Expert Insights Score: 4/5
What We Like:
- The platform is easy to navigate in terms of creating simulations and assigning training. It also integrates seamlessly with the Proofpoint Essentials secure email gateway for simplified user management and billing.
What To Be Aware Of:
- The platform doesn’t offer a “report phishing” button for users to report simulations. It also focuses solely on email phishing.
Section One: What Are Proofpoint’s Key Features?
Proofpoint offers content- and simulation-based training to help users identify and correctly respond to email phishing attempts. From the dashboard, admins can create phishing simulations using Proofpoint’s expansive template library, or set up their own campaigns from scratch. On completion of campaigns, admins can access reports into campaign results.
Proofpoint offers a wide range of training content in a variety of mediums and covering a range of different topics, including compliance. Training materials can be assigned automatically if a user clicks on a link in a simulation, or on demand.
The platform offers native Active Directory sync, making it easier for admins to manage users across their email security and training products—particularly if using the Proofpoint Essentials SEG.
How Effective Is Proofpoint?
Proofpoint’s simulation templates are based on real phishing attacks detected by their global threat engine, training users to identify the most current threats. If a user clicks on a simulation link, Proofpoint delivers just-in-time learning, displaying a video explaining how the user should have responded and why. These videos are customizable; admins can choose which video should be shown, which language it should be delivered in, and whether users should also be offered textual guidance.
Admins can also manually assign training to users that fail simulations. Proofpoint’s content library includes videos, images and articles, and materials are available in 35 languages, making them highly accessible independent of preferred learning style or language. Videos are between 10-20 minutes long—more difficult for users to consume than the 2–3-minute micro-learning videos that are becoming increasingly popular across the industry.
How Easy Is Proofpoint To Manage?
Proofpoint offers Azure Active Directory sync, making it easy to set up and integrate users, and ensuring that users are onboarded automatically. To ensure simulations aren’t blocked by Microsoft Defender for Office 365, admins must add IP addresses and sending domains to an allow list.
Once deployed, Proofpoint’s simple interface is easy to navigate. Admins can create simulated phishing campaigns from a broad range of off-the-shelf templates, or create custom, targeted campaigns by uploading the content of genuine emails they’ve received. Proofpoint then rewrites any links in the email to turn it into a phishing campaign. Proofpoint doesn’t offer automated campaigns. While the interface makes it easy to create simulations and assign training, it lacks sophistication when it comes to reporting; some manual work is required to be able to easily interpret the data—particularly when working with large volumes of reports.
Who Is Proofpoint Best Suited For?
We recommend Proofpoint Security Awareness Training to SMBs—particularly those already using the Proofpoint Essentials SEG—looking for easy-to-manage phishing simulations with diverse, out-of-the-box training content. It’s broad content library and lack of “report phishing” button make it best suited to businesses prioritizing training over simulation reporting.
In addition, the platform offers little automation; campaigns must be set up manually, and generating reports requires some manual work. Because of this, we’d like to note that SMBs interested in Proofpoint’s solution need to be able to dedicate time to managing simulation campaigns and creating the specific reports they need from Proofpoint’s metadata.
Proofpoint Essentials SAT is a lower-cost option compared to Proofpoint’s Enterprise SAT product (formerly Wombat Security), offering a slightly reduced feature set. The platform is effective at training users on how to identify phishing attempts, though doesn’t offer an in-built “report phishing” button to enable users to respond to simulations by reporting them. Because of this, users are penalized for clicking on simulation links, but not rewarded for a correct response. However, the expansive content library and easy of navigation make it a strong solution for SMBs looking for comprehensive phishing training on a range of topics.
Written by Caitlin Jones
Tested by Jacob Duane
Date of Testing: 16 December, 2021
Date of Publication: 07 February, 2022