Proofpoint Security Awareness Training

Formerly Wombat Security

Short, quick, easy training videos

Phish alarm reporting capabilities are excellent

Reporting makes it easy to report metrics on education

Integrating reporting from other modules would be helpful

The modules are easy to follow and relatively quick to complete.

The ability to integrate (read) data from our Active Directory really helps to import user lists into the program.

Good variety of domains to select from for URLs inside of simulated Phishing emails.

The lowest tier of Education modules is somewhat sparse. More modules are available if you select a higher one.

The initial setup can be a bit time-consuming to get the user lists to configure/imported (based on OU).

The initial setup can be a bit time-consuming to get the user lists to configure/imported (based on OU).

The training itself. The trainings are setup to be quick yet thorough. Users can finish them quick without feeling bogged down by information and yet given strong takeaways. Other industries could learn from their format.

Tools. The tools to manage the accounts, email templates, schedules, etc are well thought out. My first impression was it would add a lot of work to manage the platform, I was completely wrong about that.

Support. Although their online management and help interfaces are generally all you need, the amount of support I have been offered has been tremendous. They are always there to help out.

Email templates. The email templates can be glitchy- ie not showing the correct replacement parameters or vice versa not delivering what was shown.

User management. The ability to review what individual groups or users have completed would be nice.

Recommended path/scheduling. Although materials are provided, it would be better to have the training modules already laid out by completed and/or a recommended path. As it is, reviewing what was completed already is a bit messy.

Proofpoint has a huge library of phishing emails to choose from. They add new examples every week.

The training modules are fun and interactive and keep the user engaged.

The posters, and downloadable materials are amazing and really give a great visual to support your security campaigns.

The product is easy to use, and Proofpoint Support Staff are always available to help with any issues you have.

After a training module is completed you will have people who have not done the assignment. I would like to see a way to auto enroll or add them to a new assignment, from the one the did not complete.

Mostly my issues are around the people who do not finish a training and how to make the process easier for the administrator since I am doing three of these a week it is hard to keep up with the people who do not finish or even start.

One of the most important things it does well is providing support from day one. The team is very friendly, knowledge and quick to help where need be. One of the reason's why we choice Proofpoint over other leaders in the Gartner Magic Quadrant for Security Awareness Computer-Based Training was because of its team.

Being a Proofpoint customer, Proofpoint Security Awareness Training's Phishi Alarm & Analyzer integration with Proofpoint tool's such as TRAP allowed us to use automation to help protect the company. The ability to turn all employees into part of the IT Security team, by reporting phish with a button in outlook and then to pull back out of all employees email if condemned, is very powerful. We are looking forward to what is to come as this relationship deepens.

It has a comprehensive set of resources and tools to help support a Security Awareness Program. It is nice to be able to work with one company who does many things well vs multiple partners for different aspects of Security Awareness Training.

The lack of a user rating on "cyber risk" is proving to be an immense difficulty. As we are looking at how to better hold our employees accountable as well as provide increased learning opportunities for those who need it most, it is becoming cumbersome--especially given the fact this is starting to become the standard for Security Awareness companies. The lack of this is resulting in a manual process vs being able to automate and moderate, thus taking up time and resources, which are always at a scarcity. It can also be cumbersome to look across the tools to see how a particular user is doing, vs being able to view all of their data in one space.

If you are a marketer, the editors for the Phishing Templates and Teachable Moments are quite frustrating. They feel out of date and clunky, as well as not featuring an auto-save, so you could lose the templates you are building. At this point, I have actually started to work in other email creation editors and learning HTML, to better customize and then moving all of the code into the editor. It has thus far proven to be less of a headache. I also do not believe the average user is working on branding their program, creating consistency for easy of navigation, and including additional resources in their teachable moments in the way we currently are. However, as more social science backgrounds continue to enter security awareness, I believe this will move towards the norm.

Some of the reporting numbers for Simulated Phishing could be better. For example, telling me how many people acknowledged the teachable moment out of the full email campaign is less meaningful than knowing how many people acknowledged it, from those who actually triggered/were shown the teachable moment.

Brings a high level of awareness to our people who are the last line of defense.

Training materials/videos are good and do not take a lot of time.

Easy to use and setup.

Some reporting in Exchange 2013 and older do not always report users actions.

Adding user groups take a bit of time.

Proofpoint makes access to training simple. Each user receives an email at the start of the training campaign that contains a unique link to their assigned training. Users do not have to have a password to access the training.

Proofpoint's training modules are unique and designed to involve the user without allowing them to ignore the training. They do this by not using audio or videos, keeping the topic and text simple, styling graphics to aid in displaying timely information, and require some but not excessive interaction.

The ThreatSim phishing platform is excellent. They have a lot of templates to use but also allow customization.

Though the training is well designed, I have found some of my users are able to click inattentively through the training. The quizzes in some senses are too easy. Some of the questions they answer are too obvious even if you didn't pay attention to the training.

Scheduling training in advanced could be easier. Their platform does not have any "overview" of all scheduled training, a feature that would greatly aid my scheduling efforts. You have to click over to ThreatSim to see your phishing campaigns. You have to click into the Training section to see your schedule training. Having a simple feature that would show everything scheduled in a list or calendar view, where you could view a week, month, quarter or year of schedule activities would make scheduling a lot easier for me.

The platform is expensive. We only have 10 users and are paying $2500. It is my understanding this is their minimum and we could have a couple of hundred users. Small businesses need training too.