Barracuda's Security Awareness Training (formerly Barracuda Phishline) provides a suite of applications supporting phishing social engineering simulations with data analytics for evaluation of results as well as targeted training and education to boost readiness. PhishLine was acquired by Barracuda in January 2018, and is now part of Barracuda's security portfolio.
N/A
Proofpoint Security Awareness Training
Score 9.0 out of 10
N/A
Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.
We ultimately chose Proofpoint because it was the best fit for our company with regard to our internal technology, processes, and budget. However, the other products we reviewed all had their strengths.
Verified User
Consultant
Chose Proofpoint Security Awareness Training
I think Proofpoint's design and training are the best in the bunch, but the other products certainly hold their own.
Barracuda Security Awareness Training is well suited for companies that are looking to automate and schedule phishing simulation, education, and training on a regular basis. It would be less appropriate for companies that already have a security awareness training platform already implemented.
Perfect for regular (monthly) training of staff versus a "one and done" annual assignment on Cyber Security. Allows for a greater number of topics to be covered and for creating a "culture" of security awareness among all Staff throughout the entire company. NOT a replacement for IT Security Certifications amongst your technical staff (CISSPs & GSLCs on staff are a must have). Your Proofpoint Account Rep does most of the heavy lifting, but the program still requires "care and feeding" (resources) within your organization - preparing monthly user lists for training assignments and preparing reports for leadership on participation & progress
The software helps us create emails that look exactly or almost exactly the same as the phishing emails we found in our email gateway.
We already use the ESS gateway from Barracuda Networks, and in the TEP bundle, this software is included, so it's not that much work to also configure this.
In the software, we can see reports on how our users performed. We can make a selection of users that are more prone to click on "false" links, and this way, we can help them individually.
Providing animated templates for custom campaigns would be helpful, potentially a "builder site" where templates could be put together with custom questions/answers.
Reporting through functional could use some work. We typically create phishing tests to help our users learn how to spot concerns, and the reports do not provide who actually "reported" the phish as opposed to who did not. This has been a year-long request to Barracuda, and the same issue is present in our campaigns as well.
We would love to see an annual release of new training topics and campaign ideas.
The lack of a user rating on "cyber risk" is proving to be an immense difficulty. As we are looking at how to better hold our employees accountable as well as provide increased learning opportunities for those who need it most, it is becoming cumbersome--especially given the fact this is starting to become the standard for Security Awareness companies. The lack of this is resulting in a manual process vs being able to automate and moderate, thus taking up time and resources, which are always at a scarcity. It can also be cumbersome to look across the tools to see how a particular user is doing, vs being able to view all of their data in one space.
If you are a marketer, the editors for the Phishing Templates and Teachable Moments are quite frustrating. They feel out of date and clunky, as well as not featuring an auto-save, so you could lose the templates you are building. At this point, I have actually started to work in other email creation editors and learning HTML, to better customize and then moving all of the code into the editor. It has thus far proven to be less of a headache. I also do not believe the average user is working on branding their program, creating consistency for easy of navigation, and including additional resources in their teachable moments in the way we currently are. However, as more social science backgrounds continue to enter security awareness, I believe this will move towards the norm.
Some of the reporting numbers for Simulated Phishing could be better. For example, telling me how many people acknowledged the teachable moment out of the full email campaign is less meaningful than knowing how many people acknowledged it, from those who actually triggered/were shown the teachable moment.
Although cost competitive, we still feel like we are not digging deep enough to train our staff. We have little to no way other than digging through reports that have not proven to be adequately documented (hey you, Barracuda campaign reports) to identify and require users to take more training who have not passed their requirements.
We have a good relationship with our vendor/Proofpoint, which I believe is needed to be successful in Security Awareness and using tools like this
The package/service as a whole is incredibly helpful
The integrations with Proofpoint's Trap is one of the most valuable things we could do. It turns your entire email user base into members of IT security, to be on the look out to report cyber attacks, and have them pulled out of everyone's email if the email is condemed/found malicious.
Once you are started it is great. The only issue is to get started. The administrator interface [I feel] is not intuitive enough. It lacks some kind of quick start wizard. The templates are good and fit several regions. So we can do our Belgian campaign and French campaign, each with a different template.
Overall, PSAT is integral to what we do. PSAT is a helpful tool to help us improve our employees ability to recognize, report, and respond to phishing. It works for us to use a longterm partner, who is incredibly helpful/supportive, and also bringing Proofpoint's greater cybersecurity & attack intelligence into PSAT. Honestly, we are pretty happy and would make the choice to go with PSAT again (we evaluated the major players in the space via Gartner's Magic Quadrant). The team behind the products are excellent and the product of itself is both intuitive and expansive. This combination allows us to reach our 10k+ employees who are located in over 20 countries
Working with Barracuda PhishLine support is always a good experience. They are very professional, they are attentive and they are courteous. When I first purchased Barracuda PhishLine a few year ago it was new to them as well. At the time, the support staff could been better trained. That said, they worked hard to help and resolve my issues.
Proofpoint support has always been above average. A lot of companies provide a customer service manager for your account but few have proved as connected as Proofpoint. The CSM was able to give us a good start with the product and checked in periodically. I found them always helpful with any questions and very knowledgeable about the platform.
365 defender has a tool for user security training, it is much more rudimentary than Barracudas, but the interface is much nicer. Both offer email attack testing, reporting, and training, but barracuda offers additional attack types, like file and SMS testing. Both seem to come free with other software and can be brought as add-ons.
All three products have the pros and cons. Since we use other Proofpoint products, TAP, TRAP, etc. the integration with PSAT is much better. The other products do not integrate with TRAP nearly as well as PSAT.
I don't have any tangible numbers to provide, but we definitely have an increase in the number of staff reporting suspicious emails and fewer people clicking on phishing emails.
The cost we are paying per employee (<$2 pp)is low enough that we can consider this a "benefit" we offer to our employees. The knowledge gained can also be applied to your personal life with similar threats.
