Skip to main content
TrustRadius
Proofpoint Security Awareness Training

Proofpoint Security Awareness Training
Formerly Wombat Security

Overview

What is Proofpoint Security Awareness Training?

Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.

Read more
Recent Reviews

TrustRadius Insights

Difficult User Management: Several users have found it challenging to add new users to the system and manually assign them to tasks and …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Proofpoint Security Awareness Training?

Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.

Entry-level set up fee?

  • Setup fee optional

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

85 people also want pricing

Alternatives Pricing

What is KnowBe4 Security Awareness Training?

KnowBe4 is a security awareness training and simulated phishing platform used by more than 65,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO…

What is Curricula?

Curricula, headquartered in Atlanta, helps organizations of all sizes to fix their cyber security awareness training programs by using storytelling. It is designed so that employees enjoy fun episodes that take them on adventures to learn how to actively defend themselves in real-world scenarios.…

Return to navigation

Product Details

What is Proofpoint Security Awareness Training?

Proofpoint Security Awareness Training (formerly Wombat Security) is designed to engage an organization's end users and arm them against real-world attacks, using personalized training based on threat intelligence.

The vendor says they have been a leader in the Gartner Magic Quadrant for Security Awareness Computer-Based Training six years in a row since its inception and are trusted by thousands of customers.

Proofpoint's portfolio of security awareness training products include:
  • Phishing and USB Simulations
  • Knowledge Assessments
  • Video, Interactive, and Game-based Training
  • Security Awareness and Program Materials
  • Email Reporting and Analysis Tools
  • Available in 40+ languages
  • CISO Dashboard and Real-time Reporting
According to the vendor, customers using their solutions have reduced successful phishing attacks and malware infections by up to 90%.

Proofpoint Security Awareness Training Features

  • Supported: Phishing Simulations
  • Supported: Knowledge Assessments
  • Supported: Video, Interactive, and Game-based Training
  • Supported: Security Awareness Materials
  • Supported: CISO Dashboard and Real-time Reporting
  • Supported: PhishAlarm® Email Reporting Button
  • Supported: PhishAlarm® Analyzer Email Analysis Tool
  • Supported: Closed-Loop Email Analysis and Response (CLEAR)
  • Supported: USB Simulations

Proofpoint Security Awareness Training Competitors

Proofpoint Security Awareness Training Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesAll
Supported LanguagesArabic, Burmese, Chinese (Simplified), Chinese (Traditional), Czech, Danish, Dutch, English (American), English (Australian), English (British), Finnish, French (Canadian), French (European), German, Hebrew, Hindi, Hungarian, Indonesian, Italian, Japanese, Khmer, Korean, Malay, Norwegian, Polish, Portuguese (Brazilian), Romanian, Russian, Spanish (European), Spanish (Latin), Swedish, Thai, Turkish, Ukranian, Vietnamese

Proofpoint Security Awareness Training Downloadables

Frequently Asked Questions

Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.

KnowBe4 Security Awareness Training, Cofense Vision, and Infosec IQ are common alternatives for Proofpoint Security Awareness Training.

Reviewers rate Usability highest, with a score of 8.6.

The most common users of Proofpoint Security Awareness Training are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(65)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

The user reviews provide several valuable recommendations for using Proofpoint or similar software for training in cybersecurity. One recommendation is to take the time to set up good, functional phishing campaigns to effectively improve security posture. Another suggestion is to thoroughly compare other platforms to find better functionality at a similar price point. Lastly, it is recommended to request a trial of the product to assess its suitability for specific requirements and explore all available options before making a purchase decision.

Attribute Ratings

Reviews

(1-25 of 46)
Companies can't remove reviews or game the system. Here's why
Rodrigo Henrique | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Reseller
PSAT (Proofpoint Security Awareness Training) has been selected over another competitors, due to its large experience on phishing/e-mail protection. We rely on PSAT to recommend to our customers as so internal use.

Most of the environments are allowed to use it, due to its easy way to run. In our experience, We didn't find any problem at any size of company so far.

  • Reliability
  • Large coverage of phishing samples
  • Reports and summaries
  • Prices are still above of the market average
PSAT is recommended in most part of the organizations. But in my point of view, the companies that already have governance processes implemented, could extract better results.

