Jericho Security

Overview

Jericho Security offers completely customizable, high-quality training videos and phishing simulations that teach users how to comply with internal policies, identify security risks within the workplace, and respond to those risks, with a focus on sophisticated spear-phishing attacks.

Jericho Security’s standout feature is its AI engine, CyberGPT, which enables administrators to create incredibly convincing AI-generated phishing emails that sound like they’re coming from a real person, as well as highly effective training videos and quizzes. These customizable phishing simulations and tailored awareness training features are where Jericho Security shines the brightest.

It's important to note that this platform is still actively in development, with some features still in beta or not yet released. Because of this, it will need some additional time and resources to mature before it’s ready to compete with more established products, but the potential is there. Jericho Security is dedicated to continuous improvement and Expert Insights expects the solution to continue improving over time—both in terms of quality of materials and the scope of its features.

Key Features

Out-Of-The-Box Training Content

Jericho Security’s AI engine, CyberGPT, creates highly customizable, video-based training content on demand. Jericho’s SLA states that it can take 24 hours for the platform to create new content, but we found that it usually takes a maximum of three hours. This means that admins can quickly roll out new training content in response to new or emerging threats in their industry or area.

The platform offers 30 pre-built lessons, covering a variety of topics. Each lesson contains a 90-second – 3-minute video, with most being around the 2-minute mark. 27 of the videos comprise a computerized voice speaking over slides or stock footage, and the remaining three comprise a deepfake voice and face talking, combined with B-roll footage and slides. These three videos follow the same format/script and look much better than the other out-of-the-box training materials; while the synthesized voice may sound a little robotic at times, it does well overall, and the lessons provide sound educational advice without getting too technical for your average end user to understand.

The three deepfake videos also come with a “quiz” that runs through Typeform; however, this quiz only has one question. Overall, the out-of-the-box training content really only covers the surface level of any given topic.

Custom Training Content

Admins can also generate their own custom content by providing a brief description/prompt of what topic the content should cover, along with tags to help categorize the content within the Training Library once it’s generated. Admins can specify whether of not they want a video, what the video should be about, how long it should be, in what language it should be generated, and whether it should have subtitles. Admins can also specify whether they want a quiz related to the video, including how many questions it should have. Jericho Security then sends an email once the custom content has been created.

In our test, we asked the platform to generate a 3-minute video. We were very impressed with the video produced, and the accompanying quiz; it was significantly better quality than the default training content. Instead of just having a computer voice or a talking head like the pre-made training content, our test had a deepfake person talking through it. The only minor issue we had was that the platform didn’t add in the requested tag.

Admins can add content to Training Courses and assign courses to users. We picked up on one issue here; we could only add one piece of training content to a course at a time. Having fed this back to Jericho Security, they plan to enable users to assign multiple pieces of training content at once.

Once training courses are published, they cannot be deleted or edited. Admins can then check on an end users’ progress via the management portal. To get 100% completion, an end user needs to both reach the end of the video and complete the quiz.

Customizable Phishing Simulations

From the management console, admins can either create a template-based campaign, in which the same phishing email is sent to all users, or a dynamic campaign, in which each user receives a unique email at a different time. With a dynamic campaign, the platform automatically escalates difficulty with each simulation based on user performance.

Admins can also choose the type of attack they want their end users to experience: end users are either encouraged to click on a link, click on a link and enter sensitive information (currently in beta), download an email attachment, or click on a link and download an attachment. Reply emails are another feature that is not yet available but currently being developed.

Each type of campaign is highly customizable; admins can specify the email’s pretext, the information that should be mentioned about the target (e.g., their name, job title), who the sender is, and the header and footer (note: there are only five pretext options for emails with an attachment). They can also fine-tune the length and tone formality of the email—this is a particularly nice feature, but could be easy to miss as it’s hidden behind a small “…” button at the bottom of the page, rather than being visibly on the page with the other parameters.

Once the admin has finished customizing, the platform automatically generates a phishing email. Admins can then send it out, or click “Edit” to further tweak it before sending. There isn’t an option to launch emails at a specific time; the launch time must be at least an hour-long window. However, there is an option to send emails immediately.

Jericho Security’s phishing simulations are very easy to create, and highly effective. We tested the generator with a broad range of custom pretext prompts, and it was able to generate realistic emails for all of them—even when the pretext wasn’t strictly business related (e.g., see “lost pet” example below). Looking to the future, the platform’s growing user base will help to scale this technology further by continuing to train the AI model. The platform currently only supports email phishing simulation, but Jericho Security has plans to introduce SMiShing and Vishing simulations later in 2024, alongside the ability for users to reply to simulations, and “in inbox training” that will highlight to users the indicators of attack within simulations.

Report Phishing

Users can report phishing simulations directly through their email client; admins can either integrate the solution with their existing “Report Phishing” button by adding Jericho as an additional place to forward reported emails, or use Jericho’s own Outlook button.
If an end user fails a simulation by interacting with a malicious link or attachment, they’re presented with a webpage that informs them that they clicked on a simulated phishing link, and tells them how to respond correctly in the future. They’re also encouraged to watch a short training video and take a quiz to refresh their learning.

If a user opens an attachment from one of the phishing campaigns, the user is sent an email that tells them they failed the simulation, along with a link to complete the same training video/quiz.

Management And Reporting

Jericho Security offers a modern, user-friendly admin console, from which admins can create and assign training content and phishing simulation campaigns, and access simulation reports. These include executive-level reports—such as monthly campaign reports and quarterly executive summaries—and granular, real-time reports into the progress and performance of individual users and user groups. This makes it easy for admins to provide any statistics that senior management may ask for, as well as identify any “high risk” users that may benefit from further training.

The “Campaigns” page updates automatically when an end user opens, reports, or fails a simulation, and admins can export this information as a CSV file.

Ease Of Use

Jericho Security is very straightforward to deploy. It offers one-click integration with Microsoft 365 and Google Workspace for easy onboarding—for Microsoft 365, the platform uses SCIM to pull users from Azure Entra ID, with support for multiple Azure tenants per organization. Users can also be added manually, by filling in their details in the relevant fields. The platform also offers native integration with Okta for SSO.

Once deployed, the platform’s sleek interface is intuitive and easy to navigate. From the Training Library, admins can access the platform’s default content, their own custom content, request the generation of new custom content, and create training courses. From the Campaigns tab, they can create phishing simulation campaigns and view reports into the progress of their current and historical campaigns.

Best Suited For

We recommend Jericho Security as a strong security awareness training solution for any organization looking to train their users on a broad range of topics, from HR policies to AI governance to cyberthreats. However, while it can be used to deliver content on any topic, Jericho Security is particularly well-suited to organizations prioritizing cybersecurity training, thanks to its ability to create and deliver dynamic, realistic phishing simulations.

Jericho Security makes engaging, dynamic cybersecurity training accessible to SMBs. Many IT teams in smaller businesses don’t have the resources to create phishing simulation campaigns in-house, thus they prefer a managed SAT solution that doesn’t require them to struggle with creating simulation templates. With Jericho Security, this task is simplified and sped up so that even the smallest teams can manage it, enabling them to take control over their own training and easily produce highly personalized, tailored content. Plus, it requires very little effort to deploy.

However, the platform doesn’t only cater to SMBs. Thanks to its in-depth reporting functions, multi-lingual support, ability to create content at scale, and use of real-world threats in its simulations, Jericho Security is also well-suited to larger enterprises with a global user base, that want to deliver training quickly in response to new and emerging security threats.