Our Frequently Asked Questions

Do you have a question? We are here to help!

What makes Planck unique?

Planck is the only phishing protection and email security solution that follows Zero Trust principles and is easy to operate.

Other solutions rely on centralized systems. These need to be operated by either you or a third party who must be trusted not to access your data. Additionally, third-party systems could fail or, even worse, be compromised.

While still providing the ability to apply controlled centralized rules and configuration, planck Secure Email operates fully distributed security. It works through a simple endpoint plugin or mobile app. No data leaves your device. No external system is there to be compromised.

How is Planck better than my current phishing protection and email security solution?

Your current phishing protection solution likely falls within one of three categories.


Content filtering

This means inspecting every incoming email for potential threats. While content inspection technology improves over time, the sophistication of attacks follows the same improvement path and becomes ever more difficult to detect.

Too strict inspection and filtering rules would also hinder the ability of the employees to use their email effectively. This means that rules must be relaxed, compromising security.

As a result, only some attacks are detected by content filtering.


Phishing awareness training

Phishing and data breaches are often first triggered by human mistakes. Employee training can go a long way toward protecting your organization from such errors.

However, training alone may also cause unnecessary stress for every incoming email, especially when not supported by tools giving specific guidance and certainty. As reported by some of our clients, some employees would not even open links to further education material. At the same time, less mindful employees still clicked on malicious links.

 

Alternative secure email

Some email providers focus on providing additional functionality to strengthen the security of your email, such as the possibility to encrypt communication.

However, you need to migrate your whole mailbox to a new provider, start using new tools, and integrate again with your infrastructure where possible. You may also lose access to your email client add-ons.

These providers need to be trusted to manage your security. Despite claiming they won’t access your data, third-party systems could fail or, even worse, be compromised.

Security features such as encryption are also often unavailable to use when communicating with people who do not use the same provider, and adopting the provider isn’t as simple as installing a plugin to your existing email.

 

Planck

Despite the vast majority of businesses applying one or more of these solutions, most of the same companies report successful attacks year after year.

Planck, on the other hand, gives you complete certainty of the sender’s identity every single time, not only sometimes.

It gives employees certainty of their trusted network and peace of mind when using their email. Content from a known contact can be trusted, while only content from new contacts requires additional care.

It works by adding a simple plugin to your mail client. Employees keep communicating with their contacts as they always do, just in a more secure way.

It operates fully distributed security. No data leaves your device. No external system is there to be compromised. Even if an attacker manages to compromise one device, they can’t spread further within the organization.

Does Planck replace content filtering, phishing awareness training, and other anti-phishing measures?

While Planck provides a complete and easy-to-use phishing protection and email security solution, it can be effectively combined with other security layers.

 

Planck + content inspection and filtering

One of the limitations of content inspection, when used as a standalone tool, is that too strict inspection and filtering rules would hinder the ability of the employees to use their email effectively. This means that rules must be relaxed, compromising security.

However, Planck allows you to distinguish emails from trusted contacts, yet-to-be-trusted contacts, and contacts who had been trusted and have been compromised. This allows you to implement highly protective rules for yet-to-be-trusted or compromised contacts. For example, you may block emails coming from compromised contacts. You may also deactivate attachments and links from yet-to-be-trusted contacts. At the same time, you may leave more relaxed rules in place when emails come from a certainly trusted contact. This will limit the impact on productivity and user experience.

Note that, thanks to Planck's Secure Inspection Gateway, you can apply your existing content inspection logic to all incoming emails, even to those that are encrypted end-to-end.

 

Planck + employee awareness

planck Secure Email provides users with a clear visual indication of the trust status of each email.

Emails are clearly marked as trusted when coming from a known sender with which trust has been established. Employees can communicate with all their usual contacts free of stress and continuous fear of a possible attack.

We suggest integrating planck Secure Email into your training program. Users will learn how to treat emails marked as dangerous and suspicious by planck Secure Email.

By adopting a simple and effective security solution, you can multiply the results of your training program.

How exactly does Planck protect against phishing attempts?

Planck establishes an identity trust layer on top of the existing email authentication, allowing you to accurately distinguish trusted contacts from malicious contacts trying to impersonate a trusted contact.

Communication from malicious contacts is clearly marked as dangerous and is blocked, preventing phishing at the source.

On top of that, Planck implements Zero Trust distributed security. Even if a communication partner’s account is compromised, their identity cannot be used to send malicious content on their behalf and initiate lateral movement within the organization.

How does Planck implement end-to-end encryption and protect against data theft?

Unlike other solutions that claim to provide end-to-end encryption, Planck uses asymmetric cryptography and implements true end-to-end encryption with a Zero Trust architecture.

Your private key never leaves your device and is not stored on any remote server. Key exchange occurs only between you and your communication partners, without a central actor managing your trust.

The whole content of every email (including subject, headers, and attachments) is encrypted by the local plugin before leaving your device and is decrypted only when it reaches your contact’s device. Emails are sent to your email server or provider already encrypted, which means even they cannot read them.

What is “TOFU”?

TOFU means Trust On First Use.

It is a security principle that allows you to exchange cryptographic keys by simply communicating with them via email, as opposed to exporting and importing keys manually or through a third-party service.

As soon as you install the plugin, your public key will be sent together with outgoing emails. As soon as your contacts receive an email, they can already send you back an encrypted communication.

Can I send secured emails to email groups and multiple recipients?

Yes. Planck supports both individual identities and group identities.

Can I access encrypted emails from multiple devices?

