EXECUTIVE BRIEFING

PHISHING REPORT
CONFIDENTIAL PLATFORM VENDOR REVIEW - SUMMER 2016

The Security Imperative

FAST FACTS
Organizations of all sizes across the globe are being
targeted and attacked by hackers and cyberterrorists.  Over 62% of breaches
occurred in businesses with
less than 1000 FTEs
Multiple studies show that small and mid-size businesses
and organizations are easy targets for cyber attacks  91% of cyber attacks begin
such as Phishing. They are less likely to have updated with a phishing email and
95% of incidents involve
programs, policies, technology and resources to defend
human error
against modern cyber attacks. Many organizations also
lack the ability to recover from financial theft or a  Security Engineers are
massive data breach that may result in millions of dollars difficult to retain. Compen-
in fines. sation packages are
growing in size due to a
lack of qualified candidates
To become more secure and to increase employee
awareness of these attacks, organizations are deploying  Research predicts a
cyber security policies, training, technology and full-time shortage of 2M Security
resources. professionals by 2017

 It takes 11 years of
Organizations are seeking strategies, technologies and Security research
solutions to help them proactively identify and prevent experience to attain the
Phishing and other attacks. Yet, evaluating and selecting skills needed to defend
against modern day
the best vendor and solution to fit your needs can be a security attacks
daunting, time consuming and a confusing task as
cybersecurity technologies are rapidly evolving.

2016 Terra Verde Briefing I www.TVRMS.com

 “Three out of
every Five cyber
attacks in 2015
were targeted at
small or midsize
organizations.”
- 2015 Symantec Internet
Security Threats Report

Proactive “Threat Hunting” “Organizations can

In today’s world, the need for a sustainable security reduce their overall
program that monitors, reports and helps address
cyber attacks and breaches is universal. risk by assessing
(testing), and educat-
But with a growing shortage of security experts, the
increasing number of attacks and threat techniques, ing their employees,
and ongoing evolution of technologies, how do contractors, vendors
organizations become more proactive and where do
they focus “Threat Hunting” activities? and partners on
Phishing and Social
Span of Control - Focus on Phishing
Engineering attack
With 95% of all cyber incidents including some type methods. This can
of human error, it makes sense for organizations to
address cyber threats by proactively addressing increase awareness
risks that are within their span of control, such as and provide direction
Phishing. Research shows that 91% of cyber attacks
begin with a Phishing or Spear Phishing attack. on how to respond to
such attacks and
A Spear Phishing attack is different than a general
Phishing attack as it is customized for a specific techniques.”
organization size and type that is within a specific
market or industry. Spear Phishing attacks can also - Carlos Villalba, PhD,
be focused on a specific person or group of people VP Solutions,
within an organization. Terra Verde

2016 Terra Verde Briefing I www.TVRMS.com

 PHISHING
VENDORS
The leading Phishing
awareness training
and simulation
platform vendors all
provide common
features such as:

 PHISHING
SIMULATION

 PHISHING
TEMPLATES Vendors Reviewed
 PHISHING Over the last few years, many Phishing simulation
CAMPAIGN and awareness training platform vendors have
MANAGEMENT emerged. Each vendor has approached the engineer-
 CAMPAIGN
ing of their solution from a unique perspective, each
REPORTING
approaches the market with slightly different position-
ing and each solution has unique strengths.
 AWARENESS
TRAINING Due to the large number of Phishing platforms on the
market today we chose to focus our review on three
vendors: 1) Wombat, 2) PhishMe and 3) Phishbite.
Additional “add on”
services may also Objective & Approach
include:
Our intent is to review each organization and solution
at a high level, based on publicly available information
and to identify the best use-case and customer fit for
 TRAINING each solution.
MODULES

 LMS This is not an effort to stack rank phishing vendors or

INTEGRATION establish what vendor is the “best” or has the most
features. We are using a pragmatic approach to deter-
 REMEDIATION mine what solution is best for what organization type,
SERVICES size, employee awareness and security maturity level,
and within what market segments.
 MANAGED
SERVICES

2016 Terra Verde Briefing I www.TVRMS.com

Wombat HIGHLIGHTS
Wombat Security Technologies, Inc. Name:
provides interactive software-based cyber Wombat Security
Technologies, Inc.
security and compliance assessment,
training, and filtering solutions. The Founded:
company provides a SaaS cyber security 2008
education solution that includes a platform
of integrated broad assessments and a HQ Address:
library of simulated attacks and brief 3030 Penn Ave
Second Floor
interactive training modules.
Pittsburgh, PA 15201
General Observations Remote office in UK
The company positions itself as a training and
Phone:
awareness solution provider that utilizes innovative
412-621-1484
methods and technology platforms to educate users
and to enforce corporate policies and practices. Web:
wombatsecurity.com
We believe that Wombat will seek out various
content distribution partnerships, will continue to
Markets:
invest in content and assessment development and
Serves Fortune 1000
will continue to acquire and build technologies and customers in finance,
platforms to automate the delivery of their technology, banking,
assessments, training content and simulations. government,
telecom, healthcare,
Wombat offers a Security Education Platform that
retail, higher ed,
delivers comprehensive security awareness and CPG, transportation,
training. The platform includes access to Wombat’s utility markets.
Assess, Educate, Reinforce, Measure methodology
and suite of products such as CyberStrength®, a Funding/Revenues:
platform that enables customers to create, deploy $10.85M (B round)
and analyze the results of knowledge assessments $5M
that gauge employee’s understanding of security
topics, policies and procedures. The ThreatSim Acquisition:
platform enables the creation and deployment of ThreatSim
phishing attacks and provides teachable moments
for those who take the bait. SmishGuru® and Source:
USBGuru® are simulated attack platforms that Bloomberg
gauge employees’ understanding of smishing (SMS/ Owler
text phishing) and USB attacks while providing Crunchbase
robust training and education on these topics.

