Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
N/A
Proofpoint Security Awareness Training
Score 10.0 out of 10
N/A
Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.
N/A
Pricing
Cofense PhishMe
Proofpoint Security Awareness Training
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cofense PhishMe
Proofpoint Security Awareness Training
Free Trial
Yes
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
Optional
Additional Details
—
—
More Pricing Information
Community Pulse
Cofense PhishMe
Proofpoint Security Awareness Training
Considered Both Products
Cofense PhishMe
Verified User
Anonymous
Chose Cofense PhishMe
PhishMe is a market leader in terms of phishing simulation solutions. The customization appears unmatched when compared with competitors and the support we have experienced from Cofense has been excellent. Phish me offers lots of realistic templates which are updated regularly …
Cofense phishing simulation product is one of the best security awareness solutions that our security team has tested. The product is feature-rich and easy to navigate. Awareness templates are numerous to select from and in multiple languages, which is a big plus. Campaign …
Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios …
Cofense PhishMe is price competitive and provides lots of value. We are also utilizing Cofense's other products such as Triage, Vision, and Report PhishMe. We are seeing lots of value from these products and hopefully, your company will see some value also. Support also is …
I have not used similar kinds of products previously. So this is hard for me to compare anyone here. But as long as I used PhishMe I loved it. The ease of use, the neat designs, and distinct tabs help reduce the clutter. The learning curve to get comfortable with the tool is …
Cofense provides more templates. We couple the reporter service with the Triage product & managed triage service. Cofense's support is better and more engaged. We utilized Wombat before acquisition.
Cofense is more comprehensive in its offerings given that the field of email security and email-related staff awareness is their focus area, while for Cymulate, it is only a component of testing and nothing else. Hence, it was quite beneficial to use Cofense in that regard.
Cofense was selected as a vendor before I was in this role. Another vendor was evaluated for additional security awareness training but not to replace the Cofense PhishMe program. We also looked at Ninjio to supplement our phishing education program.
We chose PhishMe due to its ease of use and integration. The many different scenarios available and the price point were the main selling points vs the competitors.
For reporter, we've used GoSecure IDR. KnowBe4 is probably the biggest paid competitor I've seen and tried a demo.
For opensource, things like GoPhish or the Social Engineering Toolkit within Kali Linux aren't bad. Both require more effort, so you either pay Cofense for ease of …
We haven't used another provider. However, we used our internal phishing simulation solution prior to contracting Cofense. The internal solution gives you more flexibility (you can send emails to any domain and can impersonate any company) but you'd be missing the Reporter …
Our previously used product was SANS ACLP. This wasn't an altogether horrible product and for the time we used it the purpose for its use was served. We had multiple issues though with how this product delivered emails, captured clicks, and generated reporting once the …
We closely looked at KnowBe4's platform as well when it came time to renew. We chose to continue with Cofense because we already had over a year's worth of data in the platform that we would lose by switching vendors.
I have not used any other products that do the same thing as PhishMe. I was not the decision maker in deploying PhishMe so I can not comment as to why we chose it or any other similar competitors in the field. PhishMe works well for what we use it for.
Cofense PhishMe is a very usable and customizable suite and compared to a previous product, it's hard to go back. After using [Cofense] PhishMe, I don't want to look for another product since the features are rich and the usability is relatively straightforward. Information and …
Due to Proofpoint large experience on phishing/e-mail protection market. This analysis ran through financial decisions, but the product capabilities were a important aspect to the decision makers.
We ultimately chose Proofpoint because it was the best fit for our company with regard to our internal technology, processes, and budget. However, the other products we reviewed all had their strengths.
I think that Proofpoint Security Awareness Training pricing is one of the main reasons that we went with them. We only have the lowest tier, and it does a pretty good job for what we pay. We are using Proofpoint for our email security solution, so we ended up saving some money …
I have used both and can say they are comparable. KnowBe4 has all the content out there for the admin to add but Proofpoint only had a limited number of courses available per the contract. Seems like KnowBe4 has more content or allows more per bundle.
We have not used other security training. Proofpoint Security Awareness Training has been our first selection. We have been happy with the purchase! We have also created some training in-house, but we like that Proofpoint gives us the flexibility to train our staff on other …
We have selected Proofpoint Security Awareness Traning to work on the major weakness of the cybersecurity chain (human factor). We believe that working on the human factor is fundamental to achieve our goals.
We initially shopped two products: Proofpoint Security Awareness Training (at the time, it was called Wombat) and Cofense PhishMe. After some extensive internal testing in the IT department, we concluded that Proofpoint's robust reporting and pre-baked content (tests, guides, …
The "Managed Service" (a dedicated ProofPoint Account Rep c/w weekly status calls) significantly reduces the resource demand on the area within your company managing the program. The KnowBe4 Platform does all the same stuff (Training Modules, Reports, ThreatSim Tools), but you …
Proofpoint was the only company we looked at. We had heard from other companies using the product how great it was and we were excited to implement it. I don't think there is another company that is in the market place that even comes close to what they offer. We are happy …
Our team decided to go with Proofpoint prior to me being involved, so I was not involved in the assessment. However, I do believe that PhishMe was the tool that we used before. I am not sure of the exact reasons for the switch, but we are very happy with Proofpoint.