Our experience has shown that the maturity level is directly related to how users face the threats.
Score 10 out of 10
Vetted Review
Verified User
Proofpoint Security Awareness Training is used for phishing simulations and end user education across the company. It's been the most effective way for teaching our users how to spot phishing attacks AND also easily report the phishing emails for response by our security operations team.
  • Short, quick, easy training videos
  • Phish alarm reporting capabilities are excellent
  • Reporting makes it easy to report metrics on education
  • Integrating reporting from other modules would be helpful
Proofpoint acquisition of Wombat was simply brilliant foresight. The ability to combine user susceptibility, phish reporting capabilities and their targeted attack prevention module makes the overall solution very effective!
Score 10 out of 10
Vetted Review
Verified User
As part of our Cyber Security controls, we were required to do Security Awareness Training for our staff. In the first year, we did it as an in person session. However, the following year we came across the Proofpoint Solution. We now use it for Security Awareness Training for our staff across the whole organization, and also for phishing simulation exercises.
  • Awareness training for our users
  • Phishing simulation exercises
  • Easy administration
  • Adding more phishing simulation exercises
  • PhishAlarm needs improvement
  • TRAP needs to have a Cloud option, instead of on premise
Ideal for organizations who want to be to up their cybersecurity controls: user security awareness training, phishing simulations exercises, easy reporting button for users - works with Outlook web, mobile and desktop apps. Great reporting and dashboard features with executive summaries.
September 03, 2020

