PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly.
$0.75
per month (billed annually) per seat
Splunk SOAR
Score 8.4 out of 10
N/A
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
PhishER comes with some good features, such as PhishML, PhishRIP, PhishFlip, etc. These features help us manage phishing email reporting incidents. From reporting emails via Phish Alert Button plug-in to collecting all reported emails in one place at the PhishER dashboard. Now, the PhishML comes into play, scanning all reported emails and tagging each as clean, spam, or threat. With the help of this machine learning-based algorithm, our investigation process becomes easier. Other features, such as PhishRip, help to search and quarantine phishing emails, and PhishFlip converts a real phishing campaign to a test phishing campaign.
Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.
PhishRIP info tabs (i.e. if improperly check ripped emails are turned into tests. This has caused issues.) Info tabs or markers allow user to hover and get more information about what action a check box or slider provides.
A lack of instruction It can be difficult to contact the support staff. Limited experience from current users.
It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down.
When we first discovered that KnowBe4 released something like this, we saw a demo of it and were floored at what it could do and how it could help us from a security standpoint. Gone are the days of us in IT sending out a mass email saying please don't click on anything in the email from sender "X", and it allows us to quietly and easily ensure that people don't take any action on malicious emails.
As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.
I give it an eight for the feature set. While I only give it an eight because the complexity and interconnectedness of the tools mean that there needs to be quite a bit of RTFM to get the most out of the products.
Honestly, it's a bit of a love-hate thing. On one hand it's insanely powerful but on the other, the workflows can be a real headache. You need multiple hours to get comfortable with it.
We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.
I haven't needed to reach out to support very often, but when I have the responses have been timely and have provided the solutions I have needed. The support has been friendly and have always been able to resolve any issues that have come up.
Harmony does not provide security awareness training or simulated phishing emails like KnowB4. However, it does provide a phish alert button & workflow similar to PhishER & we may stop using PhishER because the Phish Alert reports from PhishER don't feed into Harmony to help train it from phishing emails that go through. We got Harmony after KnowB4 because we needed a tool to PREVENT phishing emails from getting to people's inboxes in the first place, which KnowB4 has very little capability for other than PhishER+ blacklists. It is a shame KnowB4 does not have the anti threat phishing prevention like Harmony considering all the email data it has & its existing AI analytic capabilities.
Splunk Phantom integrates well with Splunk ES and has many integrations. One thing that I liked about XSOAR as compared to Phantom is that it has an "app-store" where you can download not only app integrations (similar to Phantom) but Playbooks and dashboards as well.
Phish/ER & PAD: Identifying email threats more quickly allowed us to send alert to the users' community in a timely manner based on the pattern of the threat.
KnowBe4 Training Campaigns have proven to noticeably increase users' awareness.
KnowBe4 Phishing Campaigns made users realize how dangerous and deceiving hacker can be.
The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable
Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task
