$683
Starter Edition

The “STARTER EDITION” is suitable for small businesses up to 200 employees who want to run a few basic attack - and eLearning campaigns

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
Test Infrastrcuture
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
the prefered edition $3400
Advanced Edition

The “ADVANCED EDITION” is most suitable for security providers who have access to all attack methods in LUCY

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
Test Infrastrcuture
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
$11920
Business Edition

The “BUSINESS EDITION” is suitable for medium sized corporations. It comes with a larger variety of eLearning modules, more integration options of LUCY in the existing infrastructure and also services that ensure the quality of the setup

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
Test Infrastrcuture
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
$21901
Corporate Edition

The “CORPORATE EDITION” is suitable for large corporations. Equipped with all features and templates and a complete support package

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
Test Infrastrcuture
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
$31200
OEM/SaaS Editon

The “BUSINESS EDITION” is suitable for medium sized corporations. It comes with a larger variety of eLearning modules, more integration options of LUCY in the existing infrastructure and also services that ensure the quality of the setup

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
$683
Starter Edition

The “STARTER EDITION” is suitable for small businesses up to 200 employees who want to run a few basic attack - and eLearning campaigns

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
Test Infrastrcuture
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
the prefered edition $3400
Advanced Edition

The “ADVANCED EDITION” is most suitable for security providers who have access to all attack methods in LUCY

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
Test Infrastrcuture
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
$11920
Business Edition

The “BUSINESS EDITION” is suitable for medium sized corporations. It comes with a larger variety of eLearning modules, more integration options of LUCY in the existing infrastructure and also services that ensure the quality of the setup

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
Test Infrastrcuture
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
$21901
Corporate Edition

The “CORPORATE EDITION” is suitable for large corporations. Equipped with all features and templates and a complete support package

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
Test Infrastrcuture
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now
$31200
OEM/SaaS Editon

The “BUSINESS EDITION” is suitable for medium sized corporations. It comes with a larger variety of eLearning modules, more integration options of LUCY in the existing infrastructure and also services that ensure the quality of the setup

Setup
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) and allows external access to phishing simulations and training content within a secure zone (e.g. DMZ). more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate them and you can even run automated campaign using the LDAP API. For example, you can phish automatically new employees. more info (WIKI)
  • Unlimited Domain API
    Buy as many domain namesfor your phishing simulation or training directly in LUCY and let LUCY create the according DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically more info (WIKI)
  • 2-Faktor Authentication
    Two factor authentications for the LUCY administrator using an authentication app for your smartphone (IOS & Android). more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customize the application (admin domain, phishing domain, smtp server, link to WIKI, colours, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages etc) and the content (phishing & training templates as well as videos) according to the organization's preferences. more info (WIKI)
  • Certificate based authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords, Increase Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Flexible Email delivery methods
    Within the same campaign you can use different mail delivery methods to ensure that emails from attack simulations are not sent via the same infrastructure as emails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Each LUCY function can be controlled via REST. This allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • Advanced Security features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
Test Employees
  • Portable Media Attacks
    Hackers can also use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the ability to perform portable media attacks where a file template (e.g. executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenarios types (file-, data entry etc.) in the same campaign. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations that allow either testing the staff or the infrastructure. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit named “Interactive Sessions”. It allows you to communicate interactively with a client pc sitting behind firewalls using reverse http/s connections. more info (WIKI)
  • Mail Scanner
    Curious which e-mail addresses can be found for your organization on the internet? Use the mail scanner from LUCY and find out what a hacker already knows about your company. more info (WIKI)
  • SMiShing
    Smishing is created from mixing "SMS" and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email. more info (WIKI)
  • File Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macro's, PDF's, Executables, MP3 etc.) into mail attachments or websites generated on LUCY and to measure their download or execution. more info (WIKI)
  • Data Entry validation toolkit
    In phishing simulations, false positives must be prevented for logins (e.g. logins with invalid syntax). The company guidelines may also not allow the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • Website Cloner
    Create quickly highly professional landing pages for your campaign. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
  • Custom Homepage Creation
    Recipients with a better technical understanding could call the domain or IP address associated behind the randomly generated phishing link in a browser. To prevent error messages from appearing or the end user even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages to intercept the input of sensitive information. The web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as login forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing emails in each campaign, with the first benign email (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Multi-language attack template library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categoriesof data entry (templates with a website), file based (mails or websites with a file download), hyperlink (mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • Level based attacks
    Level based phishing training for employees serves to make the risk of social hacking measurable. Scientific analyses should also identify the most important risk factors so that individual training content can be offered automatically.
  • Hyperlink Attacks
    A hyperlink-based campaign will send users a mail with a randomized tracking URL within the mail. more info (WIKI)
  • Java Based Attacks
    Java based attacks allow the LUCY administrator to integrate a trusted applet within the file based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Simultaneous attack template usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Combine different types (hyperlink, file based etc) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. Combined with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, email, links, messages, division, country etc.) which you can use in landing- and message templates. more info (WIKI)
  • Powerful URL redirection toolkit
    LUCY's flexible redirection functions allow the user to be guided at the right moment to the desired areas of attack simulation or training. For example, after entering the first 3 characters of the password in a phishing simulation, the user can be redirected to a special training page. more info (WIKI)
  • PDF Based Attacks
    PDF based phishing attacks can be simulated with this module. LUCY allows to "hide" executable files as attachments in PDF's and to measure their execution. Furthermore, dynamic phishing links can be generated within PDF's. more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter as an example), these URL are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • DKIM / S/MIME Support for Phishing Emails
    Digital signatures for emails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
Train Employees
  • Reputation Based eLearning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).

