PhishER, will probably save your Admin time.
December 18, 2023
PhishER, will probably save your Admin time.
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with KnowBe4 PhishER
PhishER is a KnowBe4 addon that works alongside the Phish Alert Button that KnowBe4 has. Once we hit where there were more emails being reported from users than easily able to manage, we needed this additional solution to help alert us to what was probably a Threat. This probably is helping to address our time more efficiently by pointing out the high Threats, as well as auto responding to end users on known clean emails they have reported.
- Find Threat emails
- Auto respond to clean emails the end user needs.
- Lowers the number of critical emails admins need to work with.
- Removes Threat emails directly from the end users mailbox.
- Query isn't granular enough to pull emails from mailboxes for spam that have very little information. Like no subject, no body, no attachment. It requires at least 2 items to query.
- It needs an additional Virus Total account. Knowbe4 should build that into the back end and just charge accordingly for the enterprise connection. Felt blindsided to the additional cost needed later.
- Some of the rules and actions are more complicated to setup than it should be. Which could be addressed for parts of that with a simplified interface and more intuitive for the person to setup. Someone that works with the product every day probably understands it, but as much the setup is setup and forget you need to relearn how that might work the next time you need to make changes. It could be less programmer like and more user friendly.
- Instead of needing to work through ever reported email PhishER probably sends back 2-10% depending on the day of reported emails. Much time gained back to work on other projects to not need to live in trying to clean up spam every day.
- Any Clean company emails that were reported as spam are sent back to the user with information that tells them about the email, they reported being clean based on rules we have setup.
- Quickly able to remove Threat emails automatically as long as query matches. This needs a little work, but I believe it will get better. Microsoft also has limitations that make this harder to work with, special characters don't query well for instance.
Yes, I now only need to work through what is deemed a Threat, while that doesn't keep me from monitoring other reported emails, I now only jump on the Threats and glance over the other reported. The time it has freed up I have been able to use on other projects and even more quickly be able to respond to critical threats.
PhishML and PhishER Blocklist is a newer addon feature we do not currently have. Maybe someday as the volume increases, but currently the cost addon for those services is why we don't have them. I kind of think these new services should have been just included with PhishER as a new feature enhancement that didn't have an additional cost. Tack extra on the renewal for it, not make it a different product as it doesn't feel it should be.
Outside of small tweaks if you want new features, it is an additional purchase. For such a new product included it could get more people to find where the feature might work for them if it was just included.
We use PhishRIP and it works well most of the time for removing Threats from mailboxes. There is still improvement that could be made in the query process.
While we have used PhishFlip to test it a couple times, we believe there is enough testing within the Knowbe4 platform that we don't feel the need to need to send these out often.
Outside of small tweaks if you want new features, it is an additional purchase. For such a new product included it could get more people to find where the feature might work for them if it was just included.
We use PhishRIP and it works well most of the time for removing Threats from mailboxes. There is still improvement that could be made in the query process.
While we have used PhishFlip to test it a couple times, we believe there is enough testing within the Knowbe4 platform that we don't feel the need to need to send these out often.
The biggest saving for us was on Admin time working through the reported spam emails. It is just a fraction of the time now spent with the spam emails compared to before. I would say users need to consistently start to report more than 20 emails a day for the cost of the product to start being useful.
You pretty much need the KnowBe4 Security Awareness package for PhishER to be useful. Hands down the Security Awareness package and where it has moved up with Training and testing users is fantastic. PhishER is a great additional tool for the Admin to help to manage the reported emails.
Do you think KnowBe4 PhishER/PhishER Plus delivers good value for the price?
Not sure
Are you happy with KnowBe4 PhishER/PhishER Plus's feature set?
No
Did KnowBe4 PhishER/PhishER Plus live up to sales and marketing promises?
No
Did implementation of KnowBe4 PhishER/PhishER Plus go as expected?
Yes
Would you buy KnowBe4 PhishER/PhishER Plus again?
Yes