Mimecast Awareness Training equips security teams to identify and reduce human-driven risk across their entire organization. The security awareness and human risk management solution works to continuously inspire awareness, transform behavior, and reduce the likelihood of security incidents caused by human error.
N/A
Proofpoint Security Awareness Training
Score 10.0 out of 10
N/A
Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.
We already used ProofPoint so we thought it would be a better fit. The other products may have looked better but pricing was good. Do not increase pricing.
Staff is the single most significant danger to the cyber security posture of an organization. Before implementing Mimecast Awareness Training, staff had almost no awareness or concept of IT security or the potential risks. Staff attitudes have improved dramatically since introducing Awareness Training.
Perfect for regular (monthly) training of staff versus a "one and done" annual assignment on Cyber Security. Allows for a greater number of topics to be covered and for creating a "culture" of security awareness among all Staff throughout the entire company. NOT a replacement for IT Security Certifications amongst your technical staff (CISSPs & GSLCs on staff are a must have). Your Proofpoint Account Rep does most of the heavy lifting, but the program still requires "care and feeding" (resources) within your organization - preparing monthly user lists for training assignments and preparing reports for leadership on participation & progress
The lack of a user rating on "cyber risk" is proving to be an immense difficulty. As we are looking at how to better hold our employees accountable as well as provide increased learning opportunities for those who need it most, it is becoming cumbersome--especially given the fact this is starting to become the standard for Security Awareness companies. The lack of this is resulting in a manual process vs being able to automate and moderate, thus taking up time and resources, which are always at a scarcity. It can also be cumbersome to look across the tools to see how a particular user is doing, vs being able to view all of their data in one space.
If you are a marketer, the editors for the Phishing Templates and Teachable Moments are quite frustrating. They feel out of date and clunky, as well as not featuring an auto-save, so you could lose the templates you are building. At this point, I have actually started to work in other email creation editors and learning HTML, to better customize and then moving all of the code into the editor. It has thus far proven to be less of a headache. I also do not believe the average user is working on branding their program, creating consistency for easy of navigation, and including additional resources in their teachable moments in the way we currently are. However, as more social science backgrounds continue to enter security awareness, I believe this will move towards the norm.
Some of the reporting numbers for Simulated Phishing could be better. For example, telling me how many people acknowledged the teachable moment out of the full email campaign is less meaningful than knowing how many people acknowledged it, from those who actually triggered/were shown the teachable moment.
I’ve parked the slider at a solid 10 because the platform keeps proving its worth every quarter. Staff phishing‑click rates have plunged from double digits to low single digits, our audit team finally stopped chasing overdue modules, and—bonus—engagement surveys show people actually enjoy the bite‑sized, comedic flavoured content. The built‑in reporting lets me walk straight into the boardroom with clean metrics. Minimal admin, measurable behaviour change, and zero eye‑rolls from end‑users—hard to ask for more.
We have a good relationship with our vendor/Proofpoint, which I believe is needed to be successful in Security Awareness and using tools like this
The package/service as a whole is incredibly helpful
The integrations with Proofpoint's Trap is one of the most valuable things we could do. It turns your entire email user base into members of IT security, to be on the look out to report cyber attacks, and have them pulled out of everyone's email if the email is condemed/found malicious.
I pegged usability at a full‑blown 10 because even my least tech‑savvy colleagues—think “still double‑clicks web links” level—navigate the portal without ringing the help‑desk. Single‑sign‑on drops them straight into the next module, the interface looks like Netflix for cyber nerds, and the progress bar shouts “two minutes left” instead of burying them in menus. On the admin side, I spin up campaigns in three clicks, clone content on the fly, and the drag‑and‑drop scheduling means I can rejig a whole quarter’s plan during the time it takes the kettle to boil. Zero training manuals, zero grumbles, zero excuses—just smooth sailing from login to completion.