    Based on the reputation profiles of the end users, the system can automatically deliver multiple training sessions to the users. The reputation profiles are based, for example, on the behaviour in the phishing simulations. This ensures that users who are repeated offenders receive different training content as those who click on an attack simulation for the first time. more info (WIKI)
  • Training Library
    The training library gives employees the opportunity to access an organization’s training content from an overview page called “training library”. The large selection of regular e-learning templates in LUCY serves as input. The overview page can be sorted by certain topics (video, quiz, test etc.). more info (WIKI)
  • Mobile-Responsive
    Many of LUCY’s build in modules are available in a mobile-responsive format that gives your users the flexibility to take training on any type of connected device.
  • End-user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, compare yourself with other departments or groups. more info (WIKI)
  • Statictraining support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Video Import/Export
    Export LUCY videos to your own system. Import your own video into LUCY. more info (WIKI)
  • Awareness Education Diploma
    E-Learning certificates can be created and printed out by the recipient of a training either directly within a training or inside the LMS portal. more info (WIKI)
  • Offline training support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer etc.
  • SCORM Export
    Export proven LUCY best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface more info (WIKI)
  • E-Learning Authoring Toolkit
    The E-Learning Authoring Toolkit (Adapt) allows the creation of individual learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Microlearning Modules
    We have designed microlearning training modules (e.g. 1-minute video’s or awareness 1 pagers) that can be tailored to the branding and policy needs of each LUCY client.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them or add own rich media.
  • Video customization
    Send us your company logo and we will include it in the training videos. You want another language? We will set the video to music in the desired language. You want a different scene? Download the video scripts and mark the desired changes. more info (WIKI)
Engage Employees
  • Report Emails with a single click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and additionally have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Threat Mitigation
    Behavioural threat mitigation: Revolutionary approach to eliminate email risks: the threat mitigator will support the security adminin shutting down the attack (e.g. automated report to according abuse team of providers involved in attack) more info (WIKI)
  • Incident user reputation profiles
    Classify users with an incident reputation score
  • Positive behaviour reinforcement
    Our plugin automatically provides positive behaviour reinforcement by immediately thanking end users with a custom message defined by your organisation.
  • Custom rule-based analysis
    Define your own rules for email analysis and risk calculations.
  • Integration with attack simulations
    Seamless report and dashboard integration with phishing simulations: identify users who have behaved exemplarily in a phishing simulation
  • Deep inspection request
    Sometimes users want to know if the received mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported email.
  • Plugin customisation options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header etc).
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365
  • Automatic Incident Analysis
    Manage and respond to reported suspicious mails using a centralized management console: LUCY analyser allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported emails. The Threat Analyzer brings a noticeable relief for the safety team’s work load.more info (WIKI)
  • Third party integration
    Using LUCY’s incident REST API automation, we can process reported emails and help your security team stopping active phishing attacks in progress. more info (WIKI)
  • Incident Auto Feedback
    The Incident Autoresponder allows automated notification to the end user of the results of the email threat analysis. The message text is freely configurable and the LUCY Email Risk Score can also be provided if required.more info (WIKI)
  • Identify attacks with common patterns
    Apply LUCY’s dashboard filters to detect common attacks vectors across your organisations. Search within all reported e-mails for similar indicators of compromise.
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web and which e-mail attachments are filtered out or not?more info (WIKI)
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and browser user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure formail spoofing vulnerabilitiesmore info (WIKI)
Reporting