2016 Terra Verde Briefing I www.TVRMS.com

The company provides over 17 comprehensive interactive training modules that
can be adapted to a customer’s business and employee population. It has a
PhishAlarm reinforcement program that provides additional reporting and
security awareness materials to reinforce policies and best practices. The entire
suite of services is supported by robust reporting that can be adapted to fit a
customer’s business.

Pricing & Availability

Based on research, websites and conversations with industry professionals, it
appears that general pricing has been published at $3.69 per user / per training
module per month. 150 users can gain access to all training modules for around
$5,000. We presume Wombat’s pricing is based on a per user / per module / per
month but we are confident that for larger deployments they would create a
more custom enterprise licensing agreement (like all other training and platform
providers).

Wombat sells its product direct to end user organizations through its sales team
and also sells through various reseller channels (who buy the Wombat product
wholesale through distributors). Keep in mind that most manufacturers create
discount policies that create price parity between direct sales and reseller sales
organizations so they don’t create a pricing conflict. That said, we have
witnessed some manufacturers provide better pricing and discounts to the
distribution channel as that channel provides them with broader reach at a better
or equal cost.

Services
Wombat provides a number of Pre-Launch and Post-Launch support services to
assist customers with phishing simulation and awareness training program
design, preparation, testing and deployment. They also provide custom learning
management system integration services to help customers integrate the
various awareness and training modules and phishing simulation activities into
the customer’s existing training programs and systems.

2016 Terra Verde Briefing I www.TVRMS.com

Wombat Scorecard
Below is a scorecard highlighting key attributes of Wombat Security Technolo-
gies’ offerings. The scorecard provides our opinion on what market segment the
company’s solutions fit best within. We also attempted to define the “ideal” IT
and security maturity levels that an organization would need to have in place in
order to receive the largest value and benefit from deploying Wombat’s
solutions.

Small Biz Medium Biz Enterprise Low Med High

Wombat Capability (1 to 99 (100 to 999 (1000 + Maturity Maturity Maturity
FTEs) FTEs) FTEs) (0-1) (2-3) (4-5)

Robust knowledge and awareness

assessments
Robust training and awareness
methodology

Robust training and awareness

modules
Robust simulated phishing platform

Robust phishing simulation reporting

Diversified social engineering

assessments and simulations
(smishing, USB, etc)
Pre-launch assessment and
simulation support
Post-launch assessment and
simulation support
Learning management system
integration services
Rebranding for internal use

Licensing can include access to all

training and education modules

Summary
Wombat’s solutions are ideal for upper mid-market and enterprise organizations
and companies that have a medium to (mid) high maturity level within security
and IT. A Medium Maturity level is critical as customers need to consume
assessment results and have resources and processes in place to deploy the
robust training and education modules. This requires a dedicated security and
training resource or department that will be capable of driving change through-
out the organization. Wombat’s solutions do not require a high maturity level
within IT to deploy but some of the advanced support and training features might
overlap with existing capabilities of organizations with high maturity levels.

2016 Terra Verde Briefing I www.TVRMS.com

 HIGHLIGHTS PhishMe
Name: PhishMe® is the leading provider of threat
PhishMe, Inc. management for organizations concerned
Founded:
about human susceptibility to advanced
2011 targeted attacks. PhishMe’s intelligence-
driven platform turns employees into an
HQ Address: active line of defense by enabling them to
1608 Village Market identify, report, and mitigate spear
Blvd, SE #200 phishing, malware, and drive-by threats.
Leesburg, VA 20175
Our open approach ensures that PhishMe
Regional offices integrates easily into the security technol-
across 4 countries. ogy stack, demonstrating measurable
results to help inform an organization’s
Phone: security decision making process.
703-652-0717
General Observations
Web:
phishme.com The company positions itself as a threat manage-
ment platform and technology provider that enables
Markets: employees to proactively help defend the company
Serves defense in- against cyber attacks.
dustrial base, energy,
financial services, We believe that PhishMe will continue to invest in,
healthcare, and man- acquire and develop cyber security defense and
ufacturing industries, monitoring technologies and simulation platforms
as well as other that round out their overall solution and product
Global 1000 entities portfolio. They will also continue to form relationships
with distributors and other platform providers to drive
Funding/Revenues: mass distribution of their portfolio.
$15.5M (B round)
$10M PhishMe provides a comprehensive portfolio of
technologies and services including PhishMe
Acquisition: Simulator for testing and assessing internal phishing
Malcovery Security risks; PhishMe Reporter for empowering users to
report, analyze and track phishing attempts; Phish-
Source: Me Triage that analyzes, prioritizes, phishing attacks
Owler and adjusts SOC team workflow based on severity
Crunchbase and risk; and, PhishMe Intelligence to provide deep
Discussions reporting, analytics, system integration and best
practice recommendations on remediating and
preventing phishing attacks.

2016 Terra Verde Briefing I www.TVRMS.com

Unlike Wombat, we believe PhishMe will attempt to commoditize training by
embedding it into its product portfolio. We believe this because it is Wombat’s
objective to build differentiation around its training and