Do you have a question? We are here to help!
planck Secure Email is the only phishing protection and email security solution that follows Zero Trust principles and is easy to operate.
Other solutions rely on centralized systems. These need to be operated by either you or a third party who must be trusted not to access your data. Additionally, third-party systems could fail or, even worse, be compromised.
While still providing the ability to apply controlled centralized rules and configuration, planck Secure Email operates fully distributed security. It works through a simple endpoint plugin or mobile app. No data leaves your device. No external system is there to be compromised.
Your current phishing protection solution likely falls within one of three categories.
This means inspecting every incoming email for potential threats. While content inspection technology improves over time, the sophistication of attacks follows the same improvement path and becomes ever more difficult to detect.
Too strict inspection and filtering rules would also hinder the ability of the employees to use their email effectively. This means that rules must be relaxed, compromising security.
As a result, only some attacks are detected by content filtering.
Phishing and data breaches are often first triggered by human mistakes. Employee training can go a long way toward protecting your organization from such errors.
However, training alone may also cause unnecessary stress for every incoming email, especially when not supported by tools giving specific guidance and certainty. As reported by some of our clients, some employees would not even open links to further education material. At the same time, less mindful employees still clicked on malicious links.
Some email providers focus on providing additional functionality to strengthen the security of your email, such as the possibility to encrypt communication.
However, you need to migrate your whole mailbox to a new provider, start using new tools, and integrate again with your infrastructure where possible. You may also lose access to your email client add-ons.
These providers need to be trusted to manage your security. Despite claiming they won’t access your data, third-party systems could fail or, even worse, be compromised.
Security features such as encryption are also often unavailable to use when communicating with people who do not use the same provider, and adopting the provider isn’t as simple as installing a plugin to your existing email.
Despite the vast majority of businesses applying one or more of these solutions, most of the same companies report successful attacks year after year.
planck Secure Email, on the other hand, gives you complete certainty of the sender’s identity every single time, not only sometimes.
It gives employees certainty of their trusted network and peace of mind when using their email. Content from a known contact can be trusted, while only content from new contacts requires additional care.
It works by adding a simple plugin to your mail client. Employees keep communicating with their contacts as they always do, just in a more secure way.
It operates fully distributed security. No data leaves your device. No external system is there to be compromised. Even if an attacker manages to compromise one device, they can’t spread further within the organization.
While planck Secure Email provides a complete and easy-to-use phishing protection and email security solution, it can be effectively combined with other security layers.
One of the limitations of content inspection, when used as a standalone tool, is that too strict inspection and filtering rules would hinder the ability of the employees to use their email effectively. This means that rules must be relaxed, compromising security.
However, planck Secure Email allows you to distinguish emails from trusted contacts, yet-to-be-trusted contacts, and contacts who had been trusted and have been compromised. This allows you to implement highly protective rules for yet-to-be-trusted or compromised contacts. For example, you may block emails coming from compromised contacts. You may also deactivate attachments and links from yet-to-be-trusted contacts. At the same time, you may leave more relaxed rules in place when emails come from a certainly trusted contact. This will limit the impact on productivity and user experience.
Note that, thanks to planck Secure Inspection Gateway, you can apply your existing content inspection logic to all incoming emails, even to those which are encrypted end-to-end.
planck Secure Email provides users with a clear visual indication of the trust status of each email.
Emails are clearly marked as trusted when coming from a known sender with which trust has been established. Employees can communicate with all their usual contacts free of stress and continuous fear of a possible attack.
We suggest integrating planck Secure Email into your training program. Users will learn how to treat emails marked as dangerous and suspicious by planck Secure Email.
By adopting a simple and effective security solution, you can multiply the results of your training program.
planck Secure Email establishes an identity trust layer on top of the existing email authentication, allowing you to accurately distinguish trusted contacts from malicious contacts trying to impersonate a trusted contact.
Communication from malicious contacts is clearly marked as dangerous and is blocked, preventing phishing at the source.
On top of that, planck Secure Email implements Zero Trust distributed security. Even if a communication partner’s account is compromised, their identity cannot be used to send malicious content on their behalf and initiate lateral movement within the organization.
Unlike other solutions that claim to provide end-to-end encryption, planck Secure Email uses asymmetric cryptography and implements true end-to-end encryption with a Zero Trust architecture.
