mStorm Filter Performance (FP)

mStorm-FP tests your e-mail filters with a wide array of phishing and malware samples. These can have various formats, languages, attachments, zipped and encrypted. The result is a detailed report of what exactly goes through your filters and what is stopped. Of course this includes suggestions for adjustments.
Know What You Filter, and What not
Filter Performance

mStorm-FP tests your e-mail filters with a wide range of phishing and malware samples. The attacks generated by mStorm-FP simulate real threats, mimicking the most recent attacks observed in the wild. Your filters will be stressed with pretexts in multiple languages, with links, attachments or just convincing messages for your CEO. Thanks to the Monte Carlo simulation that we run, you get a detailed statistical report of what goes through your filters, what is stopped, and mitigation suggestions.

Know your Filters
Know your Filters

Make sure your filters are really getting all relevant attacks! Find out if your filters are all setup correctly.

Improve Filter Settings
Improve Filter Settings

mStorm-FP can uncover important hints for fine tuning your filters.

Millions of Attack Mutations
Millions of Attack Mutations

mStorm-FP comes with a huge library of phishing pretexts, malwares and filter by-pass techniques to really put your e-mail protection to the test.

A Framework to Deliver Millions of Phishing Mails

mStorm-FP is a microservice architecture written in Go that automates the process of delivering large amounts of e-mails, generated via predefined permutations, to a number of mailboxes that are protected by some anti-phishing/anti-malware filter. Simulations with hundreds of e-mail delivery domains (with different IP, provider and setup), each of them sending a configurable amount of e-mail test cases, ensure that even if the filter is configured aggressively the test is not impacted.

mStorm-FP delivery uses multiple methods, from marketing APIs to custom MTAs setups on different providers, because a heterogeneous delivery cluster is always recommended. Since e-mail delivery is monitored and all the e-mails are fetched via IMAP in real-time, it is possible to statistically analyze the behavior of the filter, understanding its weaknesses. Many times it is a combination of the filter being misconfigured, having a relaxed policy or, even worse, the filter not being able to detect certain types of attacks: for instance, links to reverse proxy setups with Muraena or similar OSS tools.

Just Like a Real Attack

mStorm-FP is resilient also in the phishing and malware infrastructure. Real reverse proxy setups, reverse shells with command and control servers using a variety of covert channels, all served as microservices registered on tens of different machines. Malware is generated with different mutation strategies depending on the type: An obfuscated VBA macro in Office is different than a link to a Chrome N-day exploit. Sandbox bypass techniques, request filtering and other advanced tricks are also used to check against APT-like attacks.

Evaluation of What Goes Through

Browser instrumentation also comes to play if your filter rewrites links and automation is needed. mStorm-FP has a component that is able to instrument all the needed user actions, simulating a link click or accessing the monitored mailbox via the Web GUI rather than only IMAP.

mStorm-FP also monitors the SMTP rejects, meaning e-mails that are blocked by your filter preemptively like attachments of .EXE files. Do you know if e-mails coming with a similar TLD, valid SPF and DKIM records, but no DMARC, are rejected? Moreover, is your system accepting e-mails coming from never seen domains registered 24 hours before, with just valid SPF records but not DKIM and DMARC ones?

Since mStorm-FP is very modular and microservice-oriented, it is easy to adapt it to any kind of bespoke attack or user interaction simulation (via browser instrumentation) that might be needed. This will be reflected in the Monte Carlo simulation and in the final report.

mStorm-AT training

Request a Demo

Get in touch! In a short video call our staff will show you the capabilities of our mStorm framework and will answer your questions. Contact us now!

Do you have questions?

Of course you have! Let us provide the answers: Just have a quick look at our Frequently Asked Questions (FAQ) section! Is there something missing, an answer is incomplete or you have a different question?: Please send us a message!

Visit the FAQ Send us a message
Dobré zprávy! mStorm-AT training now in 7 languages

We are adding a Czech translation to our mStorm-AT training. Our Web-based phishing awareness training is now available in 7 languages!

Take an on-line Demo in only 30 minutes!

Tour of mStorm's features and answers to your questions

FAQ now available!

We have now compiled a list of frequently asked questions for you, find answers in our brand new FAQ!