LUCY software editions

You have the option to buy just the software, then purchase additional services as needed. LUCY Server can be installed on your own infrastructure or we can host it for you in the cloud. You don’t want to buy any software? No problem! Let us arrange an individual service package for you.

The prices recur annually. If desired, multi-year licenses can be purchased. Select your desired subscription duration to display the corresponding discount.

1 Year

$960
Starter Edition

The STARTER EDITION is suitable for small businesses with up to 200 employees* (*recipient limit 1200). If you want to perform some basic attack simulations with a limited selection of e-learning content, this option is for you.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
$3800
Professional Edition

The PROFESSIONAL EDITION focuses on attack simulations available through unlimited campaigns and recipients with the main attack vectors (hyperlink and web-based attack simulations, spear phishing, file-based attacks, etc.).

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
the prefered edition $7600
Premium Edition

The PREMIUM EDITION offers unlimited campaigns and recipients and comes with a larger variety of e-learning modules, more features, and supporting services.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 2. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
$Ask us
Ultra Edition

The unlimited ULTRA EDITION has all features unlocked, offers full access to all attack and e-learning templates, includes video and template customizations, as well as premium support and additional service options.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
FREE (VARIABLE COSTS) $Free
OEM Edition

The OEM EDITION is suitable for MSP's, service providers, and distributors who want to provide white labeled LUCY instances within their own environment for their customers.
more info

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now

2 Years 10% discount

$864
Starter Edition

The STARTER EDITION is suitable for small businesses with up to 200 employees* (*recipient limit 1200). If you want to perform some basic attack simulations with a limited selection of e-learning content, this option is for you.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
$3420
Professional Edition

The PROFESSIONAL EDITION focuses on attack simulations available through unlimited campaigns and recipients with the main attack vectors (hyperlink and web-based attack simulations, spear phishing, file-based attacks, etc.).

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
the prefered edition $6840
Premium Edition

The PREMIUM EDITION offers unlimited campaigns and recipients and comes with a larger variety of e-learning modules, more features, and supporting services.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 2. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
$Ask us
Ultra Edition

The unlimited ULTRA EDITION has all features unlocked, offers full access to all attack and e-learning templates, includes video and template customizations, as well as premium support and additional service options.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
FREE (VARIABLE COSTS) $Free
OEM Edition

The OEM EDITION is suitable for MSP's, service providers, and distributors who want to provide white labeled LUCY instances within their own environment for their customers.
more info

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now

3 Years 20% discount

$768
Starter Edition

The STARTER EDITION is suitable for small businesses with up to 200 employees* (*recipient limit 1200). If you want to perform some basic attack simulations with a limited selection of e-learning content, this option is for you.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
$3040
Professional Edition

The PROFESSIONAL EDITION focuses on attack simulations available through unlimited campaigns and recipients with the main attack vectors (hyperlink and web-based attack simulations, spear phishing, file-based attacks, etc.).

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
the prefered edition $6080
Premium Edition

The PREMIUM EDITION offers unlimited campaigns and recipients and comes with a larger variety of e-learning modules, more features, and supporting services.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 2. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
$Ask us
Ultra Edition

The unlimited ULTRA EDITION has all features unlocked, offers full access to all attack and e-learning templates, includes video and template customizations, as well as premium support and additional service options.

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now
FREE (VARIABLE COSTS) $Free
OEM Edition

The OEM EDITION is suitable for MSP's, service providers, and distributors who want to provide white labeled LUCY instances within their own environment for their customers.
more info

