CyberHoot vs. KnowBe4 Security Awareness Training vs. Proofpoint Security Awareness Training

CyberHoot's free individual training is great for improving individual cybersecurity knowledge and skills. They offer a plethora of very critical solution to Businesses that include but is not limited to training, policy management, phish training/testing, Dark Web Monitoring, etc. By providing the tools for navigating cyber threats and risks companies can better protect their critical Business environment organization.

I think the most important factor is that our risk has decreased significantly among staff. Our staff is well below the industry (Education) benchmark in terms of users that are "prone to phishing". We also have multiple instances over the years where employees have stopped real efforts to access data illegally or an attempt to take funds from our institution

Incentivized

Perfect for regular (monthly) training of staff versus a "one and done" annual assignment on Cyber Security. Allows for a greater number of topics to be covered and for creating a "culture" of security awareness among all Staff throughout the entire company. NOT a replacement for IT Security Certifications amongst your technical staff (CISSPs & GSLCs on staff are a must have). Your Proofpoint Account Rep does most of the heavy lifting, but the program still requires "care and feeding" (resources) within your organization - preparing monthly user lists for training assignments and preparing reports for leadership on participation & progress

Incentivized

• Easy to understand training videos that are brief yet impactful
• easy access and flexible options for testing
• Only six test questions for mastery of content with opportunity to retake
• great graphics and audio on the videos
• relevant and effective training content
• Excellent training for busy employees

• Phish tests can be set to various difficulty levels as staff becomes more knowledgeable in catching phish emails.
• Automated phish tests and training save a lot of admin time. The product can also test for phone and USB stick practices.
• The phish alert button in Outlook, along with PhishER and PhishFlip allow easy managing and response to actual phishing emails.
• The interactive training is well designed to cover all types of phishing and safe email and phone behavior.

Incentivized

• Proofpoint has a huge library of phishing emails to choose from. They add new examples every week.
• The training modules are fun and interactive and keep the user engaged.
• The posters, and downloadable materials are amazing and really give a great visual to support your security campaigns.
• The product is easy to use, and Proofpoint Support Staff are always available to help with any issues you have.

Incentivized

• I'd like to see the feedback change a little when I get a question wrong on the test. It can be a little confusing, but certainly not a game-changer.

• Many items in the library aren't applicable to our use case, and it's sometimes difficult to filter out what I'm looking for.
• I don't love the training dashboard, but maybe that's just a "me" thing.
• Setting up groups can be tedious.

Incentivized

• The lack of a user rating on "cyber risk" is proving to be an immense difficulty. As we are looking at how to better hold our employees accountable as well as provide increased learning opportunities for those who need it most, it is becoming cumbersome--especially given the fact this is starting to become the standard for Security Awareness companies. The lack of this is resulting in a manual process vs being able to automate and moderate, thus taking up time and resources, which are always at a scarcity. It can also be cumbersome to look across the tools to see how a particular user is doing, vs being able to view all of their data in one space.
• If you are a marketer, the editors for the Phishing Templates and Teachable Moments are quite frustrating. They feel out of date and clunky, as well as not featuring an auto-save, so you could lose the templates you are building. At this point, I have actually started to work in other email creation editors and learning HTML, to better customize and then moving all of the code into the editor. It has thus far proven to be less of a headache. I also do not believe the average user is working on branding their program, creating consistency for easy of navigation, and including additional resources in their teachable moments in the way we currently are. However, as more social science backgrounds continue to enter security awareness, I believe this will move towards the norm.
• Some of the reporting numbers for Simulated Phishing could be better. For example, telling me how many people acknowledged the teachable moment out of the full email campaign is less meaningful than knowing how many people acknowledged it, from those who actually triggered/were shown the teachable moment.

Incentivized

No question, KnowBe4 Security Awareness Training is a great value to our organization. Properly training our users in the proper use of email and how to be aware of possible dangerous emails is incredibly important now. Also, training users in the best practices for phone calls, as well as internet browsing can prevent data or information from being stolen or exposed. Users have even benefited when using their personal devices as a result of the trainings they have received at work.

Incentivized

• The product is great for what we use it for
• We have a good relationship with our vendor/Proofpoint, which I believe is needed to be successful in Security Awareness and using tools like this
• The package/service as a whole is incredibly helpful
• The integrations with Proofpoint's Trap is one of the most valuable things we could do. It turns your entire email user base into members of IT security, to be on the look out to report cyber attacks, and have them pulled out of everyone's email if the email is condemed/found malicious.

