Avanan vs. Cofense PhishMe

What it says, it provides. It has the Data leak prevention that is the major help while we have to deal with lot of clients at a time. It has the Secure Click that checks any embedded hyperlink so that when we work on emails we don't have to worry about the hidden security threats inside a email.

Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.

Incentivized

• The dashboard for Avanan makes all of the most important information easy to digest.
• Alerting - specifically, the Geo-Location alerts allow us to see if a user has possibly been compromised.
• The End-User Email Quarantine experience gives users the ability to request emails be released, which trains them to better spot legitimate emails.

Incentivized

• It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
• The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
• For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
• The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.

Incentivized

• I only ever had one complaint, we had a few hiccups during the setup process. We have now been a customer for two years and have had no further issues. It is likely that the setup pain points have now been resolved as well. Overall the product does what it claims while providing a very intuitive interface.

Incentivized

• Completely switching to the new UI - Most is redesigned, but some old elements remain
• Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
• Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves

Incentivized

Cost, need to make sure the cost is competitive for how many users are using email protection as we move users to MS Teams and don't rely so much on full access to email accounts (both sending and receiving internal and external).

Incentivized

The end-users love not having their inboxes fill up with extra useless emails. As an administrator, it is simple to implement and maintain. The ability to put something into test mode before going live makes our life a lot easier and less stressful. Avanan has many different components to make your life easier.

Incentivized

Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.

Incentivized

Always been available as needed.

Incentivized

It's not all the time, on occasion the platform can delay email by seven to ten minutes.

Incentivized

Support has always been there for me, they take on suggestions and product improvements quite seriously. I've spoken to techs and you can tell that they care about the product and the service in which they deliver. Avanan support is always responsive in everything I throw them and in most cases they don't tell me how to build out a widget or custom query, they actually do it for me and send it to me.

Incentivized

I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.

Incentivized

There was no in person training.

Incentivized

Takes a lot to get a 10 out of 10.

Incentivized

It's a must, even if you are never going to use the tool. Cofense aims to provide phishing training first and tool second.

Incentivized

Ensure system administration and exchange admin are up to speed on Avanan

Incentivized

There are some hiccups, but there are meant to be, when you implement something in a large scale enterprise.

Incentivized

Avanan has a one-click solution, which subscribers or clients use to deploy a new security update. Further, Avanan has the protection of any cloud application, which means, it bypasses any security threat and maintain the set safety processes. Finally, data leakage is a shield that Avanan has deployed, a very smooth process in the firm.

Incentivized

Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios as compared to Cofense PhishMe platform.

Incentivized

It does what they claim and then some.

Incentivized

• Improved risk mitigation by providing additional layer protection for M365.
• Easy to setup and configure. No expert knowledge required and no downtime required.
• Customizable license count. No need to buy the same number of mailbox users if you really don't want to protect some unused mailboxes.

Incentivized

• Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
• With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
• 1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.

Incentivized