Setup
  • Advanced Security Features
    LUCY can be secured according to company specifications and comes with a wealth of security features such as brute force protection, implementation of password policies, activation of custom ports for administration, IP based access restrictions for administration, ability to create custom error pages and directories for administration, logging of activities, etc. more info (WIKI)
  • Certificate-Based Authentication
    Certificate-based authentication is the use of a digital certificate to identify a user, machine, or device before granting access to LUCY. more info (WIKI)
  • Flexible e-Mail Delivery Methods
    Within the same campaign, you can use different mail delivery methods to ensure that e-mails from attack simulations are not sent via the same infrastructure as e-mails for training. In addition to the built-in mail server and optional external SMTP servers, the admin can also use a LUCY mail infrastructure with an excellent delivery reputation to mitigate possible problems with spam filtering. more info (WIKI)
  • LDAP API
    Facilitates the address and user management: You can Import user data, authenticate it, and even run automated campaign using the LDAP API. For example, you can automatically phish new employees. more info (WIKI)
  • LDAP Sync
    The LDAP sync process ensures that new hires and employees leaving the company are automatically synchronized with the group. For example, new hires can automatically receive training or a baseline phishing simulation.
  • On Premise DMZ Support
    LUCY's dual master/slave setup allows the customer to create a separation between the Internet (untrusted network) and the internal network (trusted network) thus achieving external access to phishing simulations and training content within a secure zone (e.g., DMZ). more info (WIKI)
  • REST API
    A powerful REST API allows you to fully integrate LUCY into your system landscape. Moreover, each LUCY function can be controlled via REST which allows you to initiate attack simulations or trainings from other systems. The REST API also allows all collected data to be automatically exported to surrounding applications. more info (WIKI)
  • SAML Single Sign-On (SSO)
    Eliminate Passwords while Increasing Security and Convenience: Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application.
  • Unlimited Domain API
    Buy as many domain names for your phishing simulation or training directly in LUCY and let LUCY create the corresponding DNS records (SPF, MX, Wildcard A-Record, Whois protection) automatically! more info (WIKI)
  • White Labelling
    LUCY's white labelling allows you to customized the application (admin domain, phishing domain, SMTP server, link to WIKI, colors, background & fonts of the UI, login logo & copyright, display software name, name of the mail plugin, system error pages, etc.) and the content (phishing & training templates as well as videos) according to the organization 's preferences. more info (WIKI)
  • 2-Factor Authentication
    Two-factor authentication for the LUCY administrator using an authentication app for your smartphone (iOS & Android). more info (WIKI)
Test Employees
  • Attack URL Variations
    Take control of the URLs generated to identify the recipients. Use automated short (< 5 digits) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must. more info (WIKI)
  • Basic Attack Templates
    The basic attack library contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Custom Homepage Creation
    Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic "homepages" within LUCY for the domains used in the phishing simulation. more info (WIKI)
  • Data Entry Attacks
    Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge. more info (WIKI)
  • Data Entry Validation Toolkit
    In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY offers a flexible input filtering engine that offers a suitable solution for every requirement. more info (WIKI)
  • DKIM / S/MIME Support for Phishing E-mails
    Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score. more info (WIKI)
  • Double Barrel Attacks
    This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient. more info (WIKI)
  • Extended Attack Template Library
    The extended attack library contains a selection of LUCY templates which can be used out of the box for a wide range (< 100 templates) of attack simulations.
  • File-Based Attacks
    File-based attacks allow the LUCY administrator to integrate different file types (Office documents with Macros, PDF's, Executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate. more info (WIKI)
  • Full Attack Template Library
    The full attack library includes all attack templates (> 300) which are available in LUCY
  • Hyperlink Attacks
    A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL. more info (WIKI)
  • Java-Based Attacks
    Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates into LUCY and to measure their execution by the user. more info (WIKI)
  • Level-Based Attacks
    Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
  • Mail Scanner
    Curious which e-mail addresses in your organization can be found on the Internet? Use LUCY’s mail scanner and find out what a hacker already knows about your company. more info (WIKI)
  • Mixed Attacks
    Mixed Attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign. more info (WIKI)
  • Multilingual Attack Template Library
    LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data Entry and download) and portable media. more info (WIKI)
  • PDF-Based Attacks
    PDF-based phishing attacks can be simulated with this module. LUCY allows "hiding" executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs. more info (WIKI)
  • Pentest Kit
