Mimecast Awareness Training equips security teams to identify and reduce human-driven risk across their entire organization. The security awareness and human risk management solution works to continuously inspire awareness, transform behavior, and reduce the likelihood of security incidents caused by human error.
N/A
Proofpoint Security Awareness Training
Score 10.0 out of 10
N/A
Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.
For regular user level training this is very effective, but for more "high roller" type users this can be a bit of a generic approach that doesn't go down as well or is engaging.
I think that Proofpoint is the best product on the market for Security Awareness Training. They make it easy, they have taken all the guess work out of it. You are supplied with everything you need to have a successful program and you don't have to be a "teacher" to do this. They have taken all of the guess work out of it.
The report phish Outlook add-in button has had a positive influence on our users. We have many users regularly reporting suspect phish emails.
The templates for the phish campaigns are very up to date, using real life recent phishing attacks. This makes our phishing campaigns much more realistic.
The training modules from PSAT are very effective and useful with our LMS system.
The platform provides options for many different reports (with some customization options), however, there are reports that I would want that are not available.
Adding new staff (we have a lot of turn-over) into an existing training plan can be cumbersome for the system administrator. Although End-User Sync can be set-up to "add" new users to the system, the new users still need to manually be added to the assignments and sent past assignments to complete. (NOTE: this was made more difficult because of our decision to implement a training plan the way we did).
Some of the ThreatSim campaigns (simulated phishing or malicious attachment emails) will only work if you are using their PhishAlarm plug-in (add-on button for Outlook, etc. for users to easily report suspected threats). Our users access email by iPhones, Android, iPads, PCs, and Macs. PhishAlarm cannot be used for all of these platforms.
I’ve parked the slider at a solid 10 because the platform keeps proving its worth every quarter. Staff phishing‑click rates have plunged from double digits to low single digits, our audit team finally stopped chasing overdue modules, and—bonus—engagement surveys show people actually enjoy the bite‑sized, comedic flavoured content. The built‑in reporting lets me walk straight into the boardroom with clean metrics. Minimal admin, measurable behaviour change, and zero eye‑rolls from end‑users—hard to ask for more.
We have a good relationship with our vendor/Proofpoint, which I believe is needed to be successful in Security Awareness and using tools like this
The package/service as a whole is incredibly helpful
The integrations with Proofpoint's Trap is one of the most valuable things we could do. It turns your entire email user base into members of IT security, to be on the look out to report cyber attacks, and have them pulled out of everyone's email if the email is condemed/found malicious.
I pegged usability at a full‑blown 10 because even my least tech‑savvy colleagues—think “still double‑clicks web links” level—navigate the portal without ringing the help‑desk. Single‑sign‑on drops them straight into the next module, the interface looks like Netflix for cyber nerds, and the progress bar shouts “two minutes left” instead of burying them in menus. On the admin side, I spin up campaigns in three clicks, clone content on the fly, and the drag‑and‑drop scheduling means I can rejig a whole quarter’s plan during the time it takes the kettle to boil. Zero training manuals, zero grumbles, zero excuses—just smooth sailing from login to completion.
Overall, PSAT is integral to what we do. PSAT is a helpful tool to help us improve our employees ability to recognize, report, and respond to phishing. It works for us to use a longterm partner, who is incredibly helpful/supportive, and also bringing Proofpoint's greater cybersecurity & attack intelligence into PSAT. Honestly, we are pretty happy and would make the choice to go with PSAT again (we evaluated the major players in the space via Gartner's Magic Quadrant). The team behind the products are excellent and the product of itself is both intuitive and expansive. This combination allows us to reach our 10k+ employees who are located in over 20 countries
Its the best, hands down. Great, easy to use and on point content that injects some humour into the training makes it relevent whilst staying engaging. We have seen our engagement scores almost double since using Mimecast, with completion rates across the buisness above 90% compared to previous scores on less than 50%.
The product is quick and responsive. Emails alert the staff of new training content and provides a direct link to the training video. They watch, learn and than answer a brief question to test their knowledge. This feeds into the users risk profile in which additional training can be automatically applied based on a risk scores.
We have had a couple of instances where we needed to contact customer support for our minecast cyber awareness training. The team were great and easy to deal with. The problem in itself was minor, and turned out to be our issues and understanding setup, however the mimecase team walked us through the issue and it was resolved exceptionally quick.
I have never had any issues with receiving support and have always had my questions answered in a timely manner. When we do have suggestions, the support has been ready to step in and provide advice or take our suggestions seriously. But normally, there aren't any issues that come up when using this product.
I gave implementation a rock‑solid 10 because, frankly, it was smoother than a servo sausage roll at 2 a.m. SSO clicked in on the first try, directory sync hoovered up all the user data without mangling job titles, and change comms went out on time—no “surprise training” backlash. Key insight: involve your internal comms or HR crew from day zero so the launch emails feel like a friendly nudge, not a phishing attempt. We also ran a pilot with our most cynical techs; their nit‑picks helped us tweak permissions before unleashing it on the masses. Finally, schedule the baseline phishing test after staff receive the kickoff memo—sounds obvious, but it spares you the angry “gotcha” emails and makes the resulting metrics actually meaningful.
We selected Mimecast Awareness Training mainly for the humorous awareness training videos. The non-humorous videos on other platforms got much fewer views and penetration with our staff.
The "Managed Service" (a dedicated ProofPoint Account Rep c/w weekly status calls) significantly reduces the resource demand on the area within your company managing the program. The KnowBe4 Platform does all the same stuff (Training Modules, Reports, ThreatSim Tools), but you (or your staff) need to do considerably more work to manage the Overall Program. The uplift in cost for this service is minimal.
Mimecast Awareness Training is so easy to use, a child could set it up. One of the major benefits of the platform is its ability to easily prepare a years worth of content. As new users enter the organisation, its integration with Microsoft makes it easy to onboard the user and have then catch up on training.
I don't think there are hard and fast numbers when it comes to Security Awareness ROI, as it would be next to impossible to come up with any defined metrics.
Phishing campaigns vary in their effectiveness, what I've found is that there is always something that will trigger your employees to click. Finding what that is for your company can help you train everyone to see the red flags.