Cofense PhishMe vs. CyberHoot

It's a very apt tool for the scenario where there are multiple users and verticals in an organisation. Phishing Campaigns and recording their response actions is quite easier through this tool. Not suitable for a small organization (less than 500) that can maybe use some open tools or self-made emails for campaigns.

Incentivized

CyberHoot's free individual training is great for improving individual cybersecurity knowledge and skills. They offer a plethora of very critical solution to Businesses that include but is not limited to training, policy management, phish training/testing, Dark Web Monitoring, etc. By providing the tools for navigating cyber threats and risks companies can better protect their critical Business environment organization.

• Easy to Navigate GUI - easy to create and run scenarios
• In depth reporting - Ability to provide detailed reports by department, title, etc. for follow-up training
• Adoption of new technology - new additions such as Responsive Delivery and Recipient Sync allow less overhead for running scenarios
• Introduction of new templates - new templates being introduced all the time to keep up with currently seen campaigns

Incentivized

• Easy to understand training videos that are brief yet impactful
• easy access and flexible options for testing
• Only six test questions for mastery of content with opportunity to retake
• great graphics and audio on the videos
• relevant and effective training content
• Excellent training for busy employees

• Many of the URLs come in with an unknown reputation and although it may be challenging from threat intel feeds, somehow allowing a more in-depth analysis of the URL can provide better/quicker decision making or validation.
• Adjustable widgets for reporting, although the provided are already built very well.
• Provide in-house templates or summaries of actionable items, such as a single brief on a major phish.

Incentivized

• I'd like to see the feedback change a little when I get a question wrong on the test. It can be a little confusing, but certainly not a game-changer.

Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.

Incentivized

I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.

Incentivized

It's a must, even if you are never going to use the tool. Cofense aims to provide phishing training first and tool second.

Incentivized

There are some hiccups, but there are meant to be, when you implement something in a large scale enterprise.

Incentivized

PhishMe is a market leader in terms of phishing simulation solutions. The customization appears unmatched when compared with competitors and the support we have experienced from Cofense has been excellent. Phish me offers lots of realistic templates which are updated regularly which is far ahead of other solutions. Phish me also provides lots of detailed statistics as well as high-level numbers which are really useful for some clients who want details, and others who only want high-level overviews.

Incentivized

I enjoyed the cybersecurity training provided by CyberHoot and felt that it had a lot to offer. Cybersecurity professionals, as well as non-cyber security professionals, would both benefit from the content. I've personally utilized several different platforms for security awareness training and feel that the content, presentation, videos, and gamification help CyberHoot to edge out the competition.

• From a normal user's perspective, it's an easy and fast, very very user-friendly phishing email reporting structure. No need to remember any email address, no need for sophisticated handling of malicious emails while sending/ reporting. Just a click and it is done.
• From the admin and analyst point of view: Easy and clutter-free triaging pane, IOC reputation check facility, Rules and Recipes section for automation and focused triaging, Notification to the reporter based on the triaging done is really a helpful feedback loop.
• Overall: Simple to handle, less learning curve, well managed, less administration time, fewer issues, less maintenance time.

Incentivized

• I signed up for the individual training and found the content, training, and testing to be highly beneficial
• As an employee of a large financial institution I can see the value in the corporate offerings they have to proactively train and empower employees with cybersecurity knowledge.