Symbol Security Service Descriptions

The Symbol Security SaaS Platform (“Platform”) provides a suite of cyber awareness, policy management, and threat alerting services. The scope and functionality of these services are defined below.

1. SymbolSecure PRO (Phishing & Training)

SymbolSecure PRO is a Software as a Service (SaaS) offering that enables organizations to assess risk by testing and training users against simulated cyber threats.

• Simulated Phishing Engine: A centralized tool allowing Administrators to select templates from public or private libraries and execute customized phishing simulations.
• Report A Phish Button: A specialized add-in for supported email clients that automatically differentiates between Symbol simulations and real-world threats, providing immediate in-platform recording for simulations and routing non-simulation emails to the designated security team for review.
• Security Awareness Training: Access to a library of video-based training courses, delivered via a gamified Student Portal that tracks progress (start, in-progress, completion) in real-time.
• Corporate Cyber Risk Scoring: A proprietary algorithm that aggregates phishing performance and other factors to assign a relative risk score. This score serves as an internal measurement tool and is not a guarantee of financial risk accuracy.
• Dynamic Remedial Training (Smart Training): Automated assignment of specific remedial training based on a user’s performance in a phishing simulation.
• Symbol Inbox Deliver (SID): Allows for the API delivery of simulated phishes and transactional messages into the inboxes of certain email platforms like Microsoft 365 and Google Workspace, avoiding the traditional email flow route.

2. Policy PRO

Policy PRO facilitates the distribution and tracking of critical IT Security Policies.

• Document Management: Policies may be uploaded as .PDF files or created using the Platform’s internal policy editor.
• Electronic Signatures: Captures legally binding electronic signatures from Users.
• Note: The platform supports capturing legally binding electronic signatures from individual Users.
• Targeted Distribution: Policies can be assigned based on pre-established user categories, similar to training assignments.
• Policy Assessments: Allows Administrators to create mandatory, multiple-choice or true/false comprehension quizzes (Assessments) to ensure user understanding before or after policy signing.

3. Domain & Email Threat Alerting

This service monitors surface, deep, and dark web sources to notify organizations of credential theft and domain-related risks.

• Email Threat Alerts: Continuous monitoring for corporate email addresses appearing in data breaches, providing historical data (up to 7 years) and proactive notifications. Users can acknowledge username/password changes via a dedicated workflow.
• Domain Threat Alerts: Awareness of rogue variant domains mimicking the Customer’s domain, including:
• Typosquatting/Transposition: Common misspellings or character swaps.
• Bitsquatting: Domains differing by a single bit-flip.
• Additions/Omissions: Unauthorized insertion or removal of characters.
• Cyber Threat Surveillance: Daily searches of internet sources returning “Result Content”. Findings are categorized by “Negativity Ratings” to assist in prioritization.

4. Managed Support Services

For an additional fee, Symbol provides Managed Services to remove the administrative burden of training from the Partner.

• Design Services: Creation of training launch plans, communication documents, and schedules.
• Execution Services: Management of user uploads (.CSV or LDAP sync), execution of phishing simulations, and assignment of training videos.
• Reporting: Monthly assembly and delivery of performance reporting materials.

5. Platform Integrations and Automations

• User Synchronization: Provides integration with M365 for automatic user and group synchronization.
• Single Sign-On (SSO): Support for secure user authentication via configured Single Sign-On providers.
• Symbol API Access: Provides documented API endpoints for partners and customers to automate administrative tasks and export data.

6. Platform Limitations and Disclaimers

• Whitelisting Responsibility: Successful delivery of simulation emails may require Administrators to adjust internal email security and server settings. Please consult documentation within Symbol’s Knowledge base.
• Result Content Disclaimer: Symbol is not responsible for the content of search results from the surface, deep, or dark web, which may contain sensitive, explicit, or non-public information.
• User Definition: A "User" is defined as any email address loaded into the Platform and appearing in the ‘Users’ Section. For Customers and Resellers operating on a metered model, Billing is based on Users present in the Users Section (and billed according to the High-Water Mark) rather than any metric of usage.

CONTACT INFORMATION.

If you have any questions about our Privacy Policy, please contact us at: support@symbolsecurity.com