Release Notes

Make sure you're always informed about the latest product enhancements, updates, and improvements happening at INFIMA Security.

Schedule RefresherContact Support

INFIMA Security Inc. © 2024. All rights reserved.

Enhanced Training Administration

We've completely redesigned the training administration page to give partners unprecedented control over their clients' security awareness training programs:

  • Custom Curriculum Management: Partners can now directly modify and customize training curriculums for each client organization without submitting support tickets. This self-service capability dramatically reduces wait times and gives you immediate control over your clients' training programs.

  • Granular User and Group Overrides: Implement different training curriculums for specific users or groups within the same organization. This flexibility allows you to:

    • Assign specialized training to high-risk departments
    • Provide role-specific security education
    • Accommodate varying compliance requirements across teams
    • Schedule different training cadences for different user groups

  • One-Off Course Injection: Quickly address immediate training needs by injecting individual courses at any level:

    • Company-wide for organization-wide security incidents or policy changes
    • Group-specific for targeted department training
    • Individual users for remedial or specialized training

    This feature enables rapid response to emerging threats or client-specific training requests without disrupting existing curriculum schedules.

These enhancements empower partners to deliver more responsive, customized security awareness training that adapts to each client's unique needs and risk profile.

For detailed instructions on using these new features, please refer to our Training Administration Guide.

Platform Enhancements and New Features

We've rolled out several powerful updates to enhance your security awareness training experience:

  • Enhanced Report Phishing Button: The phishing report button now provides improved feedback and tracking capabilities, making it easier for end users to report suspicious emails and for administrators to track reporting metrics and user engagement.

  • Sent Emails Tracking: New functionality that allows administrators to view and track all phishing simulation emails sent from the platform. This feature provides complete visibility into campaign delivery and helps troubleshoot any delivery issues.

  • User Sync Improvements: We've separated and enhanced our user synchronization capabilities with dedicated support for:

    • Google Groups synchronization with improved group filtering
    • Google Organizational Units (OU) synchronization for hierarchical user management
    • Office 365 Groups synchronization with better error handling

    These improvements make it easier to keep your user base synchronized and reduce manual administration overhead.

  • Streamlined User Management: Enhanced user addition workflows with better validation and clearer feedback when adding users manually or through automated synchronization, reducing errors and saving administrative time.

Enhanced Phishing Simulation Management

We've introduced several enhancements to give you better control and visibility over your phishing simulation campaigns:

  • Mark as Not Clicked: Administrators can now manually remove false positive clicks from phishing simulation results. This feature helps maintain accurate reporting when users accidentally trigger click tracking without actually falling for the simulated phish.

  • External Phishing Header Insertion: Added support for automatic header insertion in phishing simulations to help identify and track external phishing attempts. This enhancement improves campaign tracking and provides better integration with email security gateways.

  • Improved Google Workspace Integration: Updated our Google OAuth scopes and group synchronization capabilities to provide more reliable user management and smoother integration with Google Workspace environments.

These updates strengthen your ability to run effective phishing simulations while maintaining accurate metrics and seamless integration with your existing infrastructure.

Learning Portal

Introducing our new learning portal that empowers users to take control of their training journey and required compliance:

  • Take Training Courses: The portal displays required training courses and highlights overdue assignments, allowing users to self-manage their training progress without administrator intervention.

  • Track Course Progress: Easily monitor completed courses and generate professional certificates of completion to showcase your achievements.

  • Leaderboard Feature: Foster healthy competition within your organization by tracking top performers. See who’s leading the way in completing training and improving their cybersecurity skills.

For detailed information on the learning portal, please refer to our updated Knowledge Base.

Platform improvements and infrastructure updates

We're excited to announce several improvements to make your security training program more effective:

  • Custom Phishing Email Addresses: You can now customize the sender address for phishing simulations, enabling better integration with GCC High environments. This gives you more control over your phishing campaigns and helps maintain consistency with your organization's email patterns.

  • Enhanced Browser Support: We've expanded our phishing simulation capabilities to properly detect and score false clicks in Brave browsers. This ensures accurate reporting regardless of your users' preferred browsers.

  • Clearer Training Status Reports: We've redesigned the training reports to highlight what matters most:

    • Easily identify which courses are approaching their due dates
    • Quickly spot overdue courses that need immediate attention
    • Get a more intuitive overview of your team's training progress

  • Improved Group Management: Behind the scenes, we've optimized how training and phishing campaigns work with groups, making it easier to manage security awareness training for different teams within your clients.

Dashboard: Client page and API updates

We've rolled out improvements to help you better manage and monitor your security training program:

  • Client Wide Risk Scoring: Get a clearer picture of your clients's security posture with our improved risk scoring system. This helps you identify clients that need immediate attention and track improvements over time.

  • Active Status Monitoring: Easily see which client's have training and phishing inactive or active.