Would not recommend

Score 1 out of 10
Vetted Review
Verified User
Incentivized
We're using Proofpoint for security awareness training courses and phishing simulations for the whole company.
  • Offers managed service
  • Provides average click rate for some templates
  • Auto-enrollment not supported for clicks on data entry and attachment campaigns
  • Does not translate any custom templates or emails
  • Training courses are not available in all languages despite being advertised so
  • Cannot send language specific emails to users
  • Cannot assign language specific training courses to users
  • LMS cannot prevent duplicate assignment of trainings
  • Auto-enrollment functionality is very limited
  • Users need to be in separate campaigns to receive separate courses
Based on the cons I listed and my experience with other training providers, I would not recommend Proofpoint.
Score 9 out of 10
Vetted Review
Verified User
We use Proofpoint's ThreatSim phishing simulator and training modules to educate our end-users about phishing and security awareness; PhishAlarm to allow our end-users to report suspicious email, and PhishAlarm Analyzer to help us with triaging suspicious emails that are reported. These solutions are used across our entire enterprise at WestCare.
  • Variety of Phishing Simulation Templates
  • Active Directory Synchronization Options
  • Detailed Reporting Options
  • Ability to Remove False Positives from Simulation Results
  • Additional Abilities to Customize Training Modules
Proofpoint Security Awareness Training is a great solution that is competitively priced and meets the phishing and security awareness needs for organizations of varying size and industry. For users of Proofpoint's email security products, there are additional integration options. For larger organizations that do not have Active Directory or LDAP (which should be few), maintaining users within the system could become tedious.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use this platform as a part of our cyber-security awareness program in which we send simulated phishing emails to our employees to see if they click on the link or attachments. It is being utilized throughout the entire organization.
  • Provides plenty of usable phishing templates.
  • Clear reporting after a phishing campaign.
  • The admin interface is very intuitive and easy to use.
  • No improvement needed so far.
This product is well suited in situations where an organization is trying to gather metrics that show the success (or failure) of their cyber-security awareness program. It is not well suited in situations where organizations don't have a formal cyber-security department or someone in IT whose main focus isn't cyber-security.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We are utilizing the Proofpoint Security Awareness Training across all lines of business at this time. This platform allows us to educate our employees about various IT Security related threats that they are likely to encounter. We also use it for metrics as it relates to education improvement as well as compliance (for Cyber Security Insurance purposes).
  • The modules are easy to follow and relatively quick to complete.
  • The ability to integrate (read) data from our Active Directory really helps to import user lists into the program.
  • Good variety of domains to select from for URLs inside of simulated Phishing emails.
  • The lowest tier of Education modules is somewhat sparse. More modules are available if you select a higher one.
  • The initial setup can be a bit time-consuming to get the user lists to configure/imported (based on OU).
  • The initial setup can be a bit time-consuming to get the user lists to configure/imported (based on OU).
The Proofpoint Security Awareness Training is an ideal solution for companies trying to improve user education related to IT Security related topics. The modules are pretty easy to understand; even non-technical people can follow along without much difficulty. Depending on how your Active Directory environment is laid out (specifically your OU structure), it can be difficult to get only specific users imported. I think this is an ideal solution for a first-time Security Awareness training platform implementation. Once your users get educated on the initial rounds, you may want to increase the Tier level or inquire about alternatives.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use a few of their modules. i.e. PhishAlarm, ThreatSim, and CyberStrength. We use PhishAlarm to let users notify IT when they get phishing emails. These notifications get sent to all of members of a distribution list where the team will review them. We use ThreatSim to send out phishing emails to test our users on their cybersecurity education through the CyberStrength module.
  • Their CyberStrength training modules are up to date and are very relevant in today's cybersecurity world. This definitely helps us keep our users up to date with all of today's threats.
  • Their support team is great. I get a reply within an hour when I need help with something which gives me confidence in deploying training to the whole company.
  • Their phishing tests are also always up to date. This allows us to really test our users to see if they are paying attention to the training we send out.
  • Managing users is a little tricky, I hope in the next end user sync update, it automatically pulls new active users into the platform without having to run a script to start the sync process. It also needs the ability to remove users from the platform or mark the users as inactive when a user is offboarded from AD.
Proofpoint Security Awareness Training is can be used in all companies no matter the size.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use PSAT across our whole company. We use the training modules with our LMS solution and the phish campaigns. The phish campaigns have had a positive influence on our users. We have almost 50% of our users using the report phish button in Outlook.
  • The report phish Outlook add-in button has had a positive influence on our users. We have many users regularly reporting suspect phish emails.
  • The templates for the phish campaigns are very up to date, using real life recent phishing attacks. This makes our phishing campaigns much more realistic.
  • The training modules from PSAT are very effective and useful with our LMS system.
  • The Azure Active Directory syncing has shown some weaknesses during upgrades to their system, requiring PSAT product support.
  • The Report Phish add-in button does not work in Outlook on shared mailboxes and O365 group mailboxes. Our shared mailboxes rank highest on our VAP list.
  • We would like to see login integration with the rest of the Proofpoint portals.
It is well suited for test phishing campaigns. Test phishing campaigns are probably our highest usage of PSAT. Second to the campaigns are the use of the training modules and integrating them with our LMS system.
September 25, 2019

Happy with Proofpoint!

Score 9 out of 10
Vetted Review
Verified User
Incentivized
Proofpoint Security was used by our organization for about a year. It was used to deliver security training to the entire organization. It addressed the need for training in the area of cybersecurity.
  • The Administrator interface was easy to use. It's important for users to be able to create training fast, efficiently and professionally.
  • The content was timely and relevant. Our employees really enjoyed the training!
  • The reporting function was easy to use.
  • At the time that I used the system, there wasn't an easy way to create sequential learning. It appeared more complicated than I expected.
  • To add users to a campaign you had to push the due date out. If only someone could figure out how to solve this!
Proofpoint Security is well suited for companies looking to upskill their employees in the area of cybersecurity. They really do a good job to make it fun, easy and a challenge.
September 25, 2019

