Proofpoint Security Awareness Training

Proofpoint Security Awareness Training Reviews

Do you work for this company? Learn how we help vendors

Ratings and Reviews
(1-25 of 63)

Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Review Source
Proofpoint Security Awareness Training is used for phishing simulations and end user education across the company. It's been the most effective way for teaching our users how to spot phishing attacks AND also easily report the phishing emails for response by our security operations team.
  • Short, quick, easy training videos
  • Phish alarm reporting capabilities are excellent
  • Reporting makes it easy to report metrics on education
  • Integrating reporting from other modules would be helpful
Proofpoint acquisition of Wombat was simply brilliant foresight. The ability to combine user susceptibility, phish reporting capabilities and their targeted attack prevention module makes the overall solution very effective!
Very fast and responsive.
Score 10 out of 10
Vetted Review
Verified User
Review Source
As part of our Cyber Security controls, we were required to do Security Awareness Training for our staff. In the first year, we did it as an in person session. However, the following year we came across the Proofpoint Solution. We now use it for Security Awareness Training for our staff across the whole organization, and also for phishing simulation exercises.
  • Awareness training for our users
  • Phishing simulation exercises
  • Easy administration
  • Adding more phishing simulation exercises
  • PhishAlarm needs improvement
  • TRAP needs to have a Cloud option, instead of on premise
Ideal for organizations who want to be to up their cybersecurity controls: user security awareness training, phishing simulations exercises, easy reporting button for users - works with Outlook web, mobile and desktop apps. Great reporting and dashboard features with executive summaries.
Support is very responsive and provide you great detail. Our Account rep and the Systems engineer are available for any escalation and we've had a great experience so far.
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Proofpoint's ThreatSim phishing simulator and training modules to educate our end-users about phishing and security awareness; PhishAlarm to allow our end-users to report suspicious email, and PhishAlarm Analyzer to help us with triaging suspicious emails that are reported. These solutions are used across our entire enterprise at WestCare.
  • Variety of Phishing Simulation Templates
  • Active Directory Synchronization Options
  • Detailed Reporting Options
  • Ability to Remove False Positives from Simulation Results
  • Additional Abilities to Customize Training Modules
Proofpoint Security Awareness Training is a great solution that is competitively priced and meets the phishing and security awareness needs for organizations of varying size and industry. For users of Proofpoint's email security products, there are additional integration options. For larger organizations that do not have Active Directory or LDAP (which should be few), maintaining users within the system could become tedious.
Support is generally responsive and thorough. However, it would be ideal if there was closer integration with support options within the Wombat platform. Currently, all support (FAQs, KB, tickets, etc.) resides in a separate "Community" that cannot be logged into separately but can only be launched when logged into the Security Awareness Platform.
September 03, 2020

