Cofense PhishMe became our 'Catch of the Day'
May 01, 2020

Cofense PhishMe became our 'Catch of the Day'

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cofense PhishMe

Responsive Delivery is what sold the product for us and the reason we switched. The impact has been fantastic in that user engagement with phishing simulation emails has increased dramatically. Each scenario has experienced a dramatic drop in the "No Response" percentage that we're hoping eventually goes below 25% by the end of the year after we run the Playbook set of 15 scenarios. Having the option to deliver a phishing email to the user when they are online, interacting with email, and also have it be at the top of their inbox improves the chances of engagement.
Our company is using Cofense PhishMe across the entire organization as part of a larger security awareness program that has been designed to give end users the tools and knowledge to recognize clear and present dangers. The email inbox is one of the easiest vectors that an external actor can access as email addresses are typically published in multiple places online. Cofense PhishMe is being used to address the real world problem of users not recognizing legitimate vs. fake or malicious email.
  • PhishMe scenarios are based on real-world examples of malicious email reported through one of their other product offerings; Phishing Defense Center (PDC)
  • Scenarios have the ability to be easily customized and changed to suit the needs of your own organization to make them more relevant. This increases the chance of a click or attachment opening providing a teachable moment with more users.
  • Console is easy to navigate and use for all levels of technical ability. Not everyone on our team is technically inclined, however, the interface is easy to understand and obtain information from allowing everyone who uses it to be comfortable.
  • Reporting capabilities from completed scenarios is quite good as long as you provide the detail on users during initial import or sync.
  • There is only the ability to run one Playbook at a time. For larger enterprises that may have more than one organization they wish to target in different ways, this is a limitation that requires some clever workarounds.
  • Despite the efforts of reporting and statistics to remove false clicks and multiple clicks from the same users, there are several times we have had to analyze raw data exports in Excel to verify (and correct) our final metrics for scenarios. Not a deal-breaker, however, does require a time investment.
  • Adding/removing users to the PhishMe instance requires a ticket to be submitted to Support. There is no method in the instance for us to do this at our company.
  • After conducting just two scenarios as of the time of this review, we have already achieved a 50% increase in phishing email reports, and a 70% reduction in phishing clicks/attachment opens. We expect that trend to continue.
  • The metrics we've generated from the PhishMe solution have provided us insight into user behavior and highlighted pockets of risk in the world where additional and targeted security awareness training would be more beneficial.
  • PhishMe gave us the data to backup requests for monetary recognition awards (e.g. fastest clickers, top reporters, etc.) from executive management.
Active Threat and Secure Email Gateway Miss templates are the only templates we use in our scenario simulations because it's relevant not only to what our company is facing at the time but relevant to what our employees may be facing in their personal email inboxes. We strongly believe that having strong security awareness programs in the workplace translates to home as well. Having access to real-world examples adds a level of legitimacy that our previous solution did not provide.
Automation is the name of the game with us since we're a small team and won't be getting larger anytime in the near future. To date, we have utilized Dynamic Groups, Playbooks, Responsive Delivery, and Reporter. Although we are now migrating to Reporter for Mobile and pushing through O365, our deployment of Reporter was just as successful; we just wanted to reach everyone, not just Outlook users. The automation provided by Dynamic Groups, Playbooks, and Responsible Delivery has removed all of the administrative overhead we had from our previous solution and made Cofense PhishMe administration a one-person job every few weeks after each scenario. Playbooks let us set up the year's simulations quickly in one action. Dynamic Groups make it so we can import updates without having to reset groups used by Playbooks.
We have started to use the metrics and Board Reports now that we have a few scenarios completed. As indicated previously, one of the cons is the logging of multiple clicks by the same user that in the majority of cases is de-duped prior to being reported but some still get counted multiple times. While this may not be completely the fault of Cofense as we had some whitelisting that wasn't in place on all ingress points, I won't have confirmation until we run our next scenario. Despite this setback, the metrics we're able to obtain from the product is far superior to anything we've been able to obtain previously and has driven our security awareness program forward.
Our previously used product was SANS ACLP. This wasn't an altogether horrible product and for the time we used it the purpose for its use was served. We had multiple issues though with how this product delivered emails, captured clicks, and generated reporting once the campaigns were completed. There just wasn't enough robustness in the reporting for our needs.
In our case, the major selling point and the previous gap we had with another competing product was how phishing email was being delivered to end-users. Previous to Cofense PhishMe, when a scenario would begin, there would be thousands of emails sent in a very short period of time that would put our IT support staff into DEFCON 1 with red lights flashing and alarm bells ringing. The email chains would soon follow and the results of the campaign would be unreliable. Cofense PhishMe has a feature called "Responsive Delivery" that gives us the ability to deliver emails in a more natural way as users log in and interact with their inboxes; emails are queued until the user is active and online, then the phish is delivered. This feature allows for a more organic delivery of email to the population.

We have yet to find a scenario where Cofense PhishMe is less appropriate since we only have our previous solution to compare it to.