please work with our Customer Service team. Once your account is activated, if you are still having trouble adding team members, please talk to Support.

Modifying or Cancelling Your Account

If you need to change your password or update the email associated with your account, click your username and then click the “Settings” option.

You won’t see this information if you logged in with OAUTH/your Google account.

You can also cancel your account from this screen using the “Cancel my account” button, though we hope you’ll be in touch and let us know what we could do to improve before you cancel!