    The Pentest Kit is a submodule of the malware simulation toolkit and goes by the name “Interactive Sessions.” It allows you to communicate interactively with a client pc that sits behind firewalls by using reverse http/s connections. more info (WIKI)
  • Portable Media Attacks
    Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office with macro, etc.) can be stored on a portable media device such as USB, SD card or CD. The activation (execution) of these individual files can be tracked in LUCY. more info (WIKI)
  • Powerful URL Redirection Toolkit
    LUCY's flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection. more info (WIKI)
  • Ransomware Simulation Attacks
    LUCY has two different ransomware simulations, one of which tests the staff, and the other, the infrastructure. more info (WIKI)
  • Sector Specific Templates
    Availability of attack templates for specific industries.
  • Simultaneous Attack Template Usage
    LUCY gives you the option to use multiple simulated attack templates in a single campaign. Mix the different types (hyperlink, file-based, etc.) with different attack themes to achieve the largest possible risk coverage and a better understanding of employee vulnerabilities. In combination with our scheduling randomizer, complex attack patterns can be executed over a longer period of time. more info (WIKI)
  • Spear Phishing Simulation
    The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates. more info (WIKI)
  • SMiShing
    Smishing is, in a sense, "SMS phishing." When cybercriminals "phish," they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.more info (WIKI)
  • URL Shortening
    URL shorteners are a relatively new Internet service. As many online social services impose character limitations (Twitter as an example), these URLs are very practical. URL shorteners, however, can be used to hide the real target of a link. As cyber criminals use it to hide links to phishing or infected websites, we also offer the possibility to integrate different shortener services within a phishing or smishing campaign. more info (WIKI)
  • Website Cloner
    Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download and more. more info (WIKI)
Train Employees
  • Awareness Education Diploma
    Certificates of eLearning can be created and printed out by the recipient either directly within a training or inside the LMS portal. more info (WIKI)
  • Basic Education Template Library
    The basic educationlibrary contains a small selection (< 20 templates) of LUCY templates for the most common attack types.
  • Dynamic Training Hints
    The dynamic hints allow the administrator to set markers within the attack templates, which then indicate to the employee within the e-learning where the phishing attack may have been detected.
  • End user Training Portal
    Learning Management System (LMS) functionality: Give the employee a permanent access to a personal training homepage, with your own courses tailored for them. Allow access to performance statistics, resume or repeat training, create course certificates, comparison with other departments or groups. more info (WIKI)
  • e-Learning Authoring Toolkit
    The eLearning Authoring Toolkit (Adapt) allows the creation of individualized learning content. Drag and drop videos or any other rich media format, insert exams from pre-defined menus, create interactive e-learning content from scratch in a short time. more info (WIKI)
  • Extended Education Template Library
    The extended educationlibrary contains a selection of LUCY templates which can be used out of the box for a wide range (< 50 templates) of IT security topics.
  • Full Education Template Library
    The full education library includes all awareness templates (> 200) which are available in LUCY
  • Microlearning Modules
    We have designed microlearning training modules (e.g., 1-minute videos or awareness 1-pagers) that can be tailored to the branding and policy needs of your organization.
  • Mobile-Responsive
    Many of LUCY’s built-in modules are available in a mobile-responsive format that gives your users the flexibility to take the training on any type of connected device.
  • Offline Training Support
    LUCY is supplied with a series of editable templates (adobe photoshop or illustrator files) for awareness training by poster, screensaver, flyer, etc.
  • Rich Media Awareness Training
    Integrate rich media (video, audio, or other elements that encourage viewers to interact and engage with the content) in your awareness trainings. Use the existing educational videos, adapt them, or add your own rich media.
  • Reputation-Based e-Learning
    Train your employees according to their required skills. Measure the ability of the employees and enable friendly competition between colleagues at work (gamification).
    Based on the reputation profiles of the end users, the system can automatically supply them with multiple training sessions. The reputation profiles are based, for example, on the behavior in the phishing simulations. This ensures that users who are repeated offenders receive different training content than those who click on an attack simulation for the first time.more info (WIKI)
  • SCORM Import/Export
    You can also export LUCY’s proven best practice training content to another LMS (Learning Management Solution) with the widely used SCORM interface. more info (WIKI)
  • Static Training Support
    Training content can also be published on static pages within LUCY or the intranet, giving the user permanent access to training content, independent of possible attack simulations. more info (WIKI)
  • Training Library
    Your employees can access your organization ’s training content from an overview page called “training library.” It contains a large selection of LUCY’s regular e-learning templates that serve as input. The overview page can be sorted by certain topics (video, quiz, test, etc.). more info (WIKI)
  • Video Customization
