Price: $4 per user for a 36-month term
What it does: Sophos Phish Threat leverages many AI-enhanced capabilities and hundreds of customizable attack templates to identify areas of weakness within an organization and empower users with built-in training.
What we liked: We are especially impressed with the training content within this platform. The nearly 60 different interactive trainings modules cover various security and compliance topics with mixed formats, appealing to a wide range of learning styles.
Sophos Phish Threat leverages many AI-enhanced capabilities and hundreds of customizable attack templates to identify areas of weakness within an organization and empower users with built-in training. Sophos takes a methodical approach to attack simulation, exploring the digital wild to gather intelligence about current phishing attack types and then emulating these types in a safe and controlled manner.
Sophos conducts credential harvesting, attachment and training -- also known as “mini campaigns" -- which are very easy to run. During a campaign, end-users randomly receive one of five different attack emails. Analysts may configure these campaigns as one-offs that target individual users or groups within the organization or as series with a defined number of campaigns and themes that automatically generate different assessments on a weekly or monthly basis. Analysts may also choose from approximately 500 different, customizable attack templates for all four campaign types. Analysts even have the ability to customize campaign displays such as the attack emails and landing pages.
Because some end users inevitably fall for these attack simulations, Sophos offers almost 60 different interactive training modules that cover various security and compliance topics. All training videos average only about five minutes in runtime and have mixed formats, including multiple choice tests, gamification features and static posters, appealing to a wide range of learning styles. Savvy users who correctly identify a phishing email are shown a “You caught a phish!” page in lieu of a training page, thereby reinforcing their behavior.
The main Phish Threat dashboard shows many useful statistics regarding active campaigns, such as the ratio of end users who have fallen for phishing emails as compared with those who have reported them. The dashboard is accessible through the unified management console, Sophos Central, making Phish Threat an ideal breach and attack simulator solution for those already familiar with Sophos. The left windowpane even displays all Sophos products to make managing them as simple as possible.
The platform reports measure security posture and user awareness at the individual, group and organization level. Different user behavior templates highlight caught users, repeat offenders and frequent threat reporters. There are also training reports that show how many users have enrolled in a training program, how many have completed it and how many still have outstanding training requirements. Campaign reports cover the same high-level metrics displayed in the main dashboard page, along with detailed breakdowns of individual users and groups.
With one console to cover the full cybersecurity portfolio, Sophos Phish Threat makes phishing simulations and security training effortless. Security teams are free to run an unlimited number of campaigns and visualize those results in meaningful, comprehensive reports. The 60-plus training courses take assessments beyond simple security control testing and prepare users of all levels to engage in email best practices. Sophos capitalizes on the threat intelligence SophosLabs offers, feeding the attack data to their product management team, which in turn creates campaign templates according to the methods and techniques currently observed in the wild.
Pricing starts at $4 per user for a 36-month term and includes 24/7 support.