Proofpoint Essentials Security Awareness Training (SAT) offers effective content-based training on how to identify email phishing attempts, alongside simulated phishing campaigns to test users’ responses to phishing threats. The platform doesn’t offer a way for users to report simulations, which means that they are punished for failing simulation campaigns, but not rewarded for a correct response. However, the expansive content library (available in a variety of languages) and friendly interface make Proofpoint Essentials SAT a strong solution for SMBs.
Proofpoint is the world’s largest email security provider, delivering protection to the top five banks globally and more than 50% of the Fortune 100. Proofpoint Essentials is their solution designed for small- to mid-sized businesses, delivering enterprise-grade security at an accessible price point. Essentials comprises two main products: email security and security awareness training. Proofpoint Essentials Security Awareness Training provides businesses with an extensive library of training materials, as well as enabling them to run simulated phishing campaigns, in order to train their users to identify and correctly respond to phishing attempts.
Proofpoint offers a wide range of training content in a variety of mediums and covering a range of different topics, including compliance. Training materials can be assigned automatically if a user fails a simulation, or on demand for all users. Proofpoint’s content library includes videos, images and articles, and materials are available in 35 languages, making them highly accessible independent of preferred learning style or language. Videos are between 10-20 minutes long—more difficult for users to consume than the 2–3-minute micro-learning videos that are becoming increasingly popular across the industry.
From the dashboard, admins can create phishing simulations using Proofpoint’s expansive template library, or set up their own campaigns from scratch. Proofpoint’s simulation templates are based on real phishing attacks detected by their global threat engine, training users to identify the most current threats. If a user clicks on a simulation link, Proofpoint delivers just-in-time learning, displaying a video explaining how the user should have responded and why. These videos are customizable; admins can choose which video should be shown, which language it should be delivered in, and whether users should also be offered textual guidance. Generally, Proofpoint’s simulations are very effective. However, the Essentials platform doesn’t currently offer a way for users to report phishing emails. This means that they’re penalized for failing simulations by clicking on a link, but cannot be rewarded for correctly identifying a phishing email.
The platform offers native Active Directory sync, making it easier for admins to manage users across their email security and training products—particularly if using Proofpoint Essentials Email Security. However, because of this automatic syncing, Proofpoint Essentials SAT pulls in alias email addresses as well as primary email addresses, so it’s important that admins make sure they aren’t setting training for aliases. On completion of campaigns, admins can access a range of simple reports into campaign results.
Proofpoint offers Azure Active Directory sync, making it easy to set up and integrate users, and ensuring that users are onboarded automatically. To ensure simulations aren’t blocked by Microsoft Defender for Office 365, admins must add IP addresses and sending domains to an allow list. Once deployed, Proofpoint’s simple interface is easy to navigate. Admins can create simulated phishing campaigns from a broad range of off-the-shelf templates, or create custom, targeted campaigns by uploading the content of genuine emails they’ve received. Proofpoint then rewrites any links in the email to turn it into a phishing campaign. Proofpoint doesn’t offer automated campaigns. While the interface makes it easy to create simulations and assign training, it lacks sophistication when it comes to reporting; some manual work is required to be able to easily interpret the data—particularly when working with large volumes of reports.
We recommend Proofpoint Essentials Security Awareness Training to SMBs, and particularly those already using the Proofpoint Essentials Email Security Solution as there’s little cost to add it on to their existing subscription, and it requires little effort in terms of setup when the email security product is already deployed. Proofpoint Essentials SAT is ideal for SMBs looking for easy-to-manage phishing simulations with diverse, out-of-the-box training content. It’s broad content library and lack of “report phishing” button make it best suited to businesses prioritizing training over simulation reporting. In addition, the platform offers little automation; campaigns must be set up manually, and generating reports requires some manual work. Because of this, we’d like to note that SMBs interested in Proofpoint’s solution need to be able to dedicate time to managing simulation campaigns and creating the specific reports they need from Proofpoint’s metadata.
Proofpoint Essentials SAT is a lower-cost option compared to Proofpoint’s Enterprise SAT product (formerly Wombat Security), offering a slightly reduced feature set. The platform is effective at training users on how to identify phishing attempts, though doesn’t offer an in-built “report phishing” button to enable users to respond to simulations by reporting them. Because of this, users are penalized for clicking on simulation links, but not rewarded for a correct response. However, the expansive content library and ease of navigation make it a strong solution for SMBs looking for comprehensive phishing training on a range of topics. To get the most out of the platform, we recommend that businesses considering Proofpoint Essentials SAT considering buying through an MSP, as this will drastically reduce the management overhead required to run effective simulation campaigns.
Security Awareness Training
Sunnyvale, California, US