    Send us your company logo and we will include it in the training videos. You want another language? No problem. We will set the video to play in the language you prefer. You want a different scene? Simply download the video scripts and mark the desired changes. more info (WIKI)
  • Video Import/Export
    You can export LUCY videos to your own system as well as import your own videos into LUCY. more info (WIKI)
Engage Employees
  • Automatic Incident Analysis
    Manage and respond to reported suspicious e-mails using a centralized management console: LUCY analyzer allows an automated inspection of reported messages (header & body). The Analyzer includes an individual risk score, providing a real-time ranking of reported e-mails. The Threat Analyzer brings a noticeable relief for the safety team’s work load. more info (WIKI)
  • Custom Rule-Based Analysis
    Define your own rules for e-mail analysis and risk calculations.
  • Deep Inspection Request
    Sometimes users want to know if the received e-mail can be opened safely. The user can optionally use the “deep inspection request” within the local plugin to tell the security team that he wants feedback on the reported e-mail.
  • Easy Installation
    Install the Phishing Incident Plugin for Outlook, Gmail, Office365.
  • Identify Attacks with Common Patterns
    Apply LUCY’s dashboard filters to detect common attack vectors across your organization. Search within all reported e-mails for similar indicators of compromise.
  • Incident Auto Feedback
    The Incident Autoresponder allows sending an automated notification to the end user providing the results of the e-mail threat analysis. The message text is freely configurable, and the LUCY Email Risk Score can also be included, if required. more info (WIKI)
  • Incident User Reputation Profiles
    Classify users with an incident reputation score.
  • Integration with Attack Simulations
    Seamless report and dashboard integration with phishing simulations: identify the users who have behaved exemplarily in a phishing simulation.
  • Plugin Customization Options
    LUCY allows an easy customization and a complete white labelling of various plugin functions (displayed icon, feedback messages, ribbon label, transmission protocol, sent header, etc.).
  • Positive Behavior Reinforcement
    Our plugin automatically provides positive behavior reinforcement by showing gratitude to end users with a custom message defined by your organization.
  • Report e-Mails with a Single Click
    End users can report suspicious e-mails with a single click to one or multiple e-mail accounts and have them forwarded to your LUCY incident analysis console. more info (WIKI)
  • Third Party Integration
    Using LUCY’s incident REST API automation, we can process reported e-mails and help your security team stop active phishing attacks while in progress. more info (WIKI)
  • Threat Mitigation
    The behavioral threat mitigator is a revolutionary approach to eliminating e-mail risks. It will support the security admin in shutting down the attack (e.g., sending an automated report to specified abuse team of providers involved in the attack). more info (WIKI)
Test Infrastrcuture
  • Active and Passive Client Vulnerability Detection
    Local testing of the client browser and detection of possible vulnerabilities based on custom JavaScript libraries and the browser’s user agent data. The discovered plugins can be automatically compared with the vulnerability databases (CVE) to identify vulnerable devices. more info (WIKI)
  • Mail and Web Filter Test
    This functionality provides the answer to one of the most important questions in securing Internet and mail traffic: Which file types can be downloaded from the Web, and which e-mail attachments are filtered out or not? more info (WIKI)
  • Malware Testing Toolkit
    The malware simulation toolkit is an advanced malware simulation suite capable of emulating various threat simulations. It allows an auditor to access an advanced set of features equivalent to many of the tools employed by criminal gangs. The tool therefore allows the user to perform security checks without involving employees outside your IT department. more info (WIKI)
  • Spoofing Test
    Test your own infrastructure for mail spoofing vulnerabilities. more info (WIKI)
Reporting
  • Advanced Video Tracking
    Go one step further in the evaluation of eLearning awareness videos. This option allows you to track which users have watched the videos and in what length, as well as which have stopped watching before the end. more info (WIKI)
  • Advanced Quiz Tracking
    When analyzing the interactive content within LUCY reporting or dashboards, you can see who answered which question and when, how long the user has been on the site, and how he compares to other company departments. more info (WIKI)
  • Benchmark
    The benchmark enables you to compare the results of different campaigns with industry standard values. The benchmark uses an internal database that is enriched by LUCY Security's own campaigns or anonymized external data. No data is transferred to LUCY Security AG. more info (WIKI)
  • Bounce and Out-of-Office Reporting
    Non-Deliver reports, absence messages, or any form of automatic e-mail replies can be intercepted and analyzed.
  • Business Intelligence
    LUCY provides extensive analytics and reporting about employee responses to various phishing attack scenarios. Identify the weakest department, location, or division. Find out what the preferred times are for opening e-mails. Identify how users access their e-mail or browser.
  • Comparison
    Compare campaigns with each other. Identify differences in click behavior across different scenarios, divisions, or user groups. Create trend analysis across one or more campaigns over pre-defined time periods. more info (WIKI)
  • Comprehensive Reporting
