Cofense PhishMe vs. KnowBe4 Security Awareness Training vs. Microsoft Defender for Endpoint

Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.

Incentivized

I don't have any frame of reference for comparison, but the training that I have used has proved impactful for my staff. Since starting KnowBe4 training, we've seen a great increase in the number of phishing attempts, but also a great increase in the number of attempts that have been recognized by staff, and we have thus not been the victim of phishing or other cyberattact vectors

Incentivized

Microsoft Defender for Endpoint is easy to deployed across the entire organization. Having a cloud based solution with a single pane of glass to manage all assets is a real no-brainer. Being able to receive immediate alerts when suspicious activity occurs is extremely helpful in keeping risks at a minimum. Microsoft Defender for Endpoint management is also smart enough to not send several alerts when an attack could be hitting multiple targets within a certain time frame or when it's the same attack multiple times. However, be prepared to click through multiple pages all over the site to figure out what happened when an attack occurs.

Incentivized

• It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
• The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
• For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
• The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.

Incentivized

• Phish tests can be set to various difficulty levels as staff becomes more knowledgeable in catching phish emails.
• Automated phish tests and training save a lot of admin time. The product can also test for phone and USB stick practices.
• The phish alert button in Outlook, along with PhishER and PhishFlip allow easy managing and response to actual phishing emails.
• The interactive training is well designed to cover all types of phishing and safe email and phone behavior.

Incentivized

• One, it's crazy lightweight, so compared to some of the competitors that we also have used with our security services, it's really lightweight and so I don't have a lot of overhead on the system that it's running on.
• It does really fantastic PowerShell integration.

Incentivized

• Completely switching to the new UI - Most is redesigned, but some old elements remain
• Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
• Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves

Incentivized

• The provided templates for phishing simulations are mainly available in English. There are also some templates available in our native language, but their number is small. We have seen other platforms offer way more phishing simulation templates in our language.
• Although there is a really huge number of training videos available, some of them are outdated and no longer have much to offer. Some cleaning up could help in this direction.
• Although there a some games / puzzle like trainings available, we have seen other platforms offer more and better ones (on the other platforms had they had almost no videos at all...). It would help significantly to also invest in enriching the provided puzzles / games.
• We have seen other platforms offer games, where, for example, employees of the company can compete against each other while working together in groups to achieve a common goal (e.g., eliminate a fictional security threat that has "hit" the company. Plan the steps needed to be taken, take the steps one after another and have a chance to see the impact each action has. At the end the team that has suffered the least cost to end the threat is the one that wins. Just an example. The point is to make this challenging, using gamification and to make the employees part of the prevention force of the company against cybersecurity threats.

Incentivized

• It would be good to continue to minimize the amount of resources needed during a scan
• Provide more integration with Outlook to scan attachments with a notification that everything is good
• Provide a Click to Fix option when listing issues or high-risk problems on systems

Incentivized

Between the ease of use, cost effectiveness, functionality and continued improvements Knowbe4 continues to make it would be pretty hard to find another competitive product that wraps it all up like KnowBe4 has. Not saying it couldn't happen, but haven't seen anything that competes at this point.

Incentivized

Cost add-ons for Security features is nickel and diming the process to keep pace with cybercrime. Limited Education budgets require us to be more pro-active in finding cost-effective measures to protect our devices, staff and students. Defender is a strong, well-featured product that is pricing itself out of the education market

Incentivized

Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.

Incentivized

KnowBe4 Security Awareness Training is simple to use, simple to administer, effective, with quality content. It is easy to take the training and we have the reminders set so that the longer a user puts the training off, the more frequently they will receive reminder emails. Eventually they get emailed every day until they take the training. But with a simple click, they can get into the training content.

Incentivized

It offers multiple security features and integrates well with Microsoft ecosystems. A workflow for threat detection, investigation, automated remediation, and a centralized dashboard is an added advantage. This application is mainly designed for experienced users; new users may feel challenged.

Incentivized

There have only been a handful of outages in the 2 years we have had the product. Even during those instances, parts of the system were still operational

Incentivized

Microsoft Defender for Endpoint chugs along just fine no matter what we throw at it and what systems it's running on. It doesn't take up a lot of resources either, so that's welcomed.