Proofpoint Security Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
The company needed to provide online security training as opposed to face-to-face training. Users across the whole company and its affiliates have started using the system, and the aim is to satisfy audit and compliance requirements while providing the employees with proper security awareness training and knowledge. Training is provided in a systematic manner without overloading the employees.
  • Easy to use.
  • Easy for employees to understand.
  • Provides training and phishing simulation.
  • The assessments probably need some review (some answers don't make sense).
  • Easier integration with existing systems.
In general, it is well suited for companies that require training and have to satisfy compliance requirements. The system is easy to use, and campaigns are prepared in a smooth UI. It is not easy to customize the training to suit the needs of the company especially when it comes to adding/removing material.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Currently, Proofpoint Security Awareness Training is being used company-wide with a few of the courses (phishing). With the IT staff, more of the modules are being assigned. We are also assigning the Intro to Phishing to all of our third-party distributors globally. So far, we have been getting favorable reviews from the training. I've also had a few other departments assess and give feedback on a few of the modules.
  • There is nothing new under the sun. Don't reinvent the wheel when it comes to security training. It is plug and play with Proofpoint Security Awareness Training!
  • The information in the training courses is up to date. I hope they continue to update the materials!
  • Languages. This is HUGE for us. Most of the modules are available in a wide variety of languages.
  • Updating courses (2-3 year rotation) to stay current with what is in the news and addressing those topics in security training.
  • The phishing courses are great (Phil and Phyllis) but the fish and cartoons could be changed to tell the same story in a new way. What about an immunization record?
  • More availability for customization before adding modules to our LMS. Giving us the ability to add our logo or company name would be great when choosing the SCORM file route.
Phishing is a great course for us to be able to assign to our distribution partners. We have had a few phishing breaches and we recognize how important it is to educate our distributors in the field. Since we assigned the Intro to Phishing this year through Proofpoint Security Awareness, I would like to have the flexibility to assign the same course next year for new distributors as they onboard. With existing distributors, I don't feel 100% comfortable with assigned Phil and Phyllis. The cartoon fish is a bit cheesy.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We are using Proofpoint Security Awareness Traning across the whole organization. We have a problem with email attacks and we are using videos, posters, education modules, and phishing attack simulation to improve our security culture. I am using all Proofpoint capabilities for more than 12.500 users.
  • It easy to use.
  • It has very interesting content.
  • Fantastic support.
  • Language - Not all translations are formally correct.
  • Normally new contents are available only in English. After 40 days, other languages are available.
  • In Italy, we don't have the possibility of using SMiShing simulation.
I think the most interesting scenario to use Proofpoint is correlated to email protection. In fact, you can use all capability with the scope to improve awareness on cyber risk derivating from email. You have a theoretical approach (education modules) and a practica/pragmatic approach (phishing simulation) to measure user ability.
The "in-depth" approach is present only for the email. Could be interesting use the same approach also for the other security domains.
September 20, 2019

The Proof is in the Pudding

Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Proofpoint Security Awareness Training to empower our user-base with knowledge and techniques to combat information security breaches both at work and at home. Proofpoint is used by the entire organization, with the IT department coordinating phishing simulations, testing, and more on a set schedule. Teaching our users how to properly avoid hazardous links, unsafe sites, and social engineering helps to make our environment more safe and keep our employee's data safe at work, and at home.
  • Great communication from Proofpoint support
  • Unbeatable reporting tools
  • Great pre-baked tests and training which help keep the users focused and interested
  • There are so many reports and statistics that sometimes it can be difficult to find the exact metric you're looking for
Proofpoint Security Awareness Training is well suited to any environment, but I think you will get the most value out of it in an environment where you have a medium to large sized user base and your users are not too familiar with the dangers of working online. Some content may seem old-hat to more tech-savvy. In our environment, it is the perfect solution.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
As often mentioned at Cyber Security Conferences User IT Security Awareness is a key component to your overall IT Security Program.
We’ve used a couple of different methods & companies in the past but the one we’ve found the most success with is Wombat Security Technologies (now Proofpoint).

They provide an Online Training Platform consisting of a number of IT Security Related Training Modules which we are able to distribute (or “assign”) to staff. The breadth and depth of modules goes beyond just avoiding Malware and gets into other security topics such as Data Protection and Destruction, Best Practices while Traveling, PCI-DSS and even PII/PHI & GDPR.

Rather than a single all-encompassing course, we found that small monthly modules that we dish out all year long was the most beneficial to staff to always keep “IT Security” on people’s minds (also, with this approach, as new people start with the company, they get the "security essentials" introduction but then they just fall into the monthly assignment rotation and eventually get all the modules). In addition, modules are updated as new threats emerge (like “ransomware”) so even when people get a repeat, it’s still relevant to their interests.

It was really important for modules to be short at sweet (no module takes longer than 10-15 minutes to complete) and the system will continue to remind (badger) them until they have completed the monthly assignment (note that to “complete” the course they not only have to go through the material, but they also have to achieve a “passing grade” in the interactive exercises).