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behaviour, submitted data etc.) in different formats (CSV, XML, RAW etc). Export user groups based on specific selection criteria’s in a campaign (trained, not trained, attack was successful etc.) more info (WIKI)
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location or division. Find out what the preferred times are for opening emails. Identify how users access their email or browser.
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs or IT security auditors. more info (WIKI)
  • Advanced Video tracking
    Go one step further in the evaluation of awareness videos and see who has watched in what length eLearning videos or possibly aborted the video before the end. more info (WIKI)
  • Comparison
    Compare campaigns with each other. Identify differences in click behaviour across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periodsmore info (WIKI)
  • Multi-tenant view only access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time.more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY’s Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG.more info (WIKI)
  • Advanced Quiz tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments.more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
Generic Features
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.more info (WIKI)
  • Role based access controls
    LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check and others.more info (WIKI)
  • Scheduler randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organisation. Many concurrent campaigns sent randomly are one of the best means of training employees.more info (WIKI)
  • Multi-layered user groups
    Quickly upload users in bulk via a CSV, LDAP or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on phishing campaign resultsmore info (WIKI)
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval.more info (WIKI)
  • Performance Tools
    LUCY smart routines are adapting the server installation to the given resources. Applications Server, DBMS Sizing, Memory or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ usersmore info (WIKI)
  • Multi-Client compatible
    "Clients" can be different companies, departments or groups to which a campaign is associated in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis.more info (WIKI)
  • Multilanguage admin interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request.more info (WIKI)
  • Campaign templates
    Do you want to reuse similar campaigns? Save a complete campaign with attack templates and E-learning content as a campaign template and save the time of having to repeat similar configurations over and over again.more info (WIKI)
  • Certificate (SSL)
    Allows the automatic, creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate.If you decide to use SSL for the campaign you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.more info (WIKI)
  • Setup Wizard with risk-based guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on company size and industry.more info (WIKI)
Services
  • Quality Certification
    A review is performed every twelve months or upon request: How the campaigns were done, findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
  • Sophisticated test and train service
    A sophisticated service contains the setup, configuration and the execution support of a FULLY CUSTOM technical social engineering and awareness campaign.
  • Installation Support
    We help to plan the integration of LUCY into your environment (DNS, Mail, LDAP, Firewall etc.), set up LUCY locally on a cloud server or support you on site (directly or through our partners).
  • Sophisticated training service
    A sophisticated training service contains the setup, configuration and the execution support of a FULLY CUSTOM awareness training program. Individual pricing applies.
  • Consulting Services
    Spot Consulting Services from our highly skilled staff for complex or special tasks. This service is provided exclusively by LUCY.Benefit from our 20 years of experience in the field of cyber security
  • Standard training only service
    A standard training service contains the setup, configuration and the execution support of an educational programme based on LUCYs awareness training templates.
  • Standard campaign service
    A standard campaign service contains the setup, configuration and the execution support of a technical social engineering campaign like a phishing simulation or a USB / Media Phishing Campaign. Includes is the rental of the infrastructure, the setup of the campaign and the delivery of the report.
  • Software Development Services
    Need a feature we don’t have in LUCY? We will develop it for you!
  • Quarterly managed campaigns
    Need someone to manage your phishing engagements for you? Let us manage the campaigns for you. With our managed services, you get quarterly phishing- and awareness campaigns across your organization with up to date templatesand anconsultant that will ensure the quality of the test. Once complete, you'll receive a quarterly, written, report from our expert.
Buy Now