I think Wombat beats most of its competitors by default by simply being another piece of the Proofpoint security platform. Other phishing platforms do not have this additional piece, so you will end up paying for a phishing awareness software and also an email security platform …
At the time we selected Proofpoint (Wombat) they appeared to have the best solution. They have a simple to use interface and the phishing platform was quite impressive. However, over time I have found that their training catalog is not as large as it could be. KnowBe4 has …
We selected Proofpoint, because originally Wombat was a local company to us and many people in the area were using the product. It got great reviews from others technology directors in our area, which made the decisions easy to make.
We already used ProofPoint so we thought it would be a better fit. The other products may have looked better but pricing was good. Do not increase pricing.
It's a very apt tool for the scenario where there are multiple users and verticals in an organisation. Phishing Campaigns and recording their response actions is quite easier through this tool. Not suitable for a small organization (less than 500) that can maybe use some open tools or self-made emails for campaigns.
I think that Proofpoint is the best product on the market for Security Awareness Training. They make it easy, they have taken all the guess work out of it. You are supplied with everything you need to have a successful program and you don't have to be a "teacher" to do this. They have taken all of the guess work out of it.
The report phish Outlook add-in button has had a positive influence on our users. We have many users regularly reporting suspect phish emails.
The templates for the phish campaigns are very up to date, using real life recent phishing attacks. This makes our phishing campaigns much more realistic.
The training modules from PSAT are very effective and useful with our LMS system.
Many of the URLs come in with an unknown reputation and although it may be challenging from threat intel feeds, somehow allowing a more in-depth analysis of the URL can provide better/quicker decision making or validation.
Adjustable widgets for reporting, although the provided are already built very well.
Provide in-house templates or summaries of actionable items, such as a single brief on a major phish.
The platform provides options for many different reports (with some customization options), however, there are reports that I would want that are not available.
Adding new staff (we have a lot of turn-over) into an existing training plan can be cumbersome for the system administrator. Although End-User Sync can be set-up to "add" new users to the system, the new users still need to manually be added to the assignments and sent past assignments to complete. (NOTE: this was made more difficult because of our decision to implement a training plan the way we did).
Some of the ThreatSim campaigns (simulated phishing or malicious attachment emails) will only work if you are using their PhishAlarm plug-in (add-on button for Outlook, etc. for users to easily report suspected threats). Our users access email by iPhones, Android, iPads, PCs, and Macs. PhishAlarm cannot be used for all of these platforms.
We have a good relationship with our vendor/Proofpoint, which I believe is needed to be successful in Security Awareness and using tools like this
The package/service as a whole is incredibly helpful
The integrations with Proofpoint's Trap is one of the most valuable things we could do. It turns your entire email user base into members of IT security, to be on the look out to report cyber attacks, and have them pulled out of everyone's email if the email is condemed/found malicious.
Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.
Overall, PSAT is integral to what we do. PSAT is a helpful tool to help us improve our employees ability to recognize, report, and respond to phishing. It works for us to use a longterm partner, who is incredibly helpful/supportive, and also bringing Proofpoint's greater cybersecurity & attack intelligence into PSAT. Honestly, we are pretty happy and would make the choice to go with PSAT again (we evaluated the major players in the space via Gartner's Magic Quadrant). The team behind the products are excellent and the product of itself is both intuitive and expansive. This combination allows us to reach our 10k+ employees who are located in over 20 countries
I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.
I have never had any issues with receiving support and have always had my questions answered in a timely manner. When we do have suggestions, the support has been ready to step in and provide advice or take our suggestions seriously. But normally, there aren't any issues that come up when using this product.
PhishMe is a market leader in terms of phishing simulation solutions. The customization appears unmatched when compared with competitors and the support we have experienced from Cofense has been excellent. Phish me offers lots of realistic templates which are updated regularly which is far ahead of other solutions. Phish me also provides lots of detailed statistics as well as high-level numbers which are really useful for some clients who want details, and others who only want high-level overviews.
The "Managed Service" (a dedicated ProofPoint Account Rep c/w weekly status calls) significantly reduces the resource demand on the area within your company managing the program. The KnowBe4 Platform does all the same stuff (Training Modules, Reports, ThreatSim Tools), but you (or your staff) need to do considerably more work to manage the Overall Program. The uplift in cost for this service is minimal.
From a normal user's perspective, it's an easy and fast, very very user-friendly phishing email reporting structure. No need to remember any email address, no need for sophisticated handling of malicious emails while sending/ reporting. Just a click and it is done.
From the admin and analyst point of view: Easy and clutter-free triaging pane, IOC reputation check facility, Rules and Recipes section for automation and focused triaging, Notification to the reporter based on the triaging done is really a helpful feedback loop.
Overall: Simple to handle, less learning curve, well managed, less administration time, fewer issues, less maintenance time.
I don't think there are hard and fast numbers when it comes to Security Awareness ROI, as it would be next to impossible to come up with any defined metrics.
Phishing campaigns vary in their effectiveness, what I've found is that there is always something that will trigger your employees to click. Finding what that is for your company can help you train everyone to see the red flags.