    Create comprehensive campaign reports in Excel, Word, PDF, or HTML using customizable templates that can include screenshots and configuration settings in addition to all campaign statistics. Create your own campaign report templates for different employees such as CSOs, CROs, or IT security auditors. more info (WIKI)
  • Export Features
    Export campaign statistics (OS, IP, browser, plugins, location, click behavior, submitted data, etc.) in different formats (CSV, XML, RAW, etc.). Export user groups based on a campaign’s specific selection criteria (trained, not trained, attack was successful, etc.). more info (WIKI)
  • Landing Page Time Tracking
    You can measure exactly how long the user stays on the particular website in the attack scenarios as well as in the training exercises.
  • Multi-Tenant View-Only Access
    Create View-Only users and assign them to specific campaigns. Allow your IT management or senior management to track specific campaign statistics in real time. more info (WIKI)
  • Realtime Dashboard
    The Realtime Dashboard serves as cockpit containing the most relevant campaign statistics. more info (WIKI)
  • Support for Anonymization and Data Protection
    The anonymization options meet the strictest guidelines worldwide. The system is also able to anonymize certain attributes (division, department, country, etc.) if the number of measurements allows conclusions to be drawn about the user’s identity. more info (WIKI)
Generic Features
  • Approval Workflows
    A given campaign can be submitted to a supervisor in LUCY for approval. more info (WIKI)
  • Campaign Checks
    Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others. more info (WIKI)
  • Campaign Templates
    In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again. more info (WIKI)
  • Certificate (SSL)
    Allows the automatic creation of official and trusted certificates for the admin backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates. more info (WIKI)
  • Full Mail Communication Client
    A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.
  • Multi-Language Admin Interface
    The LUCY admin interface is available in different languages and can be translated into other languages on request. more info (WIKI)
  • Multi-Client Compatible
    "Clients" can refer to different companies, departments, or groups which have an associated campaign in LUCY. These customers can be used, for example, to allow campaign-specific access or to create customer-specific analysis. more info (WIKI)
  • Multi-Layered User Groups
    Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results. more info (WIKI)
  • Performance Tools
    LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory, or CPU usages are calculated during installation or during operations. You can scale a single cloud-based LUCY Installation for 400,000+ users. more info (WIKI)
  • Reminders
    Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time. more info (WIKI)
  • Role-Based Access Controls
    LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. more info (WIKI)
  • Scheduler Randomization
    Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees. more info (WIKI)
  • Setup Wizard with Risk-Based Guidance
    LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry. more info (WIKI)
Services
  • Consulting Service Subscription
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Hours included in the
    package: 4. Validity: 1 year.
  • Custom Template Creation
    We adapt one of our existing attack and awareness template for your campaign. This includes content adjustments and alignment with your corporate design.
    Maximum iterations: 3. Maximum number of pages: attack template 3, awareness template 6.
  • Custom Video Creation
    We customize one of our training videos for your company: the watermark is removed and we put your logo and company name under the video.
    Number of videos: 1. video type: LUCY standard videos.
  • Installation Support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall etc.) locally or on a cloud server.
    Tools: Live web session or SSH.
    Hours included in the package: 3. Validity: 1 year.
  • Quality Certification
    A campaign review is performed every twelve months or upon request: findings, suggestions for future campaigns and more. It includes a supervisory analysis, a report and a LUCY certificate at the end of the process.
    Hours included in the package: 2.Tools: Live web session
  • Standard Phishing & Training Simulation
    A standard campaign service contains the setup, configuration and the execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign and the delivery of the report. Attack scenarios included in the campaign: 2. Maximum iterations 3. Included is also domain reservation fee.
  • Support Subscription: Business
    Hours included in the package: 12. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Premium
    Hours included in the package: 24. Access to support ticketing system & live web sessions. Support hours Mo-Fr during business hours (CET & CST.) Support cases based on software errors are free of charge.
    Maximum 12 h response time. Validity: 1 year.
  • Support Subscription: Standard
    Hours included in the package: 2. Access to support ticketing system. Support hours Mo-Fr during business hours (CET.) Support cases based on software errors are free of charge.
    Maximum 24 h response time. Validity: 1 year.
Infrastructure
  • Virtualized Private Server, Professional
    VPS - KVM Professional (CPU 3 Cores, RAM 4.096 MB, DISK 140 GB SSD, 12 months rental)
  • Virtualized Private Server, Premium
    VPS - KVM Premium (CPU 4 Cores, RAM 8.192 MB, DISK 300 GB SSD, 12 months rental)
  • Virtualized Private Server, Ultra
    VPS - KVM Ultra (CPU 6 Cores, RAM 16.384 MB, DISK 600 GB SSD, 10 TB traffic/month, 12 months rental)
Buy Now

