Proofpoint Customer? Then your security awareness cannot do better than PSAT.
Updated September 20, 2019
Proofpoint Customer? Then your security awareness cannot do better than PSAT.
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Proofpoint Security Awareness Training (formerly Wombat Security)
Proofpoint Security Awareness Training is helping us educate our end users on cyber safe behaviors. We have over 10,000 employees across 30+ countries. We have seen an improvement in cyber risky behavior since rolling a number of the tools, from phishing simulations, e-learnings, phish alarm (phish analyzer integrated with trap). It is just one part of our overall Cybersecurity Education & Awareness program, but an important one that allows us to reach all of our employees.
- One of the most important things it does well is providing support from day one. The team is very friendly, knowledge and quick to help where need be. One of the reason's why we choice Proofpoint over other leaders in the Gartner Magic Quadrant for Security Awareness Computer-Based Training was because of its team.
- Being a Proofpoint customer, Proofpoint Security Awareness Training's Phishi Alarm & Analyzer integration with Proofpoint tool's such as TRAP allowed us to use automation to help protect the company. The ability to turn all employees into part of the IT Security team, by reporting phish with a button in outlook and then to pull back out of all employees email if condemned, is very powerful. We are looking forward to what is to come as this relationship deepens.
- It has a comprehensive set of resources and tools to help support a Security Awareness Program. It is nice to be able to work with one company who does many things well vs multiple partners for different aspects of Security Awareness Training.
- The lack of a user rating on "cyber risk" is proving to be an immense difficulty. As we are looking at how to better hold our employees accountable as well as provide increased learning opportunities for those who need it most, it is becoming cumbersome--especially given the fact this is starting to become the standard for Security Awareness companies. The lack of this is resulting in a manual process vs being able to automate and moderate, thus taking up time and resources, which are always at a scarcity. It can also be cumbersome to look across the tools to see how a particular user is doing, vs being able to view all of their data in one space.
- If you are a marketer, the editors for the Phishing Templates and Teachable Moments are quite frustrating. They feel out of date and clunky, as well as not featuring an auto-save, so you could lose the templates you are building. At this point, I have actually started to work in other email creation editors and learning HTML, to better customize and then moving all of the code into the editor. It has thus far proven to be less of a headache. I also do not believe the average user is working on branding their program, creating consistency for easy of navigation, and including additional resources in their teachable moments in the way we currently are. However, as more social science backgrounds continue to enter security awareness, I believe this will move towards the norm.
- Some of the reporting numbers for Simulated Phishing could be better. For example, telling me how many people acknowledged the teachable moment out of the full email campaign is less meaningful than knowing how many people acknowledged it, from those who actually triggered/were shown the teachable moment.
- Helping to bring security awareness to the top of mind in employees.
- Work with a current vendor (Proofpoint) with a long-lasting/helpful relationship.
- Increase recognition & reporting habits of employees
- Connect with a global employee base
Proofpoint Security Awareness Training -- Wide offerings (training, simulated campaigns, report phish button, phish analyzer); invaluable integrations with TRAP & Phish Alarm/Analyzer; incredibly helpful and kind support, very quick to assist & knowledgeable. PSAT was and continues to be the right choice for us.
KnowBe4 -- This was our second choice; If we were not current Proofpoint customers and excited about the integrations, we would have potentially chosen KnowBe4, especially now with its user risk score, to better target high-risk employees. I hope Proofpoint brings this to their software soon, as the lack of it is resulting in several time consuming and manual processes.
PhishMe/Cofense -- Regional sales rep (and the 2 VP's they would eventually bring into the process) were quite rude; they lost initial meeting/demo notes and exhibited sexist behavior when they would not believe that a young woman in IT was the decision-maker for vendor selection. Refused to send over follow up material until they met with the 'real decision-maker'. The rude behavior & condescension was enough to make me refuse to work with them, as I would be the primary user inside the company. I hope my experience is unique and not indicative of company culture.
Optiv -- Great for training; not quite the full package we are looking for.
KnowBe4 -- This was our second choice; If we were not current Proofpoint customers and excited about the integrations, we would have potentially chosen KnowBe4, especially now with its user risk score, to better target high-risk employees. I hope Proofpoint brings this to their software soon, as the lack of it is resulting in several time consuming and manual processes.
PhishMe/Cofense -- Regional sales rep (and the 2 VP's they would eventually bring into the process) were quite rude; they lost initial meeting/demo notes and exhibited sexist behavior when they would not believe that a young woman in IT was the decision-maker for vendor selection. Refused to send over follow up material until they met with the 'real decision-maker'. The rude behavior & condescension was enough to make me refuse to work with them, as I would be the primary user inside the company. I hope my experience is unique and not indicative of company culture.
