Project Overview
The project aimed to develop a SaaS platform designed to prevent phishing attacks. Built with a multi-tenant architecture, the platform offers a scalable and secure solution for corporate organizations of all sizes, each with a separate environment.
The platform empowers businesses to proactively protect themselves by training employees to identify and prevent phishing attacks, fostering a culture of cybersecurity awareness.
- Client Sam Ardren
- Industry Cybersecurity
Tech Stack
- Technology React Js/NodeJs
- 3rd-Party Integrations Google MFA/Nylas API
- Database MongoDB
Action Plan
The client required a tailored multi-tenant SaaS platform with a Learning Management System (LMS) and Phishing Simulator.
Our Agile Development team successfully implemented key features, including user roles, domain verification, integration of third-party APIs for email campaigns, and secure logins.
Following are the key elements of our development plan:
Intuitive Dashboard with ReactJs & Node Js
User Roles and Access Levels
Core Functionality
Scalable SaaS Architecture
Reports & Analytics
Integrating APIs
Let’s have a closer at each of them:
Intuitive Dashboard with ReactJs & NodeJs
We built a fast, real-time, and interactive dashboard with ReactJs and a robust, seamless backend powered by NodeJs.
User Roles and Access Levels
The platform has 3 distinct user roles: Super Admin, Admin, and Employees.
- Full Access: Manage platform settings, templates, and user management (companies, admins, employees).
- Content Management: Upload and manage training content, including courses, videos, and quizzes.
- Template Creation: Create and customize phishing templates (text, logos, and background colors).
- Analytics: Can view detailed analytics (unique opens, clicks, replies).
- Platform Access: Admins log in with Multi-Factor Authentication and can select either LMS or Simulation.
- Employee Management: Manage employees (add via manual entry or CSV uploads).
- Campaign Management: Schedule, initiate and assign phishing campaigns.
- Analytics & Reports: Assign courses to employees, track results, and analyze performance.
- Course Access: Employees access courses via email links and complete quizzes.
- Phishing Simulation: They receive phishing simulation emails, and their actions are tracked.
- Notifications: Notifications are sent for enrollment, reminders, and completion.
- Results Tracking: Admins track employee performance in courses and simulations.
- Lets Super Admins customize phishing simulation templates.
- They can customize the logo, text, and background colors on training templates.
- They can save modified templates for future campaigns, ensuring flexibility and reusability.
Core Functionality
The platform has 2 functioning Modules: Learning Management Systems and Phishing Stimulator.
- For educational purposes where employees can learn about phishing attacks.
- Super Admin can upload and manage training courses.
- Admins can view training courses and share with employees.
- Employees can access the courses and attempt quizzes.
- Admins can initiate one-time or recurring phishing campaigns for employees.
- Admin can send simulated phishing emails, tracks responses, and provides analytics on employee interactions (e.g., opens, clicks, replies).
- Super Admin creates phishing templates, which Admins can customize for their simulations.
Scalable SaaS Platform
We designed a scalable, secure multi-tenant platform that ensures separate data management for each client/company.
- Scalability: The platform utilizes AWS auto-scaling features to dynamically adjust its resources based on real-time usage demands.
- Growth Accommodation: With the auto-scaling mechanism, the platform seamlessly accommodates an increasing number of clients without compromising performance.
- We use Git to track changes in the source code, enabling multiple users to collaborate on non-linear development.
- Track code changes with Git logs and use encrypted connections to keep code secure.
- GIT ensures proper access and protects sensitive data.
Integrating APIs
We integrated Google MFA for secure logins and Nylas Email API for efficient email campaign management.
- Integrated Google MFA to add an extra layer of security for user logins, requiring both a password and a time-sensitive code.
- Prevents unauthorized access by ensuring only authenticated users can log in.
- Users receive the code via mobile or authenticator app for elevated security.
- Nylas Email API enables sending and managing email campaigns directly from the platform.
- Tracks email events like opens, clicks, and replies for insights into user engagement.
- Automates sending training and phishing simulation emails, ensuring timely communication and reliable delivery.
Reports & Analytics
We implemented robust domain verification, reporting tools, and analytics to enhance security and track performance.
- Used TXT records to confirm email domain ownership.
- Ensures only authorized logins.
- Prevented misuse of the platform by verifying domain legitimacy.
- Developed tools to tracks employee performance in LMS (course completion, quizzes).
- Maintain campaign effectiveness through unique opens, clicks, and replies.
- Analytics to identify gaps and behavior patterns.
Result: A SaaS Solution for Phishing Awareness and Prevention
The project has delivered measurable results in educating employees on phishing awareness.
Over the past year, the platform has provided a scalable, secure solution that streamlines training, tracks performance, and supports multi-tenancy, enabling the client to expand its customer base and drive revenue growth.
By cultivating a culture of phishing awareness, businesses are better equipped to defend against cyber threats and build a more secure future.
Founder & CEO
Ready to Discuss?
Share your project details and get a tailored proposal for your business.
Get Started
“TBI delivered an outstanding platform that runs brilliantly. Their expertise, attention to detail, and commitment to excellence truly set them apart. Highly recommended.”