メニュー 日本語 Čeština Dansk Deutsch English (US) Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

新たな取り組みが始まります!2023年6月に新しいKnowBe4コミュニティを立ち上げるため、ナレッジベースのコミュニティ機能を廃止することになりました。新しいコミュニティでお会いできることを楽しみにしています。

Whitelist of IPs and Ranges for Validating User Phishing Events

回答済み
Avatar
Chris Hehn

In order to reduce 3rd party attack surfaces KB4 customers are increasingly going to find themselves in a position where it is not prudent or good security posture to bypass all of their email scanning and validation mechanisms.  In this post-SolarWinds environment I would like to propose a whitelist approach to User Phishing Test Event  validation/reporting/actions. 

Customers should be able to provide a list of Known IP addresses and ranges under which their users are known to operate.  The system should continue to log all events outside of these ranges but not apply them to smart group or risk score calculations.  Once a customer creates a whitelist of known IPs/Ranges screens such as the Dashboard, Campaign Overview, Campaign Users should only include events from those known IP addresses. Users should be able to review all events by turning of the whitelist filtering or preferably in an all recorded events report so they can check for unknown or unauthorized outside access.

This will allow users to continue to validate/scan/protect ALL INBOUND email while at the same time benefitting from the great services that KB4 can provide.

Through testing we have already validated that KB4 is using last in tracking for user events. Given this information a vulnerability scanning system can trigger an event such as an open and then click with one or set of IP addresses.  If the human user then actually performs events the values get updated with a new IP and time stamp. 

Allowing customers to specify the IPs that constitute valid user actions provides the following benefits:

  1. Customer's do not have to weaken their security posture to use your product.
  2. Customer's gain additional information to help them identify unauthorized 3rd parties accessing their emails. (IPs not on the whitelist are still logged and can be investigated if unknown)
  3. Customer's can use your data to identify email access on unauthorized devices.

Queries and data warehousing should be minimally impacted by a whitelist as it can be added as an optional filter broadly across queries.  WHERE ip NOT IN ips {xxx.xxx.xxx.xxx, ... }   You could choose to segment this data as it come in or on request.

  

6

コメント

5件のコメント

並べ替え基準 日付 投票
  • Avatar
    Walter Nelson

    Hi Chris,

    Thanks for posting to our community board. I have submitted this as a feature request on your behalf. I think this is a fantastic suggestion.

    4
    コメントアクション Permalink
  • Avatar
    Chris Hehn

    Walter,

    I'm glad you think so.  I would be happy to discuss any refinements or follow-up questions.  We have been dealing with and trying to work around this since late last year.  There is a support ticket that lead to this feature request if the dev team needs more details. 427182

    0
    コメントアクション Permalink
  • Avatar
    Walter Nelson

    Hi Chris,

    I have noted the feature request with this information so that our development team knows you are happy to discuss this further if they have questions.

    0
    コメントアクション Permalink
  • Avatar
    Chris Hehn

    Just checking in has there been any movement on this feature request?

    1
    コメントアクション Permalink
  • Avatar
    Walter Nelson

    Hi Chris,

    I do have an update for you. We have this on our roadmap as a planned feature however I do not have an ETA on when it will be implemented fully.

    1
    コメントアクション Permalink

サインインしてコメントを残してください。

お探しのものを見つけられませんでしたか?

新規投稿