Using the Lucky Meter

Lucky Meter is a service that shows your organization's vulnerability to malicious threats that have not been encountered before. It uses the freshest in-the-wild cyber attacks (instead of simulated threats) to continuously test your email defenses. The service generates a report that enables you to assess how well your current email security solution is protecting your organization against malware and phishing attacks in real time. Essentially, Lucky Meter illustrates what would have happened if your organization was attacked and did not have Datto SaaS Defense implemented.

You need to add the Lucky Meter service separately for each client desired. Here are the specific requirements:

  • A unique test email address, preferably a shared mailbox, for each client.
  • The test email address must have a Microsoft license.
  • The test email address must be protected by Datto SaaS Defense.

IMPORTANT  It is critical that a test email address is created. Do not use a currently active organizational email address as this could expose your organization to a malicious attack. The purpose of Lucky Meter is to show you the threats sent by Datto that are getting past your current email security solution. To do so, Saas Defense is not blocking or quarantining these threats. Therefore, do not open any emails in the "test" email inbox.

To add the Lucky Meter service to a client:

  1. For the applicable client record, in the Services column, click the View Services tile.
  2. Click the Lucky Meter icon.
  3. Read the service description.
  4. At the bottom of the page, click Start.
  5. In the Enter a test email address for the client field, enter an email address that can be used for testing purposes. Do not use a currently active organizational email address as this could expose your organization to a malicious attack.
  6. Click Authorize. An email is sent to the test email address to verify it is valid.
  7. A message is displayed stating Lucky Meter was added successfully. Click Continue.
  8. The Lucky Meter service tile is added to the client's services.
  9. Click the tile to display the Lucky Meter Feed information collected during the client's activation period. The chart indicates the number of attacks that were missed by your existing email security solution. Hover over a bar in the chart to display the number of missed attacks that day.

NOTE  Client access to the Lucky Meter service expires when the service has been active for the client for 60 days or the number of missed email attacks received by the client reaches 300, whichever occurs first. If desired, the service can be reactivated by following the steps in the Lucky Meter usage limits section.

NOTE  If attempts to send attacks to the client's test email address fail, the Lucky Meter Feed page displays a message indicating such. It is advised you verify that the test email address is correct and available. Also, the Lucky Meter tile includes an Unavailable notification.

The Lucky Meter report, available on the Reports page, provides a deeper dive into attack results. The top of the report displays the time frame over which the data was collected. Information is conveyed in two sections.

  • Quick Summary: Displays the total number of first sent attacks, the number of those attacks that got passed your existing email security solution and the number that were blocked, as well as the number of malware and phishing attacks for each.
  • Miss Rate Trend: Graphically illustrates the number of attacks that were sent and the number of attacks missed by your existing email security solution.

NOTE  For information about the specific threats that were sent, in your test email mailbox, copy the filename in the particular email and submit it at www.virustotal.com.

Perform the following steps to generate a Lucky Meter report:

  1. On the Main menu, click Reports.
  2. On the Reports page, click the Lucky Meter report.
  1. At the top of the page, click Clients.
  2. Select the check box for the client(s) for which you want the report created. You can only select clients for which you have added the Lucky Meter service.
  3. By default, the report is based on data from the last eight days (including the current day). To designate a different time frame, click the Calendar tool. Select the date range for which the report should apply. For more information, see the Article: Using the Calendar tool.
  4. Click Download. The report is available in the directory to which your browser downloads files.

The Lucky Meter service tracks the incoming threats that are missed by your organization's current security solution, thus proving the value of Datto SaaS Defense. Because the service is designed to be used temporarily, access expires for a client when one of the following usage limits is reached:

  • The service has been active for the client for 60 days.
  • The number of missed email attacks received by the client reaches 300.

These thresholds offer the optimum time period for analyzing the security of a newly onboarded client.

To help you track a client's use of Lucky Meter, the Service info section on the Lucky Meter Feed page lists the following:

  • Added on: The date on which the service was activated or reactivated for the client.
  • Added to Client: The name of the client for which Lucky Meter was added.
  • Email to Attack: The test email address for which the attacks are sent.
  • Attacks count: The total number of missed attacks sent by Datto within the activation period.

When the service becomes unavailable for a client, Expired is listed within the Lucky Meter tile in the client's Services column.

The Lucky Meter Feed page identifies the usage limit the client has reached. A link to the Reports page is provided so you can still download comprehensive threat activity reports, even after the activation period has ended.

You can reactivate the Lucky Meter service for the client using the Reactivate Lucky Meter button. The service can be reactivated as many times as desired using the same email address or you can designate a different one. The same usage limits apply for each reactivation.

While the service is expired, the chart continues to display the number of missed attacks while the service was active.

NOTE  The service permits a maximum of 50 attacks per day.

To reactivate the Lucky Meter service for a client:

  1. On the Clients page, click the Lucky Meter tile. The Lucky Meter Feed page indicates the usage threshold the client has reached.
  2. If you want to reactivate the service for the client using the same test email address:
    1. Click Reactivate Lucky Meter.
    2. On the reactivation page, click Authorize.
  3. If you want to reactivate the service for the client using a different test email address, delete the client's Lucky Meter service and add it again using the desired test email address:
    1. Click Reactivate Lucky Meter.
    2. On the reactivation page, click Remove Lucky Meter.
    3. Perform the steps to add the Lucky Meter service to the client.

IMPORTANT  For issues viewing Lucky Meter data or creating reports, contact support.