Hoxhunt, headquartered in Helsinki, empowers employees to shield their organisations with adaptive learning flows that transform how employees react and respond to the growing amount of phishing emails.
N/A
KnowBe4 PhishER/PhishER Plus
Score 8.8 out of 10
N/A
PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly.
$0.75
per month (billed annually) per seat
Pricing
Hoxhunt
KnowBe4 PhishER/PhishER Plus
Editions & Modules
No answers on this topic
3001-5000 Monthly Pricing Per Seat
$0.75
per month (billed annually) per seat
2001-3000 Monthly Pricing Per Seat
$0.85
per month (billed annually) per seat
1001-2000 Monthly Pricing Per Seat
$1.00
per month (billed annually) per seat
501-1000 Monthly Pricing Per Seat
$1.15
per month (billed annually) per seat
101-500 Monthly Pricing Per Seat
$1.50
per month (billed annually) per seat
Offerings
Pricing Offerings
Hoxhunt
KnowBe4 PhishER/PhishER Plus
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
Optional
No setup fee
Additional Details
—
PhishER is a monthly per seat price, billed annually.
If emails are used for confidential communication, Hoxhunt is a HUGE benefit. I have caught myself feeling lax over emailing and clicking links. Hoxhunt makes you really evaluate safety and legitimacy of the emails that are received. We even have laughs about it at staff meetings where staff admit to getting "hoxhunted" and clicking a fake link.
It is great for giving employees an easy to use tool to report phishing emails & is a good assistant to the IT Security Team reviewing those reports to make a determination & respond accordingly. there are some good automation capabilities like automatically detection spoofs of executives or automatically labelling clean emails & sending notification to reporter.
Training Packages - They cover a wide range of topics that spam emails, social media and physical security such as USB sticks
Achievements as incentives - The gaming style of collecting achievements and stars for reporting emails or completing training incentivizes people to engage in a consistent and enthusiastic way.
Training Emails - They are able to replicate phishing emails in a realistic way, so it isn't easy to spot straight away meaning we now look at every email with a critical eye which makes us safer.
KnowBe4 Reporting needs improvement by adding more flexibility.
Customizing Reports is a very cumbersome process.
Browsing my Library under "Modstore", I should be able to see if an item was used or not, how many times, or filter by "Usage".
Phishing Templates: create or modify Template - need the ability to embed an image (either by copy and paste or by selecting one from local computer. Currently, the only way is to use a URL that pints to an image.
Landing page of the Modstore: please add ability to change the results in "Detailed List" in addition to the "Tiles".
Phish/ER: Add the ability to Block an email or a URL with "Never Expires" option. Currently, the maximum is "60 Days". As a result, I have to go to the "Tenant Allow/Block List" on Microsoft 365 and add entries manually. That defeats the feature in Phish/ER to block from its "Console".
Phish/ER: There are some well known URLs and Domains to be safe. For example, https://aka.ms/LearnAboutSenderIdentification. Such URL should not be listed under "Domains & URLs" when viewing "Message Details". At least, do not allow admins to "Block" it by greying out the option to block. If, by mistake, someone blocked that URL, all messages company-wide will get blocked. That happened with me and everyone struggled to find out why emails are being blocked, including "KnowBe4 Support". It took a while until we were able to find out what was happening.
Phish/ER Reports are extremely limited. A lot needs to be done to offer more visibility.
Phish/ER Rules: It is time to introduce a Point & Click alternative to Yara.
Modstore: Introduce more Training modules that does not include drama or acting, just strictly instructional training. My users' community, especially execs, ask for those that are not drama or cartoonish.
Modstore: Although that might be outside the scope of Cybersecurity, it would be beneficial to have some training modules that teaches users about "Computer Basics". A considerable number of users do not have the basic knowledge of how a computer works, what are the different types of files, how files et stored, what is an Operating System. It is true that we, as admins, make sure they know before getting them on a corporate system. But the fact is that doe not happen in reality. You get a new user and asked to onboard him / her in a few hours. I would consider that type of training to ba an integral part of Cybersecurity awareness.
When we first discovered that KnowBe4 released something like this, we saw a demo of it and were floored at what it could do and how it could help us from a security standpoint. Gone are the days of us in IT sending out a mass email saying please don't click on anything in the email from sender "X", and it allows us to quietly and easily ensure that people don't take any action on malicious emails.
it is very easy to use. it is clear and provides information as to why the type of email is one to look out for. It automatically takes you to the required information when you have spotted that it is a Hoxhunt email.
For the average system admin the UI and functionality is very intuitive and requires very little explanation. When an explanation is needed, it is answered in the documentation. Occasionally there are issues with the report button showing in Microsoft Outlook but is usually resolved with an update to Outlook and restarting Outlook.
Symantec was something I used in my previous company, it had some issues once in a while where I had to re-generate the code for my new ID. I know its for over all protection, but if I didn't have my phone that day, I'd be unable to log in. Hoxhunt helps that way as there is a SSO authentication and needs the fingerprint, I guess it works different for different companies based on their regulations and privacy protection. Haven't really used any other tool like this
Arctic Wolf also offers a similar product to PhishER using their Phish Tell engine. However, it was severely lacking in terms of workflow automation. Switching to Arctic Wolf's email reporting and response product would have increased the number of manual hours spent on email security and ensuring that end users were informed of whether the email they reported was malicious or clean.
The KnowBe4 PhishER was purchased by us to provide an easy tool that will help the end-users to report suspicious emails and also help us to analyze all the reported emails in one place and this tool fits our requirements.
The price of KnowBe4 PhishER is not too expensive, with the features it provides and the capabilities this tool has, it is a reasonable price and you will get a discount and extra months as well if you are looking for a long-term contract.
In terms of technical aspects, it detects the pattern, URL and malicious files in the email perfectly.