Incentivized

The training videos we have access to are high quality, and provide a wide variety. The Inside Man videos has a cult following within our organization, and has driven a much greater interest in security awareness. And KB4's willingness to negotiate pricing for us as a nonprofit has been very valuable to us as well.

Incentivized

Overall, PSAT is integral to what we do. PSAT is a helpful tool to help us improve our employees ability to recognize, report, and respond to phishing. It works for us to use a longterm partner, who is incredibly helpful/supportive, and also bringing Proofpoint's greater cybersecurity & attack intelligence into PSAT. Honestly, we are pretty happy and would make the choice to go with PSAT again (we evaluated the major players in the space via Gartner's Magic Quadrant). The team behind the products are excellent and the product of itself is both intuitive and expansive. This combination allows us to reach our 10k+ employees who are located in over 20 countries

Incentivized

There have only been a handful of outages in the 2 years we have had the product. Even during those instances, parts of the system were still operational

Incentivized

Pages load quickly, filter/sort quickly, and don't slow down or freeze. Everything is smooth and very easy to use. There are a places in the UI where you can forget how to get there, but other than that everything is great. We have had no issues using any part of the website.

Incentivized

Tech prod support is great! I did have to ask for a new customer success rep, needed a more experienced person to match my 12 years of experience running Cybersec training programs. Would suggest that more matching of rep level of knowledge to client level knowledge would help.

Incentivized

Proofpoint support has always been above average. A lot of companies provide a customer service manager for your account but few have proved as connected as Proofpoint. The CSM was able to give us a good start with the product and checked in periodically. I found them always helpful with any questions and very knowledgeable about the platform.

Incentivized

Helpful and knowledgeable account managers have helped us navigate and use the system to our full potential

Incentivized

confusing question. I inherited this application so I didnt get any formal training other than the person who was leaving. The CSM provided some later on when I asked in a zoom call

The implementation went really well and KnowBe4 was there the whole time on setup to make sure things were setup correctly. The only thing we had to figure out on our own was to script users automatically being added to security groups. So that when they sync to knowBe4 from AD they are placed into the same/correct groups.

Incentivized

I enjoyed the cybersecurity training provided by CyberHoot and felt that it had a lot to offer. Cybersecurity professionals, as well as non-cyber security professionals, would both benefit from the content. I've personally utilized several different platforms for security awareness training and feel that the content, presentation, videos, and gamification help CyberHoot to edge out the competition.

KnowBe4 offered a significantly more favorable cost-benefit ratio compared to other solutions. Its seamless integration with our existing infrastructure—particularly Active Directory and email systems—was the most compatible with our operational and security requirements.

Incentivized

All three products have the pros and cons. Since we use other Proofpoint products, TAP, TRAP, etc. the integration with PSAT is much better. The other products do not integrate with TRAP nearly as well as PSAT.

Incentivized

I was not involved in the pricing, billing or contract terms.

Incentivized

The product scales greatly. As long as you upgrade the license to support the number of users you are needing, adding in those new users is easy. Also getting those users set up with trainings/campaigns is very easy as well

Incentivized

The team was great to work with and took their time to ensure that we knew what we were doing with the product and that it was set up to meet the specific needs of our organization. This wasn't just a cookie-cutter deployment, but rather they focused specifically on our needs.

Incentivized

• I signed up for the individual training and found the content, training, and testing to be highly beneficial
• As an employee of a large financial institution I can see the value in the corporate offerings they have to proactively train and empower employees with cybersecurity knowledge.

• There is really no way one can make all the needed trainings with in house resources anymore! The cost for this would be way way more than that of any platform!
• There is no way to even calculate the damage a company would suffer in case of a cybersecurity breach! So the cost for the use of the KnowBe4 Security Awareness Training platform if minimal compared to that of a possible breach!
• The cost of creating content for security awareness training is no longer realistic for a company. This is really no option, and it is in no way comparable to the cost of access to the training material available in the KnowBe4 Security Awareness Training platform. Also the training content needs to be constantly updated!

Incentivized

• I don't have any tangible numbers to provide, but we definitely have an increase in the number of staff reporting suspicious emails and fewer people clicking on phishing emails.
• The cost we are paying per employee (<$2 pp)is low enough that we can consider this a "benefit" we offer to our employees. The knowledge gained can also be applied to your personal life with similar threats.

Incentivized