Lucy Services

  • null
    Identify and investigate information exposure

    Your organization’s online threats may not just come from phishing. Measuring the online exposure gives your company a clear and comprehensive picture of the information available to potential hackers.

  • Employee threat intelligence
    How exposed are your employees through the data leaks available online? We search the Darknet for existing data leaks and thus show a comprehensive risk picture, which does not only include the inside view. Request more info…
  • Employee online foot printing
    Analysis of attack potential: Which sensitive employee information can be viewed on the Internet? What do employees communicate via their company e-mail address when on the Internet?
  • null
    Identify technical risks

    What harm could a real attacker do if your employee excutes a malicious file? What are the file types that an attacker could deliver to your employees? These and other questions will be answered in the technical tests.

  • Mail and web filter test
    Interested in finding out what type of malware can slide through your perimeter? How is your infrastructure secured against spoofing, malware, etc.? Book a mail and web filter test with our security consultants. Want to know more? …
  • Local security test
    What is the effective risk if an employee executes a dangerous file type? How well does technical protection work to prevent data leakage? Want to know more? …
  • null
    Test and educate employees

    Give your employees the knowledge they need to avoid falling victim to cyber criminals. Teach them through managed simulated phishing campaigns, targeted workshops, and online training, each tailored to suit your organization and needs.

  • Standard phishing & training simulation
    A standard campaign service contains the setup, configuration, and execution support of an attack simulation (optionally combined with training) based on the LUCY standard modules. Included is the rental of the infrastructure, the setup of the campaign, and the delivery of the report. Want to know more? …
  • Managed campaigns
    Let us manage the campaigns for you. With our managed services, you get periodic phishing and awareness campaigns across your organization with up-to-date templates and a consultant that will ensure the quality of the test. Once complete, you’ll receive a periodic written report from our expert. Want to know more? …
  • Custom test and train service
    A custom service contains the setup, configuration and execution support of a FULLY CUSTOM attack simulation and awareness campaign. Individual pricing applies. Want to know more? …
  • Quality certification
    A campaign review is performed every twelve months or upon request, including findings, suggestions for future campaigns, and more. It also contains a supervisory analysis, a report, and a LUCY certificate at the end of the process. Want to know more? …
  • Custom template creation
    We can easily adapt our attack and awareness templates for your campaign. This includes content adjustments and alignment with your corporate design. Want to know more? …
  • Semi-custom video creation
    We can easily customize our training videos for your company’s needs: the LUCY watermark is removed and we put your logo and company name under the video. Want to know more? …
  • Security culture assessment
    Analysis of the safety culture: The current safety culture is identified and evaluated through interviews, surveys, and analyses of the guidelines. Want to know more? …
  • Consulting services
    Our senior security consultants are available to support you in the planning and implementation of awareness campaigns. Want to know more? …

Extras

  • null
    Support and setup

    Setting up the software on a reliable infrastructure that is controlled only by you is a key factor for the success of your campaign. We offer virtualized servers in various countries around the world as well as dedicated root servers. Our support services also ensure the smooth operation of your LUCY configuration.

  • Installation support
    We help to setup and integrate LUCY into your environment (DNS, Mail, LDAP, Firewall, etc.) locally or on a cloud server.
  • Server infrastructure
    Running the software from a reliable infrastructure which is controlled only by you is a key factor for the success of your campaign. We offer virtualized servers in different countries all over the world as well as dedicated root servers.
  • Standard support
    One hour of free support. Access to support ticketing system. Support hours are Mo-Fr during business hours (CET). Support cases based on software errors are free of charge. Maximum 24 h response time.
  • Premium support
    12 hours of free support. Access to support ticketing system & live web sessions. Support hours are Mo-Fr during business hours (CET & CST). Support cases based on software errors are free of charge. Maximum 12 h response time.