TrustRadius: an HG Insights company

Cofense PhishMe

Score9.5 out of 10

51 Reviews and Ratings

Get a Demo

What is Cofense PhishMe?

Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.

Categories & Use Cases

Media

Image 1 – Board of Directors (BOD) report showcasing results of your phishing defense program
Image 2 – Create New Scenario Page
Image 3 – Intelligent Program Automation using Playbooks
Image 4 – Organizational Suspicious Email Reporting Statistics
Image 5 – Phishing Scam Announcement Templates

1 / 5

Key Features

Learn about the best (and worst!) features Cofense PhishMe has to offer, as determined by TrustRadius' reviewers.
Based on 51 ratings of Cofense PhishMe's features
View all features

Top Performing Features

  • Role-based user permissions

    Permissions to perform actions or access or modify data are assigned to roles, which are then assigned to users, reducing complexity of administration.

    Category average: 8.4

  • Security Reporting

    Reports available may include statistics on phishing simulations, training completion, etc.

    Category average: 8.5

  • Industry-Specific Security Training

    Security training can be tailored based on industry-specific requirements, such as HIPAA, PCI DSS, GDPR, etc.

    Category average: 7.1

Areas for Improvement

  • Multilingual Training Content

    Training content is available in multiple languages.

    Category average: 9

  • Training Gamification

    Training content is available in a gamified format.

    Category average: 8.6

  • Individualized Security Training Plans

    Training can be tailored to individual employees based on previous training, role, or assessed vulnerability.

    Category average: 7.9

Reviews

What users are saying about Cofense PhishMe.
View all reviews

The Most Comprehensive phishing system in the world.

Incentivized
shahul hameed sheik mohammed
in Information Technology at KOC (10,001+ employees employees)

Use Cases and Deployment Scope

We are using Cofense frequently to report phishing mail. It is addressing resolving reporting issues before the user reporting is very difficult and it will take time; now, it is easy to report and find the malware, but it is very time-consuming. Cofense is very helpful for auto categorizations, so it will save lots of time.

Pros

  • Creating the Rule for know emails.
  • Sending notification is very useful to forward the request to SOC team for analyzing.
  • Running play book is very useful and easy to resolve the issue.

Cons

  • In the matches we need more details.
  • Creating rules is very difficult.
  • YARA rules are not understandable.

Most Important Features

  • Report Phishing.
  • Categorize the mail.
  • Sending notification.
  • Run play book.
  • Creating rules for know thread and know legitimated mail.

Return on Investment

  • it is very useful product.
  • I recommend to purchase, it is more value then what your paying.
  • Overall it is improving the reputation of the company.

Alternatives Considered

Proofpoint Security Awareness Training, Infosec IQ, SANS Security Awareness Training and Lucy Security

Other Software Used

VirusTotal, Lastline, LogRhythm NextGen SIEM Platform

Cofense [PhishMe] at a Glance

Incentivized
Patrick Vail
SR Security Engineer in Information Technology at Express (1001-5000 employees employees)

Use Cases and Deployment Scope

[Cofense PhishMe] is used at Express for security awareness, security education, and protection of the organization from bad actors that are persistent and relentless in the pursuit of attacking the organization from the storefront, back office, and the C-suite.

Pros

  • Education
  • Filtering know bad.
  • Responding to the reporter.

Cons

  • Threat Intel API feeds.
  • Sandbox
  • User generated reporting.

Return on Investment

  • Auditable training solutions.
  • Constant filtering.
  • Ease of use.

Other Software Used

Cisco Cloud Email Security, Microsoft 365 (formerly Office 365), BlackBerry Optics (CylanceOPTICS), BlackBerry Protect (CylancePROTECT)

Phishing simulation with a small team for a big company

Incentivized
Alexander BagrovView profile
Information Security Specialist in Corporate at GE (10,001+ employees employees)

Use Cases and Deployment Scope

In the past, we were using it only on a quarterly basis as a benchmark type of activity. Nowadays, we are offering Phishing Simulation as a service to our departments and we are slowly getting to 1 big Q exercise (250k people) and 3-4 monthly ones (anywhere from 50 to 5k users).

Pros

  • Friendly UX.
  • Huge selection of phishes.
  • Ability to customize.

Cons

  • Web version support - sometimes it's too laggy.
  • Upload/download rate for results and recipient lists.

Return on Investment

  • CIRT now has a great dataset of simulations that we ran, with some interesting metrics.
  • Business leaders now view phishing defense as a metric they want to improve.

Other Software Used

SANS Advanced Cybersecurity Learning Platform, Microsoft Yammer, Microsoft Excel

Usability

PhishMe for Analyst

Incentivized
Sarthak Chand
Information Security Manager in Information Technology at Synchrony Financial (10,001+ employees employees)

Pros

  • It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
  • The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
  • For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
  • The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.

Cons

  • Need to add more OSINT APIs to check the reputation of embedded URLs and the hash of attached files.
  • "Screen Capture" of the embedded URL links [after clicking on the embedded URL where the URL takes the user] will be really helpful for triaging basic credential harvesting attack scenarios.
  • Integration of ProofPoint email gateway to Phishme triage will help us determine the number of email flow from a suspicious sender. This will reduce the requirement of opening another console just to check the number of emails from a particular sender.

Return on Investment

  • From a normal user's perspective, it's an easy and fast, very very user-friendly phishing email reporting structure. No need to remember any email address, no need for sophisticated handling of malicious emails while sending/ reporting. Just a click and it is done.
  • From the admin and analyst point of view: Easy and clutter-free triaging pane, IOC reputation check facility, Rules and Recipes section for automation and focused triaging, Notification to the reporter based on the triaging done is really a helpful feedback loop.
  • Overall: Simple to handle, less learning curve, well managed, less administration time, fewer issues, less maintenance time.

Other Software Used

CrowdStrike Falcon Endpoint Protection, Splunk Enterprise Security (SIEM), RSA NetWitness Orchestrator, Exabeam Fusion, Symantec Data Loss Prevention, Palo Alto Networks Cortex XSOAR (formerly Demisto), Palo Alto Networks Next-Generation Firewalls - PA Series, Titanium Cloud, Zscaler Internet Access, Zscaler Private Access, Amazon GuardDuty, Palo Alto Networks Prisma SaaS (formerly Aperture), Palo Alto Networks Prisma Cloud, Cisco Firepower 1000 Series

Product review: Cofense PhishMe

Incentivized
Viral Mehta
Security Specialist in Information Technology at Bed Bath and Beyond (5001-10,000 employees employees)

Use Cases and Deployment Scope

We are using the Cofense PhishMe solution to send phishing scenarios and we are getting great results and great views in the console. The platform is easy to use and has a lot of resources. We are also using targeted scenarios from the module. Also, the LMS module provides great value to organizations as they have generalized security modules and also have gamification modules for security awareness programs. The platform is user-friendly and does not require training to use the platform. I was able to use it without any prior training. I am able to perform all phishing scenarios from the user-friendly console.

Pros

  • Learning
  • Phishing scenerios
  • Awareness letters

Cons

  • New content
  • Innovative
  • Resources for training

Return on Investment

  • Good product
  • You will get what you paid for.
  • Nice resources

Other Software Used

Awake Security Platform, RSA NetWitness Logs, Barracuda Cloud Security Guardian

Related Products

Products similar to Cofense PhishMe that may also meet your needs.
All comparisons
KnowBe4 Security Awareness Training
CompareLearn more