Optiv -- Great for training; not quite the full package we are looking for.
Do you think Proofpoint Security Awareness Training delivers good value for the price?
Yes
Are you happy with Proofpoint Security Awareness Training's feature set?
Yes
Did Proofpoint Security Awareness Training live up to sales and marketing promises?
Yes
Did implementation of Proofpoint Security Awareness Training go as expected?
Yes
Would you buy Proofpoint Security Awareness Training again?
Yes
Using Proofpoint Security Awareness Training (formerly Wombat Security)
5 - I am the main user (Security Awareness Program Lead). We have a few others in IT who either helped with set up or are part of Information Security, who also have access. Our CISO will occasionally jump on to pull metrics for reports he is pulling together for SMT or the Board.
I would say the average user needs to be curious.
I think to really bring PSAT to life, it is helpful to have a marketing or communications professional. Someone who knows how to create compelling content and speak to people, as an important part, if not foundation to your Security Awareness program. I actually believe more and more of these professionals will join the industry and I hope that Proofpoint and competitors keep up with/draw inspiration from good marketing tools out there (such as email creators, website designers, content makers, and how to best organize content to better customize to tailor to your/your organizations needs, engage your audience, make impactful, and metrics to go along with this.)
I think to really bring PSAT to life, it is helpful to have a marketing or communications professional. Someone who knows how to create compelling content and speak to people, as an important part, if not foundation to your Security Awareness program. I actually believe more and more of these professionals will join the industry and I hope that Proofpoint and competitors keep up with/draw inspiration from good marketing tools out there (such as email creators, website designers, content makers, and how to best organize content to better customize to tailor to your/your organizations needs, engage your audience, make impactful, and metrics to go along with this.)
- Phishing Simulations
- Report Phish in employees inboxes
- Training - both annual as well as timely, with auto-enrollment for failed simulations
- Metrics to give us insight to how we are performing as a company and our security posture
- Assist in branding efforts of our Cybersecurity Team, by allowing for customization
- Drive traffic to our portals/resources
- Help raise awareness in how to contact I&T Security
- Drive learning and engagement by breaking down the campaigns, to use as a learning tool on how to spot email cyber attacks
- Help with content for internal email campaigns
- help target more training to those who need additional opportunities to learn; it is currently difficult to gain insight into how an individual is doing across all aspects of PSAT. We are doing some manual tracking
Using Proofpoint Security Awareness Training
| Pros | Cons |
|---|---|
Like to use Relatively simple Easy to use Consistent Quick to learn Convenient Feel confident using Familiar | None |
- ThreatSim -- to get campaigns up and running was very simple
- Auto Enroll in E-learning is deadly useful, to help those who fail phishing campaigns receive additional training
- The editors for ThreatSim. Fine for basic users if you do not want to change or customize anything.
- Set Up, need IT involved as well a PSAT support. The support is immensely helpful, and I believe it is because we were also one of the first customers to put Active Directory Sync in place.
- The editors for Phishing Templates & Teachable Moments are archaic for a marketing professional.
- We are working on standardizing our teachable moments, from both a branding (to increase recognition of IT Sec and decrease some fear prompted by the teachable moments that was reported to us ), some core content (links out to connect with IT Sec), and have it be easily navigable.
- I honestly believe the CyberEd space will draw more marketing & communication professionals as it continues to grow. I know Proofpoint is always working on improving their solutions. I personally find the Phishing Email template editor & teachable moment editor to be clunky to work with—this goes for if I am putting together something more elaborate, or even simple, such as swapping out a background image, which is located in the html header, or even modifying the text on a teachable moment, and having the formatting totally change or an image disappear. There are great editors out there, that Proofpoint might take inspiration from.
- The inability to change metrics on threat sim or be able to customize a dashboard to group needed campaigns. While percentage is helpful to see what is going on across all campaigns, seeing a drastic increase in trending failure rates across campaigns is not meaningful when you have campaigns that have over 10k employees vs a campaign of 10. Yes, if 5 out of the 10 fail, that is 50%. It is also different than if over 5000 people fail a campaign.
- The inability to see how an individual user is doing/their activities across all parts of the implemented solution is proving to be hindersome. As well as the lack of how 'risky' a user is. We are manually tracking some things, to better target additional training to those who need it in the company. It would be nice if we could find a way to automate it inside of PSAT; instead, we came up with a process that went up to our SMT for approval to increase intervention & education for repeated offenders.