Cofense PhishMe vs. Symantec Advanced Threat Protection

Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.

Incentivized

It is valuable software for when it comes to a large or medium organization, since it helps to protect the endpoints, but as the number of servers increases its value increases. However, it is important to keep in mind that when it comes to low end devices, its protection can affect their performance. This is because it is not a software with a very light agent.

Incentivized

• It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
• The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
• For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
• The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.

Incentivized

• The incident management piece is the heart and soul of the product. A single area where all data in relation to network and email protection is available.
• Works well in conjunction with the standard Symantec Endpoint product.
• URL Protection is advanced and very helpful
• Technical support is great and definitely the best I have ever seen for a "anti-virus" type product.

Incentivized

• Completely switching to the new UI - Most is redesigned, but some old elements remain
• Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
• Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves

Incentivized

• I don't like that I have to maintain the client and keep it up to date. Updating the client is not a very easy process.
• Deploying the client could be easier. They have a deployment tool, but it doesn't really get to all PCs, which means I still have to manually deploy it.
• Because the product has so much customization, it can also be very difficult to set up and understand.

Incentivized

Symantec Advanced Threat Protection has done a sufficient job at identifying true positives. However, the UI could be improved and the amount of false positives is a little too frequent for my liking

Incentivized

Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.

Incentivized

There is a small learning curve, but compared to other AV products it is fairly simple and easy to catch onto

Incentivized

I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.

Incentivized

Support responds fast for higher priority issues, they have always been good at solving the problems we encounter.

Incentivized

It's a must, even if you are never going to use the tool. Cofense aims to provide phishing training first and tool second.

Incentivized

There are some hiccups, but there are meant to be, when you implement something in a large scale enterprise.

Incentivized

No, besides to review documentation prior to beginning. That is what helped lead to a smooth implementation

Incentivized

Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios as compared to Cofense PhishMe platform.

Incentivized

Frankly, the other products were too expensive to make the change from Symantec so we continued with the tried and true protection. We don't have the funding to move to a more expensive product and the manpower that it would take to implement a new solution.

Incentivized

• Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
• With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
• 1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.

Incentivized

• Some digital assets were lost due to failures to detect various threats.
• We had to use other products in combination in order to trust that all threats were actually detected, taking extra time. We couldn't use just SATP.
• Ability to quickly manage/deploy via AD made maintenance of the application itself quick and easy.

Incentivized