Your private key never leaves your device and is not stored on any remote server. Key exchange occurs only between you and your communication partners, without a central actor managing your trust.
The whole content of every email (including subject, headers, and attachments) is encrypted by the local plugin before leaving your device and is decrypted only when it reaches your contact’s device. Emails are sent to your email server or provider already encrypted, which means even they cannot read them.
TOFU means Trust On First Use.
It is a security principle that allows you to exchange cryptographic keys by simply communicating with them via email, as opposed to exporting and importing keys manually or through a third-party service.
As soon as you install the plugin, your public key will be sent together with outgoing emails. As soon as your contacts receive an email, they can already send you back an encrypted communication.
Yes. planck Secure Email supports both individual identities and group identities.
Yes. planck Secure Email implements a secure key exchange protocol via the standard email channel. This allows you to synchronize keys across multiple devices without relying on a centralized instance. Your configuration controls which devices are synchronized.
By synchronizing your encryption keys, you will be able to access, read, and compose encrypted emails from all your devices.
Yes. planck Secure Inspection Gateway gives you the option to attach dedicated read-only keys to every email and to route every email through your gateway of choice.
The gateway will be able to read, inspect, and store the content of the emails. However, even if compromised by an attacker, the gateway will not be able to alter the encrypted emails injecting malicious content, nor to spoof the sender’s identity.
Yes. planck Secure Inspection Gateway gives you the option to attach dedicated read-only keys to every email and to route every email through a secure gateway which you can install in your own on-prem or cloud infrastructure.
The gateway will be able to read, inspect, and store the content of the emails. However, even if compromised by an attacker, the gateway won’t be able to alter the encrypted emails injecting malicious content, nor to spoof the sender’s identity.
Yes, you have many ways to communicate securely with people outside your organization.
External collaborators can install planck Secure Email free of charge and communicate with you.
They can also communicate with you using a PGP or S/MIME compatible solution.
You can alternatively encrypt the confidential data in a file with planck Secure File and send it as an attachment in a standard email.
Additionally, we are working on the possibility to send and receive secure emails with external contacts even if they are not yet planck Secure Email users, through a simple link to a secure web application which won’t require installing any application.
Remember: you will still be able to send standard emails from your current email client, which means there is no disruption to your external communication.
Yes, you can send secure emails to contacts who use compatible solutions, such as PGP and S/MIME. Due to the limitations of PGP and S/MIME, certain operations such as key exchange may need to be performed manually.
Additionally, we are working on the possibility of sending and receiving secure emails with external contacts even if they are not yet planck Secure Email users, leveraging an optional secured web application.
Yes, planck Secure Email is fully compatible with PGP and S/MIME.
Due to the limitations of PGP and S/MIME, certain operations such as key exchange may need to be performed manually.
Note that, in fact, you can use planck Secure Email to replace your existing PGP or S/MIME client.
When a device is compromised, stolen, or lost, the user initiates a key reset. Enterprise customers are able to initiate a key reset through MDM, effectively isolating the compromised device.
This prevents anyone coming into possession or control of the device from sending malicious emails impersonating the victim and eavesdropping on any further communication.
It has to be noted that a compromised device using planck Secure Email leads to a significantly reduced impact compared to a traditional setup. The loss of a device and even a full takeover following an attack are typically detected in minutes. On the other hand, the average time to detect attacks on a central server, or to detect stolen access credentials to a secure email service, is in the range of hundreds of days. Without planck Secure Email, attackers have enough time to sit on the device, expand their control, and steal additional data.
Losing your device or having it stolen puts you at risk of losing your private key, which is stored only locally, in accordance with Zero Trust principles. Losing every copy of your private keys would mean losing access to all the previously encrypted emails, as well as the ability to send secure emails to those contacts with which you had exchanged your public key.
However, planck Secure Email supports synchronizing keys across multiple devices without relying on a centralized instance.
By synchronizing your encryption keys, you will be able to access, read, and compose encrypted emails from all your devices.
This also allows each device to act as a backup for your encryption keys. If one device is lost, it’s possible to recover the key using one of the other devices in the sync group.
Additionally, you can export your encryption keys and store them in any secure space. This will allow you to import them to a new device.