The courses are “mobile responsive” and can be completed from any internet connected PC, tablet or smartphone, which allows people to do them from anywhere (this negates the complaints of that busy executive who is seldom in the office - "just do it from your phone while you are waiting in the holdroom for your next flight")

People love them and we consistently get 80%+ Participation in every monthly module among our 300 staff throughout all areas of the company (from the guys who sweep the runways to the plumbers in maintenance, to the admin staff in finance). This is because staff see the material as being not only helpful to the company, but also very relevant to protecting themselves at home.

Wombat provides you with an account rep so you can get advice on relevant topics, frequency of training, how to incent your staff, and pretty much anything cyber security related.

Our Proofpoint Package also includes access to their ThreatSIM tool so you can send out simulated phishing Emails and assess the effectiveness of your training programs (back in 2013 I did a baseline and we were 55% Susceptible to Email phishing. As of Q2 of 2019, we’re now down to 5.2% YTD, so I have tangible evidence that it’s been a huge success – besides the fact that we’ve been able to avoid widespread virus/ransomware attacks.)

  • Short Training Modules (10-15 minutes to complete)
  • Mobile Responsive (can be completed from any internet connected device)
  • Interactive (not just a video, to "complete" you need to pass the tests within the module - showing that you're paying attention and understood the material)
  • ThreatSim Testing (to validate the effectiveness of your program)
  • Reporting Tools (provide leadership & executive of performance within each department - don't underestimate the benefits of healthy competition within your organization)
  • Not ALL Modules are 100% "Mobile Responsive" yet (although they claim to be working on it)
  • Module Updates are not as frequent as hoped (although once a year seems to be about the norm)
  • The ThreatSim "Smishing" tool (simulated phishing of your users via SMS) is not available in Canada
Perfect for regular (monthly) training of staff versus a "one and done" annual assignment on Cyber Security.
Allows for a greater number of topics to be covered and for creating a "culture" of security awareness among all Staff throughout the entire company. NOT a replacement for IT Security Certifications amongst your technical staff (CISSPs & GSLCs on staff are a must have). Your Proofpoint Account Rep does most of the heavy lifting, but the program still requires "care and feeding" (resources) within your organization - preparing monthly user lists for training assignments and preparing reports for leadership on participation & progress
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use it for Security Awareness training for our employees. This is done every month. In addition, new employees are given catch up modules to complete during their first few weeks of employment. It has definitely made employees more security conscious and they now take a step back before doing what they use to do with emails in regards to clicking on links, downloading attachments, etc. We also run phishing campaigns to keep them on their toes. We have seen significant increases in each campaign as fewer and fewer users get tricked.
  • Interesting Modules
  • Ability to sync local AD to the security awareness portal
  • Phishing Campaigns
  • Customer success managers need to play a more active role in the roll out of their products. Technical support is extremely helpful but having more knowledgeable and active CSMs would help a lot, especially for smaller companies that may not have the IT staff to assign security training to
  • Scheduled reports for active training assignments used to work really well and now are not generating anything in the reports. This has been sent to support but it's been with them for quite a while now with no success in fixing the issue. Our managers look forward to these weekly reports that I now have to generate by hand and email out
  • More training modules developed per month would be greatly appreciated. There are not many left for us to train on. We could reuse some but we'd rather have up to date modules for real world threats
I think it's well suited for all office based environments, including shop floors. Active employees such as line workers, EMTs, Firemen, Police, etc. not so much as there computer face time is severely limited.
September 20, 2019

