Proofpoint Essentials Security Awareness Training

Overview

Proofpoint is the world’s largest email security provider, delivering protection to organizations of all sizes, including 85% of the Fortune 100. Proofpoint Essentials is their solution designed for small- to mid-sized businesses, delivering enterprise-grade security at an accessible price point. Essentials is a comprehensive protection platform comprised of advanced email protection, archiving, continuity, security awareness, and information protection. Proofpoint Essentials Security Awareness Training provides cybersecurity education for SMBs based on research-proven Learning Science Principles, helping businesses deliver training that will enable their users to identify and correctly respond to a variety of cyberthreats in the workplace.

Key Features

Training Content

Proofpoint offers a wide range of training content in a variety of mediums and covering a range of different topics, including compliance. Training materials can be assigned automatically if a user fails a simulation, or on demand for all users. Proofpoint’s content library includes videos, images and articles, and materials are available in 35 languages, making them highly accessible independent of preferred learning style or language. Modules consist of easy-to-consume 2-3 minute micro-learning clips, as well as more comprehensive lessons ranging between five to 15 minutes to complete, on average. Their modules cater to all learning styles with interactive and game-based formats.

Phishing Simulations

From the dashboard, admins can create phishing simulations using Proofpoint’s expansive template library, or set up their own campaigns from scratch. Proofpoint’s simulation templates are based on real phishing attacks detected by their global threat engine, training users to identify the most current threats. If a user clicks on a simulation link, Proofpoint delivers just-in-time learning, displaying a video explaining how the user should have responded and why. These videos are customizable; admins can choose which video should be shown, which language it should be delivered in, and whether users should also be offered textual guidance. Generally, Proofpoint’s simulations are very effective.

Update November 2023:

The Essentials platform doesn’t currently offer a way for users to report phishing emails. This means that, though users can receive additional education for failing a simulation, Essentials doesn't currently offer easy reinforcement of good behavior for correctly identifying a phishing email. However, the Proofpoint team have told Expert Insights that this feature is in development and will be available by 2024. Users will be thanked for reporting potential phish to reinforce good behavior, while those who fail simulation campaigns can be enrolled in additional training.

Management And Reporting

The platform offers native Active Directory sync, making it easier for admins to manage users across their email security and training products—particularly if using Proofpoint Essentials Email Security. However, because of this automatic syncing, Proofpoint Essentials SAT pulls in alias email addresses as well as primary email addresses, so it’s important that admins make sure they aren’t setting training for aliases. On completion of campaigns, admins can access a range of simple reports into campaign results.

Ease Of Use

Proofpoint offers Azure Active Directory sync, making it easy to set up and integrate users, and ensuring that users are onboarded automatically. To ensure simulations aren’t blocked by Microsoft Defender for Office 365, admins must add IP addresses and sending domains to an allow list. Once deployed, Proofpoint’s simple interface is easy to navigate. Admins can create simulated phishing campaigns from a broad range of off-the-shelf templates, or create custom, targeted campaigns by uploading the content of genuine emails they’ve received. Proofpoint then rewrites any links in the email to turn it into a phishing campaign. Proofpoint doesn’t offer automated campaigns. While the interface makes it easy to create simulations and assign training, it lacks sophistication when it comes to reporting; some manual work is required to be able to easily interpret the data—particularly when working with large volumes of reports.

Best Suited For

We recommend Proofpoint Essentials Security Awareness Training to SMBs, and particularly those already using the Proofpoint Essentials Email Security Solution as there’s little cost to add it on to their existing subscription, and it requires little effort in terms of setup when the email security product is already deployed. Proofpoint Essentials SAT is ideal for SMBs looking for easy-to-manage phishing simulations with diverse, out-of-the-box training content. It’s broad content library and lack of “report phishing” button make it best suited to businesses prioritizing training over simulation reporting. In addition, the platform offers little automation; campaigns must be set up manually, and generating reports requires some manual work. Because of this, we’d like to note that SMBs interested in Proofpoint’s solution need to be able to dedicate time to managing simulation campaigns and creating the specific reports they need from Proofpoint’s metadata.

Final Verdict

Proofpoint Essentials SAT is a lower-cost option compared to Proofpoint’s Enterprise SAT product, offering paired down training features specially designed for SMBs. The platform is effective at training users on how to identify phishing attempts, and will soon offer an in-built “report phishing” button to enable users to respond to simulations by reporting them. This allows administrators to reinforce proper responses for users who report simulations while giving additional education to those who miss the threat. The expansive content library and ease of navigation make it a strong solution for SMBs looking for comprehensive phishing training on a range of topics. To get the most out of the platform, we recommend that businesses considering Proofpoint Essentials SAT purchase through an MSP, as this can drastically reduce the management overhead required to run effective simulation campaigns.