Yes. Planck implements a secure key exchange protocol via the standard email channel. This allows you to synchronize keys across multiple devices without relying on a centralized instance. Your configuration controls which devices are synchronized.

By synchronizing your encryption keys, you will be able to access, read, and compose encrypted emails from all your devices.

Can I scan encrypted emails for viruses or malware?

Yes. Planck's Secure Inspection Gateway gives you the option to attach dedicated read-only keys to every email and to route every email through your gateway of choice.

The gateway will be able to read, inspect, and store the content of the emails. However, even if compromised by an attacker, the gateway will not be able to alter the encrypted emails injecting malicious content, nor to spoof the sender’s identity.

Can I log the content of encrypted emails which my organization sends, for example for regulatory compliance purposes?

Yes. Planck's Secure Inspection Gateway gives you the option to attach dedicated read-only keys to every email and to route every email through a secure gateway which you can install in your own on-prem or cloud infrastructure.

The gateway will be able to read, inspect, and store the content of the emails. However, even if compromised by an attacker, the gateway won’t be able to alter the encrypted emails injecting malicious content, nor to spoof the sender’s identity.

Can I manage certain tasks centrally?

At Planck Security we are very careful with excessive centralization since it has the potential to break Zero Trust principles and expose the organization to unnecessary risk. At the same time, we work with our enterprise clients to fully cover their requirements in terms of control and audit.

For example, Planck's Secure Inspection Gateway allows you to centralize content inspection and archiving without breaking end-to-end encryption and identity trust.

Integration to your MDM enables you to automate the deployment of planck Secure Email to your organization. This includes both the Outlook Plug-In and the iOS and Android applications.

The centrally managed deployment optionally include extra keys provisioning for the Secure Inspection Gateway.

Additionally, admins can distribute keys through GPO or MDM, reset keys, and mark a device as lost or compromised remotely.

Can I send secure emails to contacts outside my organization?

Yes, you have many ways to communicate securely with people outside your organization.

External collaborators can install Planck free of charge and communicate with you.

They can also communicate with you using a PGP or S/MIME compatible solution.

You can alternatively encrypt the confidential data in a file with Planck's file explorer plugin and send it as an attachment in a standard email.

Additionally, we are working on the possibility to send and receive secure emails with external contacts even if they are not yet Planck users, through a simple link to a secure web application which won’t require installing any application.

Remember: you will still be able to send standard emails from your current email client, which means there is no disruption to your external communication.

Can I send secure emails to contacts who do not use Planck?

Yes, you can send secure emails to contacts who use compatible solutions, such as PGP and S/MIME. Due to the limitations of PGP and S/MIME, certain operations such as key exchange may need to be performed manually.

Additionally, we are working on the possibility of sending and receiving secure emails with external contacts even if they are not yet Planck users, leveraging an optional secured web application.

Is Planck compatible with PGP and S/MIME?

Yes, Planck is fully compatible with PGP and S/MIME.

Due to the limitations of PGP and S/MIME, certain operations such as key exchange may need to be performed manually.

In fact, you can use Planck to replace your existing PGP or S/MIME client.

What happens if an attacker takes control of a device on which Planck is installed?

When a device is compromised, stolen, or lost, the user initiates a key reset. Enterprise customers are able to initiate a key reset through MDM, effectively isolating the compromised device.

This prevents anyone coming into possession or control of the device from sending malicious emails impersonating the victim and eavesdropping on any further communication.

It has to be noted that a compromised device using Planck leads to a significantly reduced impact compared to a traditional setup. The loss of a device and even a full takeover following an attack are typically detected in minutes. On the other hand, the average time to detect attacks on a central server, or to detect stolen access credentials to a secure email service, is in the range of hundreds of days. Without planck Secure Email, attackers have enough time to sit on the device, expand their control, and steal additional data.

What happens if I lose my private key?

Losing your device or having it stolen puts you at risk of losing your private key, which is stored only locally, in accordance with Zero Trust principles. Losing every copy of your private keys would mean losing access to all the previously encrypted emails, as well as the ability to send secure emails to those contacts with which you had exchanged your public key.

However, Planck supports synchronizing keys across multiple devices without relying on a centralized instance.

By synchronizing your encryption keys, you will be able to access, read, and compose encrypted emails from all your devices.

This also allows each device to act as a backup for your encryption keys. If one device is lost, it’s possible to recover the key using one of the other devices in the sync group.

Additionally, you can export your encryption keys and store them in any secure space. This will allow you to import them to a new device.

Can I encrypt files other than email attachments?

Yes, Planck allows for the encryption of files directly from your operating system’s file explorer.

You can define who will be able to decrypt the file: only yourself, one of your contacts, or a group of contacts.

Once encrypted, the file can be safely archived or shared on any channel, such as a cloud storage solution, file transfer, or messaging solution.

What is the difference between encrypting a file and sending it as an encrypted attachment?

When you encrypt a file with Planck's file encryption plugin, you can define who will be able to decrypt it, regardless of the channel that is used to transfer the file. The recipient will need to decrypt the file using Planck's plugin or a compatible tool. If the same file is forwarded to someone else, this third party won’t be able to decrypt it without the recipient’s private key.

Files that are attached to your emails are also encrypted by Planck's email plugin using the public key of your recipients. However, if the recipient uses Planck's plugin, the file will be decrypted automatically by their email client and displayed to the user. If the email is forwarded, the new recipient will be able to access the file.

If you want to prevent your recipient from accidentally forwarding your file to someone else, you can encrypt the file and then attach it to your emails, or share it through any other channel. Of course, your recipients may decide to manually decrypt and forward the file. However, this won’t happen automatically.