Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
N/A
Mimecast Engage Awareness Training
Score 7.9 out of 10
N/A
Mimecast Awareness Training equips security teams to identify and reduce human-driven risk across their entire organization. The security awareness and human risk management solution works to continuously inspire awareness, transform behavior, and reduce the likelihood of security incidents caused by human error.
Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.
Staff is the single most significant danger to the cyber security posture of an organization. Before implementing Mimecast Awareness Training, staff had almost no awareness or concept of IT security or the potential risks. Staff attitudes have improved dramatically since introducing Awareness Training.
It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.
I’ve parked the slider at a solid 10 because the platform keeps proving its worth every quarter. Staff phishing‑click rates have plunged from double digits to low single digits, our audit team finally stopped chasing overdue modules, and—bonus—engagement surveys show people actually enjoy the bite‑sized, comedic flavoured content. The built‑in reporting lets me walk straight into the boardroom with clean metrics. Minimal admin, measurable behaviour change, and zero eye‑rolls from end‑users—hard to ask for more.
Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.
I pegged usability at a full‑blown 10 because even my least tech‑savvy colleagues—think “still double‑clicks web links” level—navigate the portal without ringing the help‑desk. Single‑sign‑on drops them straight into the next module, the interface looks like Netflix for cyber nerds, and the progress bar shouts “two minutes left” instead of burying them in menus. On the admin side, I spin up campaigns in three clicks, clone content on the fly, and the drag‑and‑drop scheduling means I can rejig a whole quarter’s plan during the time it takes the kettle to boil. Zero training manuals, zero grumbles, zero excuses—just smooth sailing from login to completion.
Its the best, hands down. Great, easy to use and on point content that injects some humour into the training makes it relevent whilst staying engaging. We have seen our engagement scores almost double since using Mimecast, with completion rates across the buisness above 90% compared to previous scores on less than 50%.
The product is quick and responsive. Emails alert the staff of new training content and provides a direct link to the training video. They watch, learn and than answer a brief question to test their knowledge. This feeds into the users risk profile in which additional training can be automatically applied based on a risk scores.
I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.
We have had a couple of instances where we needed to contact customer support for our minecast cyber awareness training. The team were great and easy to deal with. The problem in itself was minor, and turned out to be our issues and understanding setup, however the mimecase team walked us through the issue and it was resolved exceptionally quick.
I gave implementation a rock‑solid 10 because, frankly, it was smoother than a servo sausage roll at 2 a.m. SSO clicked in on the first try, directory sync hoovered up all the user data without mangling job titles, and change comms went out on time—no “surprise training” backlash. Key insight: involve your internal comms or HR crew from day zero so the launch emails feel like a friendly nudge, not a phishing attempt. We also ran a pilot with our most cynical techs; their nit‑picks helped us tweak permissions before unleashing it on the masses. Finally, schedule the baseline phishing test after staff receive the kickoff memo—sounds obvious, but it spares you the angry “gotcha” emails and makes the resulting metrics actually meaningful.
Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios as compared to Cofense PhishMe platform.
Mimecast's content is much higher quality. KnowBe4's sales tactics are much more pushy. Customer service has been better with Mimecast in general, though Mimecast's UX/UI is a lot more confusing a less user-friendly to navigate than KnowBe4. It is difficult to group individuals together, let alone manage if the directory integration is not used.
Honestly, the pricing model is about as painless as a public‑holiday Monday—straightforward per‑user cost, no sneaky “module packs” hiding in the fine print, and the nonprofit discount went down a treat. If I had to nit‑pick for the sake of continuous improvement, I’d love two tweaks:
Seat‑band granularity. The jump between tiers can feel like falling off a cliff when you’re hovering near the threshold; a smaller step (say, every 50 users) would soften the blow on fast‑growing teams.
Mid‑term seat reductions. We negotiated a generous +10 % buffer, but if headcount ever drops, a pro‑rata credit instead of waiting for renewal would be ace.
Minor quibbles, though—the value’s still a raging 10/10.
Mimecast Awareness Training is so easy to use, a child could set it up. One of the major benefits of the platform is its ability to easily prepare a years worth of content. As new users enter the organisation, its integration with Microsoft makes it easy to onboard the user and have then catch up on training.
I’m handing professional services a loud 10 because they rocked up like a pit‑crew at Bathurst and had us race‑ready in record time. Two half‑day workshops, and suddenly we’d nailed SSO, tuned the Azure AD connector, and had a fistful of custom phishing templates dripping with Aussie‑isms (Bunnings receipts, anyone?). Their consultant even whipped up a cheeky PowerShell script to clean up dodgy display‑name attributes, saving our sys‑ops hours of beard‑scratching. On top of that, they translated our dull “Information Handling” policy into bite‑sized language for the learner splash screens—legal loved it, staff actually read it. Zero scope creep, crystal‑clear handover docs, and follow‑up calls that felt more like mentoring than billable hours. Worth every cent.
Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.
