Avanan, from Check Point since the August 2021 acquisition, connects security technologies to enterprise cloud applications in order to improve protection of sensitive corporate data and IP. According to the vendor, Avanan's one-click deployment allows customers to deploy a new security solution in seconds. Because it requires no appliance, agent or gateway proxy, Avanan can begin protecting any cloud application immediately, with no effect on users.
$4
per user per month
KnowBe4 PhishER/PhishER Plus
Score 9.1 out of 10
N/A
PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly.
$0.75
per month (billed annually) per seat
Pricing
Avanan
KnowBe4 PhishER/PhishER Plus
Editions & Modules
Advanced Anti-Phishing
$4.00
per user per month
Complete Malware Protection
$5.00
per user per month
Full-Suite Protection
$8.00
per user per month
3001-5000 Monthly Pricing Per Seat
$0.75
per month (billed annually) per seat
2001-3000 Monthly Pricing Per Seat
$0.85
per month (billed annually) per seat
1001-2000 Monthly Pricing Per Seat
$1.00
per month (billed annually) per seat
501-1000 Monthly Pricing Per Seat
$1.15
per month (billed annually) per seat
101-500 Monthly Pricing Per Seat
$1.50
per month (billed annually) per seat
Offerings
Pricing Offerings
Avanan
KnowBe4 PhishER/PhishER Plus
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
Yes
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
Prices for fewer than 500 users.
PhishER is a monthly per seat price, billed annually.
What it says, it provides. It has the Data leak prevention that is the major help while we have to deal with lot of clients at a time. It has the Secure Click that checks any embedded hyperlink so that when we work on emails we don't have to worry about the hidden security threats inside a email.
It is great for giving employees an easy to use tool to report phishing emails & is a good assistant to the IT Security Team reviewing those reports to make a determination & respond accordingly. there are some good automation capabilities like automatically detection spoofs of executives or automatically labelling clean emails & sending notification to reporter.
I only ever had one complaint, we had a few hiccups during the setup process. We have now been a customer for two years and have had no further issues. It is likely that the setup pain points have now been resolved as well. Overall the product does what it claims while providing a very intuitive interface.
KnowBe4 Reporting needs improvement by adding more flexibility.
Customizing Reports is a very cumbersome process.
Browsing my Library under "Modstore", I should be able to see if an item was used or not, how many times, or filter by "Usage".
Phishing Templates: create or modify Template - need the ability to embed an image (either by copy and paste or by selecting one from local computer. Currently, the only way is to use a URL that pints to an image.
Landing page of the Modstore: please add ability to change the results in "Detailed List" in addition to the "Tiles".
Phish/ER: Add the ability to Block an email or a URL with "Never Expires" option. Currently, the maximum is "60 Days". As a result, I have to go to the "Tenant Allow/Block List" on Microsoft 365 and add entries manually. That defeats the feature in Phish/ER to block from its "Console".
Phish/ER: There are some well known URLs and Domains to be safe. For example, https://aka.ms/LearnAboutSenderIdentification. Such URL should not be listed under "Domains & URLs" when viewing "Message Details". At least, do not allow admins to "Block" it by greying out the option to block. If, by mistake, someone blocked that URL, all messages company-wide will get blocked. That happened with me and everyone struggled to find out why emails are being blocked, including "KnowBe4 Support". It took a while until we were able to find out what was happening.
Phish/ER Reports are extremely limited. A lot needs to be done to offer more visibility.
Phish/ER Rules: It is time to introduce a Point & Click alternative to Yara.
Modstore: Introduce more Training modules that does not include drama or acting, just strictly instructional training. My users' community, especially execs, ask for those that are not drama or cartoonish.
Modstore: Although that might be outside the scope of Cybersecurity, it would be beneficial to have some training modules that teaches users about "Computer Basics". A considerable number of users do not have the basic knowledge of how a computer works, what are the different types of files, how files et stored, what is an Operating System. It is true that we, as admins, make sure they know before getting them on a corporate system. But the fact is that doe not happen in reality. You get a new user and asked to onboard him / her in a few hours. I would consider that type of training to ba an integral part of Cybersecurity awareness.
Cost, need to make sure the cost is competitive for how many users are using email protection as we move users to MS Teams and don't rely so much on full access to email accounts (both sending and receiving internal and external).
When we first discovered that KnowBe4 released something like this, we saw a demo of it and were floored at what it could do and how it could help us from a security standpoint. Gone are the days of us in IT sending out a mass email saying please don't click on anything in the email from sender "X", and it allows us to quietly and easily ensure that people don't take any action on malicious emails.
The end-users love not having their inboxes fill up with extra useless emails. As an administrator, it is simple to implement and maintain. The ability to put something into test mode before going live makes our life a lot easier and less stressful. Avanan has many different components to make your life easier.
The PhishER program works well in identifying phishing emails and blocking them. If it is unsure of emails based on the rules/actions we have in place it leaves the email in the PhishER inbox and we can manually review the email to determine if it is clean, spam or a threat. If determined a threat it gets added to the blocklist and will be blocked if any future emails are submitted.
Support has always been there for me, they take on suggestions and product improvements quite seriously. I've spoken to techs and you can tell that they care about the product and the service in which they deliver. Avanan support is always responsive in everything I throw them and in most cases they don't tell me how to build out a widget or custom query, they actually do it for me and send it to me.
Avanan has a one-click solution, which subscribers or clients use to deploy a new security update. Further, Avanan has the protection of any cloud application, which means, it bypasses any security threat and maintain the set safety processes. Finally, data leakage is a shield that Avanan has deployed, a very smooth process in the firm.
Arctic Wolf also offers a similar product to PhishER using their Phish Tell engine. However, it was severely lacking in terms of workflow automation. Switching to Arctic Wolf's email reporting and response product would have increased the number of manual hours spent on email security and ensuring that end users were informed of whether the email they reported was malicious or clean.
The KnowBe4 PhishER was purchased by us to provide an easy tool that will help the end-users to report suspicious emails and also help us to analyze all the reported emails in one place and this tool fits our requirements.
The price of KnowBe4 PhishER is not too expensive, with the features it provides and the capabilities this tool has, it is a reasonable price and you will get a discount and extra months as well if you are looking for a long-term contract.
In terms of technical aspects, it detects the pattern, URL and malicious files in the email perfectly.
