Cofense PhishMe vs. KnowBe4 Security Awareness Training

Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.

Incentivized

This is a very appropriate training system for a school district. We have the ability to add or remove the number of required training. Originally, we scheduled 4 modules per year, but we reduced it to 2 per year, because teachers shared they felt it was too much, originally.

Incentivized

• It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
• The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
• For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
• The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.

Incentivized

• Real World Examples - Many of the training modules show Kevin Mitnick actually gaining access to a machine showing how one click can allow a malicious actor access to a machine or network.
• Up-to-Date content - They are always adding new training and phishing examples.
• The ability to schedule training and phishing tests.

Incentivized

• Completely switching to the new UI - Most is redesigned, but some old elements remain
• Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
• Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves

Incentivized

• Uploading your own SCORM content can be problematic with what seem like arbitrary restrictions (e.g. file size, quiz word count, etc.)
• Content that once was available at our level was taken away so that they could repackage it as a new "product" for an additional cost. They should have grandfathered in existing clients.
• Reporting capabilities (key for compliance artifacts) should be better designed with flexibility for users to present content in a manner suited to their specific circumstances

Incentivized

Between the ease of use, cost effectiveness, functionality and continued improvements Knowbe4 continues to make it would be pretty hard to find another competitive product that wraps it all up like KnowBe4 has. Not saying it couldn't happen, but haven't seen anything that competes at this point.

Incentivized

Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.

Incentivized

KnowBe4 Security Awareness Training is simple to use, simple to administer, effective, with quality content. It is easy to take the training and we have the reminders set so that the longer a user puts the training off, the more frequently they will receive reminder emails. Eventually they get emailed every day until they take the training. But with a simple click, they can get into the training content.

Incentivized

There have only been a handful of outages in the 2 years we have had the product. Even during those instances, parts of the system were still operational

Incentivized

Pages load quickly, filter/sort quickly, and don't slow down or freeze. Everything is smooth and very easy to use. There are a places in the UI where you can forget how to get there, but other than that everything is great. We have had no issues using any part of the website.

Incentivized

I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.

Incentivized

Tech prod support is great! I did have to ask for a new customer success rep, needed a more experienced person to match my 12 years of experience running Cybersec training programs. Would suggest that more matching of rep level of knowledge to client level knowledge would help.

Incentivized

Helpful and knowledgeable account managers have helped us navigate and use the system to our full potential

Incentivized

It's a must, even if you are never going to use the tool. Cofense aims to provide phishing training first and tool second.

Incentivized

confusing question. I inherited this application so I didnt get any formal training other than the person who was leaving. The CSM provided some later on when I asked in a zoom call

There are some hiccups, but there are meant to be, when you implement something in a large scale enterprise.

Incentivized

The implementation went really well and KnowBe4 was there the whole time on setup to make sure things were setup correctly. The only thing we had to figure out on our own was to script users automatically being added to security groups. So that when they sync to knowBe4 from AD they are placed into the same/correct groups.

Incentivized

Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios as compared to Cofense PhishMe platform.

Incentivized

KnowBe4 integrates seamlessly with Drata to monitor security compliance. It is possible to chose which training campaigns are mandatory to consider the security awareness training control passed. The integration is easy to configure and works with complex scenarios (optional and mandatory training campaings, different progress status per each employee, etc.).

Incentivized

It's kind of expensive compared to other products on the market although I think this product is likely better than those other products it 3 times better? I think not.

The product scales greatly. As long as you upgrade the license to support the number of users you are needing, adding in those new users is easy. Also getting those users set up with trainings/campaigns is very easy as well

Incentivized

The team was great to work with and took their time to ensure that we knew what we were doing with the product and that it was set up to meet the specific needs of our organization. This wasn't just a cookie-cutter deployment, but rather they focused specifically on our needs.

Incentivized

• Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
• With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
• 1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.

Incentivized

• The smart group feature has provided us insight to users who continually fail phishing simulations and allows automatic training assignment. This has greatly reduced our technician's time spent inside the service, allowing them to focus on more important projects.
• After switching to KnowBe4, for Cybersecurity training, our business has seen an increase of more than 20% participation in training.
• I can't say enough about the Cybersecurity Assessment feature, which informs us of end-user weaknesses and strengths. Knowing where the company is strong and weak allows us to adjust training and system configurations, keeping the business more secure.

Incentivized