Overall, PSAT is integral to what we do. PSAT is a helpful tool to help us improve our employees ability to recognize, report, and respond to phishing. It works for us to use a longterm partner, who is incredibly helpful/supportive, and also bringing Proofpoint's greater cybersecurity & attack intelligence into PSAT. Honestly, we are pretty happy and would make the choice to go with PSAT again (we evaluated the major players in the space via Gartner's Magic Quadrant). The team behind the products are excellent and the product of itself is both intuitive and expansive. This combination allows us to reach our 10k+ employees who are located in over 20 countries
Its the best, hands down. Great, easy to use and on point content that injects some humour into the training makes it relevent whilst staying engaging. We have seen our engagement scores almost double since using Mimecast, with completion rates across the buisness above 90% compared to previous scores on less than 50%.
The product is quick and responsive. Emails alert the staff of new training content and provides a direct link to the training video. They watch, learn and than answer a brief question to test their knowledge. This feeds into the users risk profile in which additional training can be automatically applied based on a risk scores.
We have had a couple of instances where we needed to contact customer support for our minecast cyber awareness training. The team were great and easy to deal with. The problem in itself was minor, and turned out to be our issues and understanding setup, however the mimecase team walked us through the issue and it was resolved exceptionally quick.
Proofpoint support has always been above average. A lot of companies provide a customer service manager for your account but few have proved as connected as Proofpoint. The CSM was able to give us a good start with the product and checked in periodically. I found them always helpful with any questions and very knowledgeable about the platform.
I gave implementation a rock‑solid 10 because, frankly, it was smoother than a servo sausage roll at 2 a.m. SSO clicked in on the first try, directory sync hoovered up all the user data without mangling job titles, and change comms went out on time—no “surprise training” backlash. Key insight: involve your internal comms or HR crew from day zero so the launch emails feel like a friendly nudge, not a phishing attempt. We also ran a pilot with our most cynical techs; their nit‑picks helped us tweak permissions before unleashing it on the masses. Finally, schedule the baseline phishing test after staff receive the kickoff memo—sounds obvious, but it spares you the angry “gotcha” emails and makes the resulting metrics actually meaningful.
Mimecast's content is much higher quality. KnowBe4's sales tactics are much more pushy. Customer service has been better with Mimecast in general, though Mimecast's UX/UI is a lot more confusing a less user-friendly to navigate than KnowBe4. It is difficult to group individuals together, let alone manage if the directory integration is not used.
All three products have the pros and cons. Since we use other Proofpoint products, TAP, TRAP, etc. the integration with PSAT is much better. The other products do not integrate with TRAP nearly as well as PSAT.
Honestly, the pricing model is about as painless as a public‑holiday Monday—straightforward per‑user cost, no sneaky “module packs” hiding in the fine print, and the nonprofit discount went down a treat. If I had to nit‑pick for the sake of continuous improvement, I’d love two tweaks:
Seat‑band granularity. The jump between tiers can feel like falling off a cliff when you’re hovering near the threshold; a smaller step (say, every 50 users) would soften the blow on fast‑growing teams.
Mid‑term seat reductions. We negotiated a generous +10 % buffer, but if headcount ever drops, a pro‑rata credit instead of waiting for renewal would be ace.
Minor quibbles, though—the value’s still a raging 10/10.
Mimecast Awareness Training is so easy to use, a child could set it up. One of the major benefits of the platform is its ability to easily prepare a years worth of content. As new users enter the organisation, its integration with Microsoft makes it easy to onboard the user and have then catch up on training.
I’m handing professional services a loud 10 because they rocked up like a pit‑crew at Bathurst and had us race‑ready in record time. Two half‑day workshops, and suddenly we’d nailed SSO, tuned the Azure AD connector, and had a fistful of custom phishing templates dripping with Aussie‑isms (Bunnings receipts, anyone?). Their consultant even whipped up a cheeky PowerShell script to clean up dodgy display‑name attributes, saving our sys‑ops hours of beard‑scratching. On top of that, they translated our dull “Information Handling” policy into bite‑sized language for the learner splash screens—legal loved it, staff actually read it. Zero scope creep, crystal‑clear handover docs, and follow‑up calls that felt more like mentoring than billable hours. Worth every cent.
I don't have any tangible numbers to provide, but we definitely have an increase in the number of staff reporting suspicious emails and fewer people clicking on phishing emails.
The cost we are paying per employee (<$2 pp)is low enough that we can consider this a "benefit" we offer to our employees. The knowledge gained can also be applied to your personal life with similar threats.