Incentivized

Pages load quickly, filter/sort quickly, and don't slow down or freeze. Everything is smooth and very easy to use. There are a places in the UI where you can forget how to get there, but other than that everything is great. We have had no issues using any part of the website.

Incentivized

Microsoft Defender for Endpoint is easy on memory and resources on clients.

Incentivized

I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.

Incentivized

Tech prod support is great! I did have to ask for a new customer success rep, needed a more experienced person to match my 12 years of experience running Cybersec training programs. Would suggest that more matching of rep level of knowledge to client level knowledge would help.

Incentivized

The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session

Incentivized

Helpful and knowledgeable account managers have helped us navigate and use the system to our full potential

Incentivized

It's a must, even if you are never going to use the tool. Cofense aims to provide phishing training first and tool second.

Incentivized

confusing question. I inherited this application so I didnt get any formal training other than the person who was leaving. The CSM provided some later on when I asked in a zoom call

There are some hiccups, but there are meant to be, when you implement something in a large scale enterprise.

Incentivized

The implementation went really well and KnowBe4 was there the whole time on setup to make sure things were setup correctly. The only thing we had to figure out on our own was to script users automatically being added to security groups. So that when they sync to knowBe4 from AD they are placed into the same/correct groups.

Incentivized

Deployment was handled by our team here and everything went pretty smoothly. We did have a few hiccups in our test group, but that only took a bit to get ironed out.

Incentivized

Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios as compared to Cofense PhishMe platform.

Incentivized

KnowBe4 offered a significantly more favorable cost-benefit ratio compared to other solutions. Its seamless integration with our existing infrastructure—particularly Active Directory and email systems—was the most compatible with our operational and security requirements.

Incentivized

Defender is far easier to deploy and manage than Sophos and tends to work without as many issues. The threat assessment portal provides an in-depth view of the organization's security posture, whereas Sophos only shows the patching status of the PCs. We did need Intune to get many of the control features (disabling USB drives) that Sophos offered out of the box.

Incentivized

I was not involved in the pricing, billing or contract terms.

Incentivized

The product scales greatly. As long as you upgrade the license to support the number of users you are needing, adding in those new users is easy. Also getting those users set up with trainings/campaigns is very easy as well

Incentivized

Microsoft Defender for Endpoint is easily scaled from small orgs to giant enterprises.

Incentivized

The team was great to work with and took their time to ensure that we knew what we were doing with the product and that it was set up to meet the specific needs of our organization. This wasn't just a cookie-cutter deployment, but rather they focused specifically on our needs.

Incentivized

• Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
• With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
• 1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.

Incentivized

• With the implementation of KnowBe4 Security Awareness Training, we have reduced a lot of issues of social engineering attacks like Phishing attacks, Smishing attacks, Vishing attacks, and a lot more. After implementing the KnowBe4 Security Awareness Training, we have seen a significant decrease in the clicking on a phishing email. Now users are aware of phishing attacks and they know how to react to them.
• With KnowBe4 Security Awareness Training, we got another tool Phish Alert Button that we have installed on the user's outlook and after providing training on these topics, now we are receiving a lot of spam report emails are users are protecting them from clicking and just reporting it to the IT team.
• With the Phishing test, we are seeing the growth and analyzing how our users will react in the case of a real phishing attack, and with this, we are providing more training to them and going with them as per the test report. This whole process is making our company more stronger against any type pf social engineering attack.
• After implementing KnowBe4 Security Awareness Training, we have seen a lot of improvements in the account compromise case in our company because users are not clicking on fake links now.

Incentivized

• Reduced incidents of security breaches lead to lower remediation costs and avoid potential financial losses and reputational damage.
• Reduces the need for additional third-party security solutions and training, thereby lowering overall security management costs.
• Increased efficiency and productivity of IT staff lead to better allocation of resources and cost savings.
• Reduces the risk of fines and sanctions associated with non-compliance, ensuring business continuity and protecting revenue.

Incentivized