MainDefense is a team of IT security experts specializing in Cyber Defense, Incident Response, Forensics, Vulnerability Management, and Offensive Security. Our extensive experience in addressing ransomware attacks and the insights gained regarding the initial compromise of companies have often led to the same conclusion: The human element is one of the primary targets of attackers.
We often observed that User Awareness and Anti-Phishing campaigns are frequently self-created or sourced
from training providers whose primary focus typically lies in pedagogy and learning psychology. However,
such training templates seldom reflect the real threat emails that your company is genuinely exposed to.
This is where we step in. Our Threat Intelligence Team actively monitors ransomware groups, collecting current threat emails to use in our campaigns. We do not aim to produce emails with high click rates just to justify our presence in your company.
Learning from real examples, using genuine emails from actual attacks, to proactively prevent ransomware infections and data breaches. That's our mission!
Many awareness providers have their roots in the education sector and focus on extensive training
materials. However, what's often missing is the current expertise to tailor the content to the evolving
We believe this is not enough. With the rapid evolution of attack techniques, many employees struggle to apply what they've learned to actual threat emails.
The most significant learning comes from real threat emails.
That's why at MainDefense, we blend genuine threat intelligence with proven training methods, ensuring the highest level of protection for your company.
Our Threat Intelligence Team actively monitors ransomware groups, collects current attack emails
through our global honeypot network, and analyzes phishing toolkits, including dark web
Phishing-as-a-Service infrastructures. Furthermore, we keep an eye on contemporary threats, such as
AI/ChatGPT phishing, and leverage these insights for our own phishing campaigns.
Our clients range from small to medium-sized enterprises (SMEs) to large corporations in over 26 countries. See for yourself in a
Development, Hosting, and Operations – all from one source. We develop our platform in-house and operate it exclusively in ISO-27001 certified data centers in Germany. We are firmly committed to GDPR compliance and serve many esteemed clients from the critical infrastructure sector, who, just like us, prioritize the highest security standards.
Since 2019, we have exclusively powered our services with 100% renewable energy. But that was just the
beginning for us. Starting in 2022, we've been using self-generated electricity for our heating and
office operations and for charging our electric company vehicles.
At MainDefense, profitability and sustainability are two sides of the same coin. That's why we plant a tree for every contract we close, actively contributing to climate protection and enhancing the quality of life in our region.
Some employees in organizations are particularly exposed and therefore have a high risk of becoming victims of targeted attacks. Examples of these employee groups are management, development, sales and HR. In the above examples, two factors increase the risk. On the one hand, contact data, contact networks and hierarchies of these groups of people are usually publicly accessible. On the other hand, they are worthwhile targets due to their strategic knowledge and budget responsibility. We help you to identify people with a high need for protection and to minimize risks of these employee groups.
Attacker groups constantly change their strategy to bypass technical defenses. For instance, QR Codes are
used to encode malicious URLs, a tactic known as "Quishing". The rapid advancements in Artificial
Intelligence (AI), particularly with technologies like GPT, have broadened the cyber threat landscape.
Attackers leverage these advanced technologies to craft convincing and targeted phishing messages that
even trained eyes often miss.
As soon as we identify new trends, we integrate them into our training campaigns, ensuring your employees are well-prepared for the latest attack techniques - automatically, at no extra cost, without any effort on your part, provided "as-a-service".
Multi-factor authentication (MFA) is considered a crucial measure to protect accounts and data from unauthorized access. However, attackers constantly develop new techniques to overcome even these barriers. With our MFA Phishing Training using EvilProxy, we offer businesses the opportunity to defend against such advanced attack techniques. Our service simulates genuine attack attempts, allowing your employees to learn in a safe environment how these attacks appear and how to recognize them. We also assist in the implementation of phishing-resistant MFA measures.
While discussions about information security usually focus on technical aspects, the human factor is often neglected. It is becoming increasingly apparent that attacks against people are more promising and more effective. By using common attack techniques, we identify vulnerable groups and point out possible attack scenarios.
Your key to comprehensive security awareness with interactive training on our integrated training platform. Whether it's about cyber security, safe remote work practices, or other essential areas – we've got you covered. In addition to the basics of IT security, our platform also provides advanced courses on data protection, compliance, corruption prevention, and occupational safety. Through vivid learning modules, practical examples, and interactive tests, we ensure that your team is always up-to-date and confidently addresses the challenges of the digital world. Invest in knowledge and thereby protect your company from potential risks.
Maybe one or the other already knows the problem? A USB stick is on the parking lot or in front of the
company building. But what to do? Many employees plug the USB stick into the company computer to check
data is stored there or to check who owns the USB stick.
Attackers also use this behavior to gain easy access to the internal company network without having to carry out an elaborate hacker attack. Through targeted simulations and the distribution of USB devices in front of your company site, we make your employees aware of this danger.
Telephone phishing is becoming increasingly popular with attackers. The aim of the attacker is to gain trust through a polite appearance or to create stress through an aggressive manner in order to persuade users to take unusual actions. This can be opening an email, leaking sensitive information, or changing a bank account. We carry out such attacks in your company and then train your employees to reduce the attack vector.
Phishing can also be implemented without electronic data processing. The greater value attributed to letters, as opposed to e-mails, can also be used by attackers to deliberately deceive employees. Invoices and payment requests sent by post repeatedly lead to financial damage in companies, which must be prevented.
63933 Mönchberg, BY, DE
+49 (151) 424 30 264 +49 (151) 407 48 295