Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PHISHING REPORT
CONFIDENTIAL PLATFORM VENDOR REVIEW - SUMMER 2016
It takes 11 years of
Organizations are seeking strategies, technologies and Security research
solutions to help them proactively identify and prevent experience to attain the
Phishing and other attacks. Yet, evaluating and selecting skills needed to defend
against modern day
the best vendor and solution to fit your needs can be a security attacks
daunting, time consuming and a confusing task as
cybersecurity technologies are rapidly evolving.
PHISHING
SIMULATION
PHISHING
TEMPLATES Vendors Reviewed
PHISHING Over the last few years, many Phishing simulation
CAMPAIGN and awareness training platform vendors have
MANAGEMENT emerged. Each vendor has approached the engineer-
CAMPAIGN
ing of their solution from a unique perspective, each
REPORTING
approaches the market with slightly different position-
ing and each solution has unique strengths.
AWARENESS
TRAINING Due to the large number of Phishing platforms on the
market today we chose to focus our review on three
vendors: 1) Wombat, 2) PhishMe and 3) Phishbite.
Additional “add on”
services may also Objective & Approach
include:
Our intent is to review each organization and solution
at a high level, based on publicly available information
and to identify the best use-case and customer fit for
TRAINING each solution.
MODULES
Wombat sells its product direct to end user organizations through its sales team
and also sells through various reseller channels (who buy the Wombat product
wholesale through distributors). Keep in mind that most manufacturers create
discount policies that create price parity between direct sales and reseller sales
organizations so they don’t create a pricing conflict. That said, we have
witnessed some manufacturers provide better pricing and discounts to the
distribution channel as that channel provides them with broader reach at a better
or equal cost.
Services
Wombat provides a number of Pre-Launch and Post-Launch support services to
assist customers with phishing simulation and awareness training program
design, preparation, testing and deployment. They also provide custom learning
management system integration services to help customers integrate the
various awareness and training modules and phishing simulation activities into
the customer’s existing training programs and systems.
Summary
Wombat’s solutions are ideal for upper mid-market and enterprise organizations
and companies that have a medium to (mid) high maturity level within security
and IT. A Medium Maturity level is critical as customers need to consume
assessment results and have resources and processes in place to deploy the
robust training and education modules. This requires a dedicated security and
training resource or department that will be capable of driving change through-
out the organization. Wombat’s solutions do not require a high maturity level
within IT to deploy but some of the advanced support and training features might
overlap with existing capabilities of organizations with high maturity levels.
Like Wombat, PhishMe sells its product direct to end user organizations through
its sales team and also sells through various reseller channels (who buy the
PhishMe product wholesale through distributors). Keep in mind that manufactur-
ers create discount policies that create price parity between direct sales and
reseller sales organizations so they don’t create a pricing conflict. That said, we
have witnessed some manufacturers provide better pricing and discounts to the
distribution channel as that channel provides them with broader reach at a better
or equal cost. Manufacturers strive to create a 50/50 blend of selling its products
to end users through direct sales and distribution channels. PhishMe has
publically indicated that it will be announcing a new product and new pricing in
2016 that is specifically focused on smaller organizations. It is expected that this
new product will be primarily sold through technology resellers and distribution.
Services
PhishMe offers flexible professional services and partially or fully managed
services that can enhance existing employee security behavior management
and security operations programs. The company is able to combine deep
security expertise and proven operational processes with their Simulator,
Reporter solutions and its managed services to improve a customer’s
organizational security while reducing risk.
Summary
PhishMe’s solutions are technically advanced. Their offerings are ideal for
enterprises that have an upper medium to high maturity level within IT and
security. Customers will need more advanced IT capabilities (or support) to fully
deploy the platform and realize value from its advanced functionality. PhishMe
offers a managed service to assist customers with lower levels of maturity or
fewer IT resources to fully take advantage of their platform’s capabilities.
Phishbite only sells its products through its OEM and various reseller channels
(who buy the PhishMe product wholesale through the master OEM). Phishbite
special pricing is available to OEMs, White Label partners and enterprises that
wish to broadly distribute and utilize the platform. Phishbite is continuing to
expand its product functionality and through its master OEM and distributor will
be broadly distributed throughout the U.S. market by the end of 2016.
Services
Through its master OEM and Managed Security Services Provider, Phishbite’s
phishing campaigns and reporting can be customized to fit any business or
employee population within any market segment.
While the Phishbite product was purpose built for the small to mid-size business
and organizations with early stage IT and security maturity, the platform can be
integrated into any 3rd party learning management system or training curriculum
and be delivered through a fully managed service. The Managed Security
Services Provider also provides a robust Managed Security Operations Center
and full portfolio of security and compliance assessment, audit and remediation
services.
*Denotes features and functionality that requires a 3rd party integration or services partner
Summary
Phishbite’s solution is purpose built for small to mid-sized business and
organizations with low to medium maturity levels within security and IT. The
platform’s functionality is minimal and little to no IT assistance is required. When
combined with online training, a learning management system or a Managed
Security Operations Service from a Phishbite Partner, the platform can be a very
affordable and effective phishing solution for small to mid sized businesses.
Mid-size and Enterprise organizations that are looking for a strategic training
and assessment partner that will help them to manage and automate the
process of increasing employee awareness of security and compliance topics
while reducing the risk of cyber attacks would be well served to speak with
Wombat.
Upper Mid-Market and Enterprise organizations that are highly tech savvy and
looking for a technology platform partner that will help them to proactively miti-
gate the risk of cyber attacks while automating the employee awareness and
training process would be well served to speak with PhishMe.
Gain deeper visibility and understanding of cyber "Terra Verde has the
security vulnerabilities and risks.
technical acumen and
Deploy a new or optimized Security Operations business skill sets that
Center or cybersecurity program. can provide value to any
organization...I highly
The Terra Verde Difference
recommend this firm to
Our experienced staff is trained in the latest industry any organization as their
best practices and can technologies. We provide a professionals provide
comprehensive portfolio of cybersecurity and risk
management services, solutions and training. superior consulting that
exceeds expectations
When you need us the most we are here. every time.”
- Director, IT Security
Architecture, Financial
Services Corporation