Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
N/A
KnowBe4 PhishER/PhishER Plus
Score 8.7 out of 10
N/A
PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly.
$0.50
per month (billed annually) per seat
Pricing
Cofense PhishMe
KnowBe4 PhishER/PhishER Plus
Editions & Modules
No answers on this topic
3001-5000 Monthly Pricing Per Seat
$0.50
per month (billed annually) per seat
2001-3000 Monthly Pricing Per Seat
$0.55
per month (billed annually) per seat
1001-2000 Monthly Pricing Per Seat
$0.65
per month (billed annually) per seat
501-1000 Monthly Pricing Per Seat
$0.75
per month (billed annually) per seat
101-500 Monthly Pricing Per Seat
$1.00
per month (billed annually) per seat
Offerings
Pricing Offerings
Cofense PhishMe
KnowBe4 PhishER/PhishER Plus
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
Yes
No
Entry-level Setup Fee
No setup fee
Optional
Additional Details
—
PhishER is a monthly per seat price, billed annually.
PhishMe is a market leader in terms of phishing simulation solutions. The customization appears unmatched when compared with competitors and the support we have experienced from Cofense has been excellent. Phish me offers lots of realistic templates which are updated regularly …
We chose PhishMe due to its ease of use and integration. The many different scenarios available and the price point were the main selling points vs the competitors.
Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.
I have been able to create customized simulated phishing campaigns that are really testing our users ability to "spot the fake." That coupled with the training campaigns that are included make it much more likely that our users will be better prepared to protect our organization by being able to recognize common industry threats, and brings awareness to less common threats that are out there. I love that they have a shared folder full of relevant, recent real-world scams that we can choose from to train our user base.
It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.
Analysis and classification of phishing emails using machine learning
Response to reporting users with personalised emails template
Automatic response and actions using integration with Microsoft
Good dashboard with reporting and KPI
Integration with others product to improve scan and analysis
It improves users' security awareness and behavior as receiving an immediate response with the analysis result improves the ability to recognize a phishing email
Enhancing the automated response capabilities, such as directly initiating remediation processes or integrating with other cybersecurity tools, could further streamline the threat management process.
Implementing a feedback system where users can be informed about the outcome of their reported emails might encourage more proactive engagement.
the reporting tool is not as streamlined on mobile devices as it is on desktops. Enhancing mobile functionality would be beneficial
Phish ER has reduced the time my team and I spend on reported emails by over 80%. With the volume of emails reported and a small team this is a must have.
Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.
The configuration is a bit complicated, but easy once you get the hang of it. Once configured, it is easy to manage our malicious emails that are reported by our staff.
I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.
Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios as compared to Cofense PhishMe platform.
KnowBe4 PhishER has a lot of features that other companied does not have. Its AI capability, integration with VirusTotal, PhishRIP and PhishFlip features make it totally different from other solutions. Its Phish Alert Button directly installed on users Outlook without affecting them and the reporting technique is very simple, just clicking on the Phish Alert Button and the email will be directly reported to the KnowBe4 PhishER dashboard. KnowBe4 PhishER dashboard is a very good example of centralized dashboard where you can find all things related to that reported email.
Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.
