Item: KnowBe4 PhishER/PhishER Plus
Rating: 10
Author: Matt Carr

Use Cases and Deployment Scope

KnowBe4 PhishER provides us with 2 major tools. It firstly allows our users to quickly and easily submit suspicious emails for review. Saving both our end users and our Helpdesk time with discussing these emails directly. Secondly, it gives us the Phish RIP technology which allows us as IT to quickly remove email threats from all of our users inboxes at once. Much quicker than the built in tools that Microsoft provides with M365

Pros and Cons

Implementation of Phish Alert Button
Streamlines the "this email looks weird" process that bogged down our Helpdesk
Let's us quickly remove emails from everyone's inboxes

Make a direct link to login, right now I have to login the console and then click on the PhishER button
After you submit a PhishRip, there is no way to review the parameters of the PhishRip in my experience. I would like to go back and look at the results in relation to the parameters that I used to create the PhishRip
The PhishML is a little lacking, at least for us. In my experience, we were getting alot of false negatives for "Clean" that we had to turn that one off completely. It does good with "Spam" or "Threat" though, which is more important

Return on Investment

Saves time for our Helpdesk workers not having to spend time on the phone reviewing a phishing email with an end user
Once we have identified a threat, the PhishRIP allows us to quickly remove that threat from everyone's inboxes. Much quicker and easier the tools that Microsoft provides in M365 natively.
Allows for one place for our security team to go and review any email submitted by users

Time Savings

I feel like I'm repeating myself, but it saves us time in the fact that end-users can simply submit an email for review and move on with their day where before it usually ended with a call to the Helpdesk. So this saves our end-users time and our Helpdesk's time

PhishER Capabilities

PhishRIP (best feature of them all by a long shot) PhishML (works for the most part, but in my experience, we have had issues with alot of false positives with the "clean" rating" PhishFlip (we've used it a couple of times, but it is not something that we utilize alot) We don't use the PhishER blocklist, we rely on our 3rd party Spam filter to do this

PhishRIP is the best and makes responding to email threats simply and easy

Alternatives Considered

Microsoft Sentinel

We were comparing the two and KnowBe4 PhishER won out on both ease of implementation and price.

Key Insights

Do you think KnowBe4 PhishER/PhishER Plus delivers good value for the price?

Yes

Are you happy with KnowBe4 PhishER/PhishER Plus's feature set?

Yes

Did KnowBe4 PhishER/PhishER Plus live up to sales and marketing promises?

Yes

Did implementation of KnowBe4 PhishER/PhishER Plus go as expected?

Yes

Would you buy KnowBe4 PhishER/PhishER Plus again?

Yes

Other Software Used

KnowBe4 Security Awareness Training

Likelihood to Recommend

The best example I can give is that it completely streamlines and automates a very common call to the Helpdesk. The one where the end user calls and says "Is this email legitimate? Should I respond?" etc. Instead of having to take 10-15 minutes on the phone back and forth with an end-user, they can simply report the email using the Phish Alert Button and move on about their day.

KnowBe4 PhishER saves not only IT's time but your end-users time too!

Overall Satisfaction with KnowBe4 PhishER