Would not recommend

Score 1 out of 10
Vetted Review
Verified User
Review Source
We're using Proofpoint for security awareness training courses and phishing simulations for the whole company.
  • Offers managed service
  • Provides average click rate for some templates
  • Auto-enrollment not supported for clicks on data entry and attachment campaigns
  • Does not translate any custom templates or emails
  • Training courses are not available in all languages despite being advertised so
  • Cannot send language specific emails to users
  • Cannot assign language specific training courses to users
  • LMS cannot prevent duplicate assignment of trainings
  • Auto-enrollment functionality is very limited
  • Users need to be in separate campaigns to receive separate courses
Based on the cons I listed and my experience with other training providers, I would not recommend Proofpoint.
Support has not been the greatest. Requests take a long time to respond to. No help is really offered.
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use PSAT across our whole company. We use the training modules with our LMS solution and the phish campaigns. The phish campaigns have had a positive influence on our users. We have almost 50% of our users using the report phish button in Outlook.
  • The report phish Outlook add-in button has had a positive influence on our users. We have many users regularly reporting suspect phish emails.
  • The templates for the phish campaigns are very up to date, using real life recent phishing attacks. This makes our phishing campaigns much more realistic.
  • The training modules from PSAT are very effective and useful with our LMS system.
  • The Azure Active Directory syncing has shown some weaknesses during upgrades to their system, requiring PSAT product support.
  • The Report Phish add-in button does not work in Outlook on shared mailboxes and O365 group mailboxes. Our shared mailboxes rank highest on our VAP list.
  • We would like to see login integration with the rest of the Proofpoint portals.
It is well suited for test phishing campaigns. Test phishing campaigns are probably our highest usage of PSAT. Second to the campaigns are the use of the training modules and integrating them with our LMS system.
PSAT's support is good, but we have had a couple issues with follow-up in the past. We believe those issues are resolved now.
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use this platform as a part of our cyber-security awareness program in which we send simulated phishing emails to our employees to see if they click on the link or attachments. It is being utilized throughout the entire organization.
  • Provides plenty of usable phishing templates.
  • Clear reporting after a phishing campaign.
  • The admin interface is very intuitive and easy to use.
  • No improvement needed so far.
This product is well suited in situations where an organization is trying to gather metrics that show the success (or failure) of their cyber-security awareness program. It is not well suited in situations where organizations don't have a formal cyber-security department or someone in IT whose main focus isn't cyber-security.
Because I believe that they are responsive and able to help with any issues that might come up. They are not afraid to get their hands dirty when it comes to creating new things within the security education dashboard and are always open to suggestions from their clients. I would recommend them for any company who is looking to measure their cyber-security awareness.
Score 7 out of 10
Vetted Review
Verified User
Review Source
We are utilizing the Proofpoint Security Awareness Training across all lines of business at this time. This platform allows us to educate our employees about various IT Security related threats that they are likely to encounter. We also use it for metrics as it relates to education improvement as well as compliance (for Cyber Security Insurance purposes).
  • The modules are easy to follow and relatively quick to complete.
  • The ability to integrate (read) data from our Active Directory really helps to import user lists into the program.
  • Good variety of domains to select from for URLs inside of simulated Phishing emails.
  • The lowest tier of Education modules is somewhat sparse. More modules are available if you select a higher one.
  • The initial setup can be a bit time-consuming to get the user lists to configure/imported (based on OU).
  • The initial setup can be a bit time-consuming to get the user lists to configure/imported (based on OU).
The Proofpoint Security Awareness Training is an ideal solution for companies trying to improve user education related to IT Security related topics. The modules are pretty easy to understand; even non-technical people can follow along without much difficulty. Depending on how your Active Directory environment is laid out (specifically your OU structure), it can be difficult to get only specific users imported. I think this is an ideal solution for a first-time Security Awareness training platform implementation. Once your users get educated on the initial rounds, you may want to increase the Tier level or inquire about alternatives.
When we have needed support, we always have been able to get the help that we needed. Sometimes it may not be as quick to resolution as we hope for, but generally, we eventually get the info/assistance we need.
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use a few of their modules. i.e. PhishAlarm, ThreatSim, and CyberStrength. We use PhishAlarm to let users notify IT when they get phishing emails. These notifications get sent to all of members of a distribution list where the team will review them. We use ThreatSim to send out phishing emails to test our users on their cybersecurity education through the CyberStrength module.
  • Their CyberStrength training modules are up to date and are very relevant in today's cybersecurity world. This definitely helps us keep our users up to date with all of today's threats.
  • Their support team is great. I get a reply within an hour when I need help with something which gives me confidence in deploying training to the whole company.
  • Their phishing tests are also always up to date. This allows us to really test our users to see if they are paying attention to the training we send out.
  • Managing users is a little tricky, I hope in the next end user sync update, it automatically pulls new active users into the platform without having to run a script to start the sync process. It also needs the ability to remove users from the platform or mark the users as inactive when a user is offboarded from AD.
Proofpoint Security Awareness Training is can be used in all companies no matter the size.
Excellent support. They really helped us implement this into our complex environment. Even after implementation, they were always available to give us support whenever we needed at a timely matter.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Our company recently purchased Proofpoint Security Awareness to be used across our organization for security training. We realized that in order to keep our company safe it is important to educate our employees. We have been using the phishing campaigns, as well as the training modules.
We have been phishing different departments across the company to get an initial "click" rate. The week after the initial "phish" we then send the department through a training module. The third week they are "phished" again. This process has continued until the whole company has gone through this first phase. Going forward our plan is to add a Proofpoint Module to our New Hire orientation, and we plan to do Quarterly Campaigns across the organization on different security topics.
  • Proofpoint has a huge library of phishing emails to choose from. They add new examples every week.
  • The training modules are fun and interactive and keep the user engaged.
  • The posters, and downloadable materials are amazing and really give a great visual to support your security campaigns.
  • The product is easy to use, and Proofpoint Support Staff are always available to help with any issues you have.
  • After a training module is completed you will have people who have not done the assignment. I would like to see a way to auto enroll or add them to a new assignment, from the one the did not complete.
  • Mostly my issues are around the people who do not finish a training and how to make the process easier for the administrator since I am doing three of these a week it is hard to keep up with the people who do not finish or even start.
I think that Proofpoint is the best product on the market for Security Awareness Training. They make it easy, they have taken all the guess work out of it. You are supplied with everything you need to have a successful program and you don't have to be a "teacher" to do this. They have taken all of the guess work out of it.
The support is exceptional, whether I have a question about the product or need help setting up a back end sync they are quick to respond and always helpful. I am very satisfied with the help that I receive and they are quick to respond if you open a ticket.
September 10, 2019

Proofpoint meets our needs

Score 9 out of 10
Vetted Review
Verified User
Review Source
We have used Proofpoint Security Awareness Training to educate our user community on the dangers that exist in the technology world. We have employed this training throughout the organization from the CEO on down. This addresses the need for caution in actioning potentially dangerous situations such as attachments and links. It has been very successful.
  • Provides engaging training assignments.
  • Answers user questions quickly and effectively.
  • Provides fresh new content on a regular basis.
  • Occasional issues in scrolling, depending on the browser.
  • A slightly wider array of training choices - many topics, but only a few choices per topic.
Proofpoint Security Awareness Training is ideally suited for educating non-technical staff. The training assignments convey the information clearly and succinctly, but all information is always very clear, easy to read and very easy to comprehend. We have found, with a very mobile workforce, that the training is very available and allows for quick, pointed info transfer.
Proofpoint has always been very responsive to any requests that we have made of them. The administrator that handles our data security and user information practice has always gotten the answers that she needed when reaching out to Proofpoint with questions. They have also always been willing to innovate new solutions when something was not already in place.
Score 7 out of 10
Vetted Review
Verified User
Review Source
Our company uses the Proofpoint platform to invite our employees to pass GDPR certification. The records are stored in our system, as well as we use the system to send the invitations/reminders.
  • Good support (from Mr. Kurt Werner)
  • Polite communication
  • Good price
  • Bulk management of users is very complicated and unclear
  • The overall systems are lacking integrated instructions
Well suited for mass-invitations (e.g. global company trainings)

Very polite, quick, honest communication, which I believe is a strong competitive advantage against others
September 25, 2019

Happy with Proofpoint!

Score 9 out of 10
Vetted Review
Verified User
Review Source
Proofpoint Security was used by our organization for about a year. It was used to deliver security training to the entire organization. It addressed the need for training in the area of cybersecurity.
  • The Administrator interface was easy to use. It's important for users to be able to create training fast, efficiently and professionally.
  • The content was timely and relevant. Our employees really enjoyed the training!
  • The reporting function was easy to use.
  • At the time that I used the system, there wasn't an easy way to create sequential learning. It appeared more complicated than I expected.
  • To add users to a campaign you had to push the due date out. If only someone could figure out how to solve this!
Proofpoint Security is well suited for companies looking to upskill their employees in the area of cybersecurity. They really do a good job to make it fun, easy and a challenge.
I always received thoughtful, helpful support from the entire team.
September 20, 2019

Sr IT Security Analyst

Score 8 out of 10
Vetted Review
Verified User
Review Source
This training is used across the agency. We are using it to raise IT Security awareness with employees to meet HIPAA regulatory requirements.
  • Short easy to understand modules.
  • The ability to test users on the knowledge they gained.
  • The ability to execute Phishing Campaign's to validate user awareness levels.
  • The delay between user actions (completing training) and that training being posed to the reporting modules sees to exceed 24 hours at times. This causes training reminders to go out to users who have completed the training.
  • A functional API for management would be a tool that would be a force multiplier in departments such as ours that has limited staffing.
For me, the biggest tool that is missing from this platform is a management API. I was told there is one in testing and if I wanted to take part, I could email a group which I did. I never heard a response which was very disappointing.
Tickets have taken longer to get resolution than expected (days and weeks at times) and the answers to our inquiries have at times been limited without a solution being offered.
Gus Ko, MBA, MCSA, MCDBA, CCA | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
It is more comprehensive than what I was expecting. The threat sims are a great at probing users awareness.
  • Threat simulation
  • Assessment exams
  • Examples
  • Ability to select any training after an assessment
  • Design an entire program including threat sim, training, and assessment
  • Notifications
Threat simulation is the most valuable part of the package. Multiple examples are given in each training module.
Quick response.
Score 10 out of 10
Vetted Review
Verified User
Review Source
As often mentioned at Cyber Security Conferences User IT Security Awareness is a key component to your overall IT Security Program.
We’ve used a couple of different methods & companies in the past but the one we’ve found the most success with is Wombat Security Technologies (now Proofpoint).

They provide an Online Training Platform consisting of a number of IT Security Related Training Modules which we are able to distribute (or “assign”) to staff. The breadth and depth of modules goes beyond just avoiding Malware and gets into other security topics such as Data Protection and Destruction, Best Practices while Traveling, PCI-DSS and even PII/PHI & GDPR.

Rather than a single all-encompassing course, we found that small monthly modules that we dish out all year long was the most beneficial to staff to always keep “IT Security” on people’s minds (also, with this approach, as new people start with the company, they get the "security essentials" introduction but then they just fall into the monthly assignment rotation and eventually get all the modules). In addition, modules are updated as new threats emerge (like “ransomware”) so even when people get a repeat, it’s still relevant to their interests.

It was really important for modules to be short at sweet (no module takes longer than 10-15 minutes to complete) and the system will continue to remind (badger) them until they have completed the monthly assignment (note that to “complete” the course they not only have to go through the material, but they also have to achieve a “passing grade” in the interactive exercises).

The courses are “mobile responsive” and can be completed from any internet connected PC, tablet or smartphone, which allows people to do them from anywhere (this negates the complaints of that busy executive who is seldom in the office - "just do it from your phone while you are waiting in the holdroom for your next flight")

People love them and we consistently get 80%+ Participation in every monthly module among our 300 staff throughout all areas of the company (from the guys who sweep the runways to the plumbers in maintenance, to the admin staff in finance). This is because staff see the material as being not only helpful to the company, but also very relevant to protecting themselves at home.

Wombat provides you with an account rep so you can get advice on relevant topics, frequency of training, how to incent your staff, and pretty much anything cyber security related.

Our Proofpoint Package also includes access to their ThreatSIM tool so you can send out simulated phishing Emails and assess the effectiveness of your training programs (back in 2013 I did a baseline and we were 55% Susceptible to Email phishing. As of Q2 of 2019, we’re now down to 5.2% YTD, so I have tangible evidence that it’s been a huge success – besides the fact that we’ve been able to avoid widespread virus/ransomware attacks.)

  • Short Training Modules (10-15 minutes to complete)
  • Mobile Responsive (can be completed from any internet connected device)
  • Interactive (not just a video, to "complete" you need to pass the tests within the module - showing that you're paying attention and understood the material)
  • ThreatSim Testing (to validate the effectiveness of your program)
  • Reporting Tools (provide leadership & executive of performance within each department - don't underestimate the benefits of healthy competition within your organization)
  • Not ALL Modules are 100% "Mobile Responsive" yet (although they claim to be working on it)
  • Module Updates are not as frequent as hoped (although once a year seems to be about the norm)
  • The ThreatSim "Smishing" tool (simulated phishing of your users via SMS) is not available in Canada
Perfect for regular (monthly) training of staff versus a "one and done" annual assignment on Cyber Security.
Allows for a greater number of topics to be covered and for creating a "culture" of security awareness among all Staff throughout the entire company. NOT a replacement for IT Security Certifications amongst your technical staff (CISSPs & GSLCs on staff are a must have). Your Proofpoint Account Rep does most of the heavy lifting, but the program still requires "care and feeding" (resources) within your organization - preparing monthly user lists for training assignments and preparing reports for leadership on participation & progress
Top notch support from our account rep (although we are in different time zones, we haven't had concerns with getting issues dealt with in a timely fashion.) Extremely responsive to all queries and has been able to accommodate quick turnarounds on deliverables when required.
My only complaint would be with the Team responsible for updating the modules and the speed (or lack thereof) of new releases/updates.
Score 6 out of 10
Vetted Review
Verified User
Review Source
We use Proofpoint across the organization as our Phishiing Simulation platform. It allows us to phish our employees safely and compare the results between campaigns to measure our progress. Users can be assigned automatic training and they provide short teachable moments as well if they click on a link or other item contained in the message.
  • Teachable moments are short training aids launched for those that click on phishes
  • Training can be automatically assigned
  • Campaigns can be cloned making it easy to launch the next one using the last round's settings
  • We have struggled to get the reporting to work as well as we would like
  • The number and type of templates available could be better
  • It would be nice if the solution was more flexible for loading and removing users
For smaller companies that are trying to build their security awareness program and provide users with a foundation of security fundamentals Proofpoint may be a good fit. Once the company has a more defined program and the number of users grows, there may be more comprehensive options available. The size of the training library may be inadequate once a good base has been built.
Proofpoint support has always been above average. A lot of companies provide a customer service manager for your account but few have proved as connected as Proofpoint. The CSM was able to give us a good start with the product and checked in periodically. I found them always helpful with any questions and very knowledgeable about the platform.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Proofpoint Security Awareness Training is helping us educate our end users on cyber safe behaviors. We have over 10,000 employees across 30+ countries. We have seen an improvement in cyber risky behavior since rolling a number of the tools, from phishing simulations, e-learnings, phish alarm (phish analyzer integrated with trap). It is just one part of our overall Cybersecurity Education & Awareness program, but an important one that allows us to reach all of our employees.
  • One of the most important things it does well is providing support from day one. The team is very friendly, knowledge and quick to help where need be. One of the reason's why we choice Proofpoint over other leaders in the Gartner Magic Quadrant for Security Awareness Computer-Based Training was because of its team.
  • Being a Proofpoint customer, Proofpoint Security Awareness Training's Phishi Alarm & Analyzer integration with Proofpoint tool's such as TRAP allowed us to use automation to help protect the company. The ability to turn all employees into part of the IT Security team, by reporting phish with a button in outlook and then to pull back out of all employees email if condemned, is very powerful. We are looking forward to what is to come as this relationship deepens.
  • It has a comprehensive set of resources and tools to help support a Security Awareness Program. It is nice to be able to work with one company who does many things well vs multiple partners for different aspects of Security Awareness Training.
  • The lack of a user rating on "cyber risk" is proving to be an immense difficulty. As we are looking at how to better hold our employees accountable as well as provide increased learning opportunities for those who need it most, it is becoming cumbersome--especially given the fact this is starting to become the standard for Security Awareness companies. The lack of this is resulting in a manual process vs being able to automate and moderate, thus taking up time and resources, which are always at a scarcity. It can also be cumbersome to look across the tools to see how a particular user is doing, vs being able to view all of their data in one space.
  • If you are a marketer, the editors for the Phishing Templates and Teachable Moments are quite frustrating. They feel out of date and clunky, as well as not featuring an auto-save, so you could lose the templates you are building. At this point, I have actually started to work in other email creation editors and learning HTML, to better customize and then moving all of the code into the editor. It has thus far proven to be less of a headache. I also do not believe the average user is working on branding their program, creating consistency for easy of navigation, and including additional resources in their teachable moments in the way we currently are. However, as more social science backgrounds continue to enter security awareness, I believe this will move towards the norm.
  • Some of the reporting numbers for Simulated Phishing could be better. For example, telling me how many people acknowledged the teachable moment out of the full email campaign is less meaningful than knowing how many people acknowledged it, from those who actually triggered/were shown the teachable moment.
Proofpoint Security Awareness Training is great for
  1. Simulated Phishing Campaigns
  2. Automated/Triggered Training when there is a failed campaign
  3. Phish Alarm & Trap Integration is crucial for your employee base helping report phish; TRAP helps to keep us all safer by pulling back reported phish from all employees inboxes.
It less suited for
  • Identifying those employees most at risk in your company; it does not pull together how an individual is doing across the different offerings
  • Getting training to your most cyber risky employees (because of the above)
  • Tracking & getting training to those employees who actually cause security incidents. While we are currently using Proofpoint Security Awareness training, it is a very manual process to assign this and follow up with employee
  • Annual Training: I am hopeful with the refresh of training content this will improve; the content previously was good for follow up training, but not a more engaging/comprehensive annual training
Our Customer Success Manager/Account Rep, as well as technical support, is incredibly knowledgeable, quick to assist, and willing to help. They are truly an amazing crew and they make a huge difference in us doing CyberEd well.

There is an odd glitch going on with the a portal with resources, that I cannot access. It is unfortunate, as content creation is time consuming and not being able to access it is an issue at the moment.
Score 9 out of 10
Vetted Review
Verified User
Review Source
We contracted with Wombat Security (now Proofpoint Security) to implement a Cybersecurity Awareness and Training program for all of our employees. Our goal is to raise awareness of cybersecurity threats and provide helpful ways for them to be able to identify threats (mostly phishing emails) and report potential issues to the help desk. Although we still have a few people who click on everything, most of our staff is at least aware of threats and will stop and question themselves before clicking a phishing email.
  • The online training modules are interactive and use real-world scenarios to show how threats can reach everyone.
  • The modules ensure understanding of concepts before you can move on.
  • The modules are varied in content, covering many aspects of Cybercrimes - from phishing and social engineering to Physical Security and PII.
  • Proofpoint also provides (as an option) videos and posters to further enhance awareness of potential threats.
  • Customer service is responsive when needed and having access to the Wombat online community platform allows ideas to be shared among users.
  • The platform provides options for many different reports (with some customization options), however, there are reports that I would want that are not available.
  • Adding new staff (we have a lot of turn-over) into an existing training plan can be cumbersome for the system administrator. Although End-User Sync can be set-up to "add" new users to the system, the new users still need to manually be added to the assignments and sent past assignments to complete. (NOTE: this was made more difficult because of our decision to implement a training plan the way we did).
  • Some of the ThreatSim campaigns (simulated phishing or malicious attachment emails) will only work if you are using their PhishAlarm plug-in (add-on button for Outlook, etc. for users to easily report suspected threats). Our users access email by iPhones, Android, iPads, PCs, and Macs. PhishAlarm cannot be used for all of these platforms.
A lot of our staff are not that tech-savvy. Proofpoint helps to raise awareness of possible cyber threats that come along with using technology these days. Companies that are high-tech probably have employees who are used to dealing with SPAM and Phishing attempts so they may not need to be trained on how to avoid these types of tricks.
Customer support is very responsive and knowledgeable. In addition, each customer is assigned a Customer Success Manager who is available to assist with any questions and to make recommendations on how to implement.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Proofpoint Security Awareness training is being used to send daily phishing exercises to staff here at our firm. This constantly helps our staff become better prepared against actual phishing emails they receive and helps keep our firm's information secure. It addresses the prevention of online security threats since it familiarizes our staff with the signs of a phishing email. It is used across our whole organization.
  • Ability to create personalized phishing emails in addition to the templates.
  • Good strong tracking abilities in order to see which users clicked and for what campaign.
  • A large variety of phishing templates and domain names to choose from, so our users never get too familiar with what might be coming!
  • The PDF/HTML attachment campaigns have limited ability to be customized. It would be more helpful if we could add phishing links inside the pdf attachments.
  • The HTML builder for the custom templates seems a bit limited.
  • Additional types of phishing emails would be a nice addition.
This software is well suited for a large employee environment since it can send random emails throughout the day to many users. It might be less appropriate for a smaller employee environment since there are a limited number of templates and domains that are available. It wouldn't be as beneficial if users became too familiar with the fake domain names.
I have never had any issues with receiving support and have always had my questions answered in a timely manner. When we do have suggestions, the support has been ready to step in and provide advice or take our suggestions seriously. But normally, there aren't any issues that come up when using this product.
Score 9 out of 10
Vetted Review
Verified User
Review Source
We have used other security awareness training over the past few years and decided to consolidate our security awareness training with our phishing simulation training into one product line. The training material is used throughout our organization and is short, simple, and interactive with the users. We have had more inquiries to the security team regarding how security can help them from the ProofPoint material.
  • Easy to navigate - Users had complaints about our previous security training as being hard to navigate.
  • Short and to the point - The training material is short and to the point. There are not 1000 words to read and then answer a lengthy quiz at the end. The material and the questions and answers are tightly integrated to keep the user engaged the whole time (5 - 10 minutes).
  • Relevancy - The material is relevant to the company and to their personal lives. For example, the training material regarding password managers spurred an interest in our employees to contact us to sign up for the corporate password manager.
  • Based on our current needs, user feedback, and using other solutions previously, we like the ProofPoint training material the best thus far. The ability to continue refreshing the content to make it fresh and changing the user interactions (to keep users on their toes) over time will be what we look for.
The training is great for a user base that needs high-quality content for their fundamental needs. This is what I would define as timeless content. For items regarding the most current incidents in the news, this is an area that we have not implemented into our awareness program at this time. There are times this is helpful to inform our user base what they should know, what they need to do (if anything), and having a consistent response.
We paid for the slight bump in fee for the technical account manager to help keep us on task and operate the phishing simulations and training. She has been wonderful to work with and I couldn't say enough good things about the team there. For the small fee, I feel like it's well worth the attention and operational cycle of making sure we utilize the product to the fullest each year.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Currently, Proofpoint Security Awareness Training is being used company-wide with a few of the courses (phishing). With the IT staff, more of the modules are being assigned. We are also assigning the Intro to Phishing to all of our third-party distributors globally. So far, we have been getting favorable reviews from the training. I've also had a few other departments assess and give feedback on a few of the modules.
  • There is nothing new under the sun. Don't reinvent the wheel when it comes to security training. It is plug and play with Proofpoint Security Awareness Training!
  • The information in the training courses is up to date. I hope they continue to update the materials!
  • Languages. This is HUGE for us. Most of the modules are available in a wide variety of languages.
  • Updating courses (2-3 year rotation) to stay current with what is in the news and addressing those topics in security training.
  • The phishing courses are great (Phil and Phyllis) but the fish and cartoons could be changed to tell the same story in a new way. What about an immunization record?
  • More availability for customization before adding modules to our LMS. Giving us the ability to add our logo or company name would be great when choosing the SCORM file route.
Phishing is a great course for us to be able to assign to our distribution partners. We have had a few phishing breaches and we recognize how important it is to educate our distributors in the field. Since we assigned the Intro to Phishing this year through Proofpoint Security Awareness, I would like to have the flexibility to assign the same course next year for new distributors as they onboard. With existing distributors, I don't feel 100% comfortable with assigned Phil and Phyllis. The cartoon fish is a bit cheesy.
The staff at Proofpoint has been very accommodating and professional. Every time I have had to reach out, they respond quickly and with an actionable response. I don't ever mind waiting for a response but I don't like waiting and not being given any information. If I have to wait for an answer, the staff has always been as transparent as possible.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We are using Proofpoint Security Awareness Traning across the whole organization. We have a problem with email attacks and we are using videos, posters, education modules, and phishing attack simulation to improve our security culture. I am using all Proofpoint capabilities for more than 12.500 users.
  • It easy to use.
  • It has very interesting content.
  • Fantastic support.
  • Language - Not all translations are formally correct.
  • Normally new contents are available only in English. After 40 days, other languages are available.
  • In Italy, we don't have the possibility of using SMiShing simulation.
I think the most interesting scenario to use Proofpoint is correlated to email protection. In fact, you can use all capability with the scope to improve awareness on cyber risk derivating from email. You have a theoretical approach (education modules) and a practica/pragmatic approach (phishing simulation) to measure user ability.
The "in-depth" approach is present only for the email. Could be interesting use the same approach also for the other security domains.
We have a dedicated support figure.
September 20, 2019

The Proof is in the Pudding

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Proofpoint Security Awareness Training to empower our user-base with knowledge and techniques to combat information security breaches both at work and at home. Proofpoint is used by the entire organization, with the IT department coordinating phishing simulations, testing, and more on a set schedule. Teaching our users how to properly avoid hazardous links, unsafe sites, and social engineering helps to make our environment more safe and keep our employee's data safe at work, and at home.
  • Great communication from Proofpoint support
  • Unbeatable reporting tools
  • Great pre-baked tests and training which help keep the users focused and interested
  • There are so many reports and statistics that sometimes it can be difficult to find the exact metric you're looking for
Proofpoint Security Awareness Training is well suited to any environment, but I think you will get the most value out of it in an environment where you have a medium to large sized user base and your users are not too familiar with the dangers of working online. Some content may seem old-hat to more tech-savvy. In our environment, it is the perfect solution.
The support team has been extremely helpful flexible in helping us design a two year execution plan, as well as providing assistance in setting up integration between our Active Directory system and the user list in Proofpoint Security Awareness Training in order to keep our user list accurate and up to date. I have nothing but good things to say about their support staff.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use it for Security Awareness training for our employees. This is done every month. In addition, new employees are given catch up modules to complete during their first few weeks of employment. It has definitely made employees more security conscious and they now take a step back before doing what they use to do with emails in regards to clicking on links, downloading attachments, etc. We also run phishing campaigns to keep them on their toes. We have seen significant increases in each campaign as fewer and fewer users get tricked.
  • Interesting Modules
  • Ability to sync local AD to the security awareness portal
  • Phishing Campaigns
  • Customer success managers need to play a more active role in the roll out of their products. Technical support is extremely helpful but having more knowledgeable and active CSMs would help a lot, especially for smaller companies that may not have the IT staff to assign security training to
  • Scheduled reports for active training assignments used to work really well and now are not generating anything in the reports. This has been sent to support but it's been with them for quite a while now with no success in fixing the issue. Our managers look forward to these weekly reports that I now have to generate by hand and email out
  • More training modules developed per month would be greatly appreciated. There are not many left for us to train on. We could reuse some but we'd rather have up to date modules for real world threats
I think it's well suited for all office based environments, including shop floors. Active employees such as line workers, EMTs, Firemen, Police, etc. not so much as there computer face time is severely limited.
As noted before we were left to contacting support, watching videos, or reading documentation to get the product up and running. A more active CSM would of been of great help. Someone who could actively walk us through and help get things set up.
September 20, 2019