  • Improved Training Status Visibility: We've redesigned how user training status is displayed, making it simpler to track progress and identify users who may need additional support.

  • Real-Time Results Dashboard: Monitor training completion and phishing test results as they happen, allowing you to respond quickly to your team's performance.

API Enhancements

We've made two significant improvements to our API capabilities:

  • Advanced Reporting Filters: Our reporting API now supports filtering by client organizations, making generating reports easier.

  • Phishing Management: A new REST API endpoint enables programmatic sending of phishing emails, perfect for organizations looking to automate their security testing processes.

Administrative Controls

Administrators can now manually mark courses as complete for users, providing more flexibility in managing training progress and handling special circumstances.

Dashboard: Training page updates

We've added a new details page that provides a comprehensive view of all courses completed by your users. This enhancement gives you better visibility into your team's training progress and achievements.

We've also streamlined the training invite process by consolidating it into a single tab. This new interface makes it easier to manage invitations, allowing you to efficiently send training invites to either an entire client organization or select specific users.

There's also been a lot more done under the hood to improve the dashboard user experience. Keep a look out for more updates to the training page in the coming weeks.

Access historical reports

Historical reporting allows you to access reports previously generated. These reports provide insight into past performance and can be used to track progress over time.

You can access historical reports from the Reports page. Select the report you would like and it will be sent to your inbox.

For detailed information on how to access these reports, please refer to our updated Knowledge Base.

Course completion certificates and reverse a failed phish

Sometimes users want a proof they've completed a course. We've added a button to the end of every training course that generates a PDF certificate. When a user successfully completes a course, they can click the button to get a certificate in their inbox.

Reverse a failed phishing test

One of our most common support requests is to reverse the results of a simulated phishing test. Often it's a user testing the platform or a tech that inadvertently clicks on a simulated phishing email they got forwarded.

We've added a button directly into the dashboard that allows an admin to reverse the results of a simulated phishing test. Simply click the button on the Phishing Details page to reverse the results.

New knowledge base and API updates

We're excited to announce the launch of our new knowledge base! This comprehensive resource is designed to make running your security awareness training program even easier.

Our new knowledge base is a centralized hub for all the information you need to make the most of our platform. It includes:

  • Detailed product documentation
  • Step-by-step guides for common tasks
  • Best practices for implementation
  • Frequently asked questions and troubleshooting tips

This resource will help you quickly find answers to your questions, streamline your workflow, and maximize the value you get from our services.

Reports available via API

All generated reports are now accessible through our API. This includes the monthly reports, executive summaries, user risk reports, phishing campaign results, and training completion statistics.

For detailed information on how to access these reports via API, including endpoints, authentication, and response formats, please refer to our updated API documentation.

If you have any questions or need assistance integrating these new API features, don't hesitate to reach out to our support team.

Excel attachment for easier reconciliation

In addition to the standard PDF invoice, you'll now receive an Excel file containing the same invoice data. This Excel version offers several benefits:

  • Easy import into accounting software
  • Simplified data analysis and manipulation
  • Quicker reconciliation of accounts

Classic monthly report returns

Based on Partner feedback we are reverting back the Classic Monthly Report as the default option. If you want to go back to the Classic Monthly Report, there's no action on your part.

Partners will have the option to choose from the Classic report, new Executive Summary, and any combination of our other reports. Reporting can be customized at the Partner level and at the client level.

Loom Explainer

Customize monthly report content

Have a client that wants every detail for how their SAT program is going? This feature is for you. Configure which reports should be included in the monthly report emails that are sent on the first of every month.

Customizations can be set globally at the Partner level or individually at the client level. Click on the Monthly Report tag under Settings to make your choices.

Loom Explainer

Improvements

  • Added capability to customize which reports are sent monthly to clients.
  • Added new monthly reporting roll up page to Partner Dashboard.
  • Fixed a bug where phishing emails were not reported correctly when reported on an iPad.

User risk scoring

Introducing a way to simplify QBR discussions with your clients -- a User Risk Credit Score. Available via dashboard and PDF report.

The User Risk Credit Score measures each individuals cyber risk akin to a financial credit score. It evaluates employees' cyber readiness based on completed training courses and resilience to phishing attacks.

Improvements

  • Added Risk Score page to Client Dashboard.
  • Created User Risk Report to correlate with new dashboard page. Accessible under the Reports page.
  • Minor Dashboard cleanup tasks.

False clicks prevented counter

This was a fun project to showcase how large the problem of false clicks becomes if not mitigated by your Security Awareness Training vendor. You can checkout the counter at infimasec.com/false.

What are false clicks? Today's email security products scan emails to protect users against malicious links. Unfortunately this causes "false clicks" which make it look like users clicked on a simulated phishing email. This derails user trust in a security program.