Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.
Due to Proofpoint large experience on phishing/e-mail protection market. This analysis ran through financial decisions, but the product capabilities were a important aspect to the decision makers.
We ultimately chose Proofpoint because it was the best fit for our company with regard to our internal technology, processes, and budget. However, the other products we reviewed all had their strengths.
Verified User
Professional
Chose Proofpoint Security Awareness Training
KnowBe4 is more focused on security awareness since it is it's main source of business whereas Proofpoint security awareness is just an adjunct to the proof-point suite of products. KnowBe4 has an advantage here since their main focus is on security awareness rather than other …
I think that Proofpoint Security Awareness Training pricing is one of the main reasons that we went with them. We only have the lowest tier, and it does a pretty good job for what we pay. We are using Proofpoint for our email security solution, so we ended up saving some money …
All three products have the pros and cons. Since we use other Proofpoint products, TAP, TRAP, etc. the integration with PSAT is much better. The other products do not integrate with TRAP nearly as well as PSAT.
I have used both and can say they are comparable. KnowBe4 has all the content out there for the admin to add but Proofpoint only had a limited number of courses available per the contract. Seems like KnowBe4 has more content or allows more per bundle.
We have not used other security training. Proofpoint Security Awareness Training has been our first selection. We have been happy with the purchase! We have also created some training in-house, but we like that Proofpoint gives us the flexibility to train our staff on other …
We have selected Proofpoint Security Awareness Traning to work on the major weakness of the cybersecurity chain (human factor). We believe that working on the human factor is fundamental to achieve our goals.
We initially shopped two products: Proofpoint Security Awareness Training (at the time, it was called Wombat) and Cofense PhishMe. After some extensive internal testing in the IT department, we concluded that Proofpoint's robust reporting and pre-baked content (tests, guides, …
The "Managed Service" (a dedicated ProofPoint Account Rep c/w weekly status calls) significantly reduces the resource demand on the area within your company managing the program. The KnowBe4 Platform does all the same stuff (Training Modules, Reports, ThreatSim Tools), but you …
Proofpoint was the only company we looked at. We had heard from other companies using the product how great it was and we were excited to implement it. I don't think there is another company that is in the market place that even comes close to what they offer. We are happy …
Our team decided to go with Proofpoint prior to me being involved, so I was not involved in the assessment. However, I do believe that PhishMe was the tool that we used before. I am not sure of the exact reasons for the switch, but we are very happy with Proofpoint.
I think Wombat beats most of its competitors by default by simply being another piece of the Proofpoint security platform. Other phishing platforms do not have this additional piece, so you will end up paying for a phishing awareness software and also an email security platform …
At the time we selected Proofpoint (Wombat) they appeared to have the best solution. They have a simple to use interface and the phishing platform was quite impressive. However, over time I have found that their training catalog is not as large as it could be. KnowBe4 has …
We selected Proofpoint, because originally Wombat was a local company to us and many people in the area were using the product. It got great reviews from others technology directors in our area, which made the decisions easy to make.
We already used ProofPoint so we thought it would be a better fit. The other products may have looked better but pricing was good. Do not increase pricing.
Perfect for regular (monthly) training of staff versus a "one and done" annual assignment on Cyber Security. Allows for a greater number of topics to be covered and for creating a "culture" of security awareness among all Staff throughout the entire company. NOT a replacement for IT Security Certifications amongst your technical staff (CISSPs & GSLCs on staff are a must have). Your Proofpoint Account Rep does most of the heavy lifting, but the program still requires "care and feeding" (resources) within your organization - preparing monthly user lists for training assignments and preparing reports for leadership on participation & progress
The lack of a user rating on "cyber risk" is proving to be an immense difficulty. As we are looking at how to better hold our employees accountable as well as provide increased learning opportunities for those who need it most, it is becoming cumbersome--especially given the fact this is starting to become the standard for Security Awareness companies. The lack of this is resulting in a manual process vs being able to automate and moderate, thus taking up time and resources, which are always at a scarcity. It can also be cumbersome to look across the tools to see how a particular user is doing, vs being able to view all of their data in one space.
If you are a marketer, the editors for the Phishing Templates and Teachable Moments are quite frustrating. They feel out of date and clunky, as well as not featuring an auto-save, so you could lose the templates you are building. At this point, I have actually started to work in other email creation editors and learning HTML, to better customize and then moving all of the code into the editor. It has thus far proven to be less of a headache. I also do not believe the average user is working on branding their program, creating consistency for easy of navigation, and including additional resources in their teachable moments in the way we currently are. However, as more social science backgrounds continue to enter security awareness, I believe this will move towards the norm.
Some of the reporting numbers for Simulated Phishing could be better. For example, telling me how many people acknowledged the teachable moment out of the full email campaign is less meaningful than knowing how many people acknowledged it, from those who actually triggered/were shown the teachable moment.
We have a good relationship with our vendor/Proofpoint, which I believe is needed to be successful in Security Awareness and using tools like this
The package/service as a whole is incredibly helpful
The integrations with Proofpoint's Trap is one of the most valuable things we could do. It turns your entire email user base into members of IT security, to be on the look out to report cyber attacks, and have them pulled out of everyone's email if the email is condemed/found malicious.
Overall, PSAT is integral to what we do. PSAT is a helpful tool to help us improve our employees ability to recognize, report, and respond to phishing. It works for us to use a longterm partner, who is incredibly helpful/supportive, and also bringing Proofpoint's greater cybersecurity & attack intelligence into PSAT. Honestly, we are pretty happy and would make the choice to go with PSAT again (we evaluated the major players in the space via Gartner's Magic Quadrant). The team behind the products are excellent and the product of itself is both intuitive and expansive. This combination allows us to reach our 10k+ employees who are located in over 20 countries
Proofpoint support has always been above average. A lot of companies provide a customer service manager for your account but few have proved as connected as Proofpoint. The CSM was able to give us a good start with the product and checked in periodically. I found them always helpful with any questions and very knowledgeable about the platform.
All three products have the pros and cons. Since we use other Proofpoint products, TAP, TRAP, etc. the integration with PSAT is much better. The other products do not integrate with TRAP nearly as well as PSAT.
I don't have any tangible numbers to provide, but we definitely have an increase in the number of staff reporting suspicious emails and fewer people clicking on phishing emails.
The cost we are paying per employee (<$2 pp)is low enough that we can consider this a "benefit" we offer to our employees. The knowledge gained can also be applied to your personal life with similar threats.