9 Months with Proofpoint

Score 10 out of 10
Vetted Review
Verified User
Incentivized
We are currently using Proofpoint across our entire organization. In the past, even with email filtering, endpoint and UTM protection, we still had a case of ransomware. Proofpoint is not the last defense for us in that chain, but the first and best.
  • The training itself. The trainings are setup to be quick yet thorough. Users can finish them quick without feeling bogged down by information and yet given strong takeaways. Other industries could learn from their format.
  • Tools. The tools to manage the accounts, email templates, schedules, etc are well thought out. My first impression was it would add a lot of work to manage the platform, I was completely wrong about that.
  • Support. Although their online management and help interfaces are generally all you need, the amount of support I have been offered has been tremendous. They are always there to help out.
  • Email templates. The email templates can be glitchy- ie not showing the correct replacement parameters or vice versa not delivering what was shown.
  • User management. The ability to review what individual groups or users have completed would be nice.
  • Recommended path/scheduling. Although materials are provided, it would be better to have the training modules already laid out by completed and/or a recommended path. As it is, reviewing what was completed already is a bit messy.
Even hardened technology professionals can make mistakes. Proofpoint is great about teaching all of us what to be aware of, but that isn't even the core of it. Bringing a level awareness that makes us all more careful is the real message. The ongoing checks and balances is now a fundamental core of our security presence.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Our company recently purchased Proofpoint Security Awareness to be used across our organization for security training. We realized that in order to keep our company safe it is important to educate our employees. We have been using the phishing campaigns, as well as the training modules.
We have been phishing different departments across the company to get an initial "click" rate. The week after the initial "phish" we then send the department through a training module. The third week they are "phished" again. This process has continued until the whole company has gone through this first phase. Going forward our plan is to add a Proofpoint Module to our New Hire orientation, and we plan to do Quarterly Campaigns across the organization on different security topics.
  • Proofpoint has a huge library of phishing emails to choose from. They add new examples every week.
  • The training modules are fun and interactive and keep the user engaged.
  • The posters, and downloadable materials are amazing and really give a great visual to support your security campaigns.
  • The product is easy to use, and Proofpoint Support Staff are always available to help with any issues you have.
  • After a training module is completed you will have people who have not done the assignment. I would like to see a way to auto enroll or add them to a new assignment, from the one the did not complete.
  • Mostly my issues are around the people who do not finish a training and how to make the process easier for the administrator since I am doing three of these a week it is hard to keep up with the people who do not finish or even start.
I think that Proofpoint is the best product on the market for Security Awareness Training. They make it easy, they have taken all the guess work out of it. You are supplied with everything you need to have a successful program and you don't have to be a "teacher" to do this. They have taken all of the guess work out of it.
September 20, 2019

Proofpoint Threatsim

Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Proofpoint to perform phishing exercises with the intention of raising awareness for that type of attack. Users who fall for the phish are shown educational messages about how they can better judge their emails and hopefully not fall for them in the future. There is also a phish alarm plugin for outlook that we are experimenting with.
  • We like the ability to bulk import our user lists
  • The preconfigured phish emails are convincing to the untrained eye
  • The educational messages that come with the tool are very useful.
  • We had some issues with getting accurate metrics, but support eventually helped us work it out.
It is an incredibly useful and intuitive tool for educating users in bulk. I love having the ability to quickly target groups based on location, department, or even past phishing assessment performance. All of the templates are easily configurable, although I rarely feel the need to. While this is the only tool of its type that I've tried, I have no reason to look anywhere else.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use Proofpoint Security Awareness Training accross the whole organization to manage our IT security awareness campaign to all users.
It permit to sensitize about risks linked to business activities : working remotely, surfing in an unsecured way, don't be careful with personal data etc. Moreover the product permit to adress the topics related to phishing attacks, through modules, training sessions and phishing campaigns
  • Turnkey solution
  • Adaptable and polyvalent content
  • User support
  • Easy handling of the platform
  • Images (for posters, wallpapers) not really catchy
  • Visuals with too many information on it (text, explanations etc.)
  • E-learnings mainly in English, and with no audio track
Proofpoint Security Awareness training is well adapted for organizations which want to make classical IT awareness campaigns, based on posters, articles, wallpapers and e-learnings.
Their database of content related to cybersecurity and content adaptability is an advantage. It allows you to have material available on many topics related to IT security.

