Success story: Hiding software-generated statistics (false positives)

Success story: Hiding software-generated statistics (false positives)

As we explained in our post: Do you really know what a Phishing simulation is? Are you sure?, the Whitelist process is used, among other things, to prevent security tools from interacting with Phishing simulation emails generating statistics on behalf of users (false positives). You can refer to that post to learn more about software-generated statistics.

While the Whitelist process can resolve this situation, its implementation requires:

  1. Know with certainty what security technologies are used in the organization.
  2. That each of the technologies used provides the possibility of configuring a Whitelist.

It seems to be increasingly difficult for both points to be fulfilled.

To keep in mind: many organizations think they have point 1 solved, but then end up being surprised when they discover a large number of unexpected IP addresses automatically interacting with their phishing simulation emails.

In addition, there are organizations that do not wish to implement a Whitelist directly, for various internal reasons.

So, what do we do with software-generated statistics (false positives)? How can we obtain reliable results in a simulation if there are interactions that have nothing to do with the behavior of our users?

At SMARTFENSE we offer a complementary (and for some organizations, alternative) solution to the Whitelist process which is the Output of software-generated statistics.

This solution allows:

  • Detect interactions generated by a software tool and define a time interval after which interactions become invalid.
  • Set filters at the user agent and IP address level.

While stat hiding is not set up overnight, but requires a process of refining over time, currently allows many organizations with Whitelist can obtain reliable results in their simulation campaigns, to the point of using these results to make decisions about users who fell into cheating (such as applying certain penalties).

In the following video we talk about this relevant topic with Ricardo Rojas, former CISO of a large corporation in Chile, who successfully implemented statistics hiding in his organization. As of today, this organization continues to take action against users who fall for simulated traps because they fully trust the results obtained.


Nicolás Bruna

Product Manager de SMARTFENSE. Su misión en la empresa es mejorar la plataforma día a día y evangelizar sobre la importancia de la concientización. Lidera el equipo de desarrollo y QA de SMARTFENSE. Ha escrito dos whitepapers y más de 50 artículos sobre concientización. También es uno de los autores de la Guía de Ransomware de OWASP y el Calculador de costos de Ransomware, entre otros recursos gratuitos.

Leave a Reply