top of page

Phishing Controls Validation

elite infosec, critical infrastructure, high impact, compliance




Key Roles


Key Feature Aspects:

rigorous, scalable, continuous, easy

About this Use Case


Progress Updated Periodically

BreachRisk can be used to test multiple layers of the email security stack. We don’t just test delivery and opens. In our approach to spearphishing, we automatically find targets, execute campaigns, and launch tests. However, like attackers, we avoid detection and we focus on completing a specific objective. Along the way, email security controls might defeat our attempts. This allows for testing of the all or most of the email security stack.

Success Summary

Why BreachRisk™ is a good fit

Our “set it and forget it” automated approach will notify administrators when we’ve been able to actually exploit employees. Our risk calculus gives credit when our attacks are defeated, and administrators can see exactly which controls worked.

Barriers or misconceptions

You wouldn’t whitelist attackers, so you won’t whitelist us. Staying ahead of evolving email security is a challenge but keeps our service incredibly potent and realistic.

Key outcomes

Advanced organizations and rating schemes (e.g. insurance) need accurate indications of email risk and reduced false positives.


Typical phishing services require you to provide a list of users/emails, whitelist deliver, and closely manage campaigns. That can accomplish a very baseline level of understanding of your phishing risk, but it ignores majors sources of risk and doesn’t give enough credit for security controls.

BreachRisk phishing services don’t require any of that. Don’t tell us who your users are. Don’t whitelist us. Don’t manage the campaign. Those are our problems to solve. And this approach means you’ll see what attackers can actually do, and which of your controls are actually working.

We have numerous customers using our phishing services.

bottom of page