9 Months with Proofpoint

Score 10 out of 10
Vetted Review
Verified User
Review Source
We are currently using Proofpoint across our entire organization. In the past, even with email filtering, endpoint and UTM protection, we still had a case of ransomware. Proofpoint is not the last defense for us in that chain, but the first and best.
  • The training itself. The trainings are setup to be quick yet thorough. Users can finish them quick without feeling bogged down by information and yet given strong takeaways. Other industries could learn from their format.
  • Tools. The tools to manage the accounts, email templates, schedules, etc are well thought out. My first impression was it would add a lot of work to manage the platform, I was completely wrong about that.
  • Support. Although their online management and help interfaces are generally all you need, the amount of support I have been offered has been tremendous. They are always there to help out.
  • Email templates. The email templates can be glitchy- ie not showing the correct replacement parameters or vice versa not delivering what was shown.
  • User management. The ability to review what individual groups or users have completed would be nice.
  • Recommended path/scheduling. Although materials are provided, it would be better to have the training modules already laid out by completed and/or a recommended path. As it is, reviewing what was completed already is a bit messy.
Even hardened technology professionals can make mistakes. Proofpoint is great about teaching all of us what to be aware of, but that isn't even the core of it. Bringing a level awareness that makes us all more careful is the real message. The ongoing checks and balances is now a fundamental core of our security presence.
It's an amazing platform. Outside of a few glitches when working in the web platform (which are to be expected), it's nothing but great.

Proofpoint Security Awareness Training Scorecard Summary

What is Proofpoint Security Awareness Training?

Proofpoint Security Awareness Training (formerly Wombat Security) is designed to engage an organization's end users and arm them against real-world attacks, using personalized training based on threat intelligence.

The vendor says they have been a leader in the Gartner Magic Quadrant for Security Awareness Computer-Based Training six years in a row since its inception and are trusted by thousands of customers.

Proofpoint's portfolio of security awareness training products include:
  • Phishing and USB Simulations
  • Knowledge Assessments
  • Video, Interactive, and Game-based Training
  • Security Awareness and Program Materials
  • Email Reporting and Analysis Tools
  • Available in 40+ languages
  • CISO Dashboard and Real-time Reporting
According to the vendor, customers using their solutions have reduced successful phishing attacks and malware infections by up to 90%.

Proofpoint Security Awareness Training Features

  • Supported: Phishing Simulations
  • Supported: Knowledge Assessments
  • Supported: Video, Interactive, and Game-based Training
  • Supported: Security Awareness Materials
  • Supported: CISO Dashboard and Real-time Reporting
  • Supported: PhishAlarm® Email Reporting Button
  • Supported: PhishAlarm® Analyzer Email Analysis Tool
  • Supported: Closed-Loop Email Analysis and Response (CLEAR)
  • Supported: USB Simulations

Proofpoint Security Awareness Training Downloadables

Proofpoint Security Awareness Training Competitors

Proofpoint Security Awareness Training Pricing

Proofpoint Security Awareness Training Technical Details

Deployment TypesSaaS
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesAll
Supported LanguagesArabic, Burmese, Chinese (Simplified), Chinese (Traditional), Czech, Danish, Dutch, English (American), English (Australian), English (British), Finnish, French (Canadian), French (European), German, Hebrew, Hindi, Hungarian, Indonesian, Italian, Japanese, Khmer, Korean, Malay, Norwegian, Polish, Portuguese (Brazilian), Romanian, Russian, Spanish (European), Spanish (Latin), Swedish, Thai, Turkish, Ukranian, Vietnamese

Frequently Asked Questions

What is Proofpoint Security Awareness Training?

Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.

What is Proofpoint Security Awareness Training's best feature?

Reviewers rate Usability highest, with a score of 8.6.

Who uses Proofpoint Security Awareness Training?

The most common users of Proofpoint Security Awareness Training are from Enterprises and the Financial Services industry.