However, the content is mainly effective for so-called "classic" campaigns and does not necessarily adapt to the scale of large groups, with specific working contexts. It does not allow the specificity of an area to be taken into account and the way the campaign is conducted to be adapted to it. For example, more interactive and entertaining content could be an advantage over traditional e-learning.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
It's helping us meet compliance requirements by providing security training to all internal users at the Company, specifically focusing on phishing threats. We provide new employee as well as ongoing security training for all employees and perform phishing exercises with Proofpoint on a regular basis in order to keep information security at the forefront of all employees minds.
  • New Employee Training
  • Ongoing Information Security Training
  • Phishing Exercises
  • User management isn't the easiest to maintain
  • Reporting is good but could be better
It's appropriate if your goal is to remind employees of the importance of information security at a high level, via module training as well as phishing exercises. The phishing exercises are great, however, the reporting on them is not reliable, as because of outlook previews an email is being marked as read even when an employee deleted it or reported it.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We currently use Wombat across the whole organization, it is deployed by my department (IT) to the rest of the company. We use Wombat to address phishing attempts via email to our end users as we continue to grow as a company. Pushing security awareness has become an important piece to ensure that our company stays successful and continues to push forward.
  • Phishing templates are very nice. I am looking forward to the new customization abilities that I saw at Protect 2019
  • Training modules are short but informative. Many end users would not be receptive of training modules if they were too lengthy or used too many technical terms for a non-IT end user
  • Account manager is very responsive to any questions or suggestions I may have.
  • Wombat could do a better job of providing a timeline of upcoming updates and features to the product, we don't seem to hear about them as much as we should I think.
  • I would like to see customization of training modules happen sooner than later.
Wombat is a must have if you already have Proofpoint in your environment. Aside from that, I would rate it as a better standalone product than it's two main competitors (KnowBe4 and Cofense).

Wombat could be less appropriate if your user base is solely an IT user base, aside from that I would think Wombat or any sort of security awareness software is a necessity in your business environment.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
We use Proofpoint across the organization as our Phishiing Simulation platform. It allows us to phish our employees safely and compare the results between campaigns to measure our progress. Users can be assigned automatic training and they provide short teachable moments as well if they click on a link or other item contained in the message.
  • Teachable moments are short training aids launched for those that click on phishes
  • Training can be automatically assigned
  • Campaigns can be cloned making it easy to launch the next one using the last round's settings
  • We have struggled to get the reporting to work as well as we would like
  • The number and type of templates available could be better
  • It would be nice if the solution was more flexible for loading and removing users
For smaller companies that are trying to build their security awareness program and provide users with a foundation of security fundamentals Proofpoint may be a good fit. Once the company has a more defined program and the number of users grows, there may be more comprehensive options available. The size of the training library may be inadequate once a good base has been built.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We specifically use Proofpoint to train staff on staying safe from social engineers who create phishing campaigns to gather information or breach our network. Being able to create our own in-house campaigns allows us to test and identify weak points in our system and then educate our staff members on way to take precautionary steps to avoid falling victim to phishing campaigns. The weakest point in our systems, to not fault of their own, are always people. We use Proofpoint to help educate our people to be proactive in keep their own and our organizations data safe.
  • Email phishing campaigns.
  • Providing quality training.
  • The customer service has been a high quality for us.
  • The template bank is overly generic and often times needs tweaking. This takes precious time I do not have.
  • I have found user management difficult at times.
  • More email phishing templates.
It is great for collecting data through email campaigns. Those are powerful tools in identifying weaknesses. However, the auto-enroll into training features is not very helpful for us as an educational institution. Our collective bargaining agreement does not allow for use to force training on staff that is self-directed in timing. However, this is something that is very specific to our setting.
September 20, 2019

Sr IT Security Analyst

Score 8 out of 10
Vetted Review
Verified User
Incentivized
This training is used across the agency. We are using it to raise IT Security awareness with employees to meet HIPAA regulatory requirements.
  • Short easy to understand modules.
  • The ability to test users on the knowledge they gained.
  • The ability to execute Phishing Campaign's to validate user awareness levels.
  • The delay between user actions (completing training) and that training being posed to the reporting modules sees to exceed 24 hours at times. This causes training reminders to go out to users who have completed the training.
  • A functional API for management would be a tool that would be a force multiplier in departments such as ours that has limited staffing.
For me, the biggest tool that is missing from this platform is a management API. I was told there is one in testing and if I wanted to take part, I could email a group which I did. I never heard a response which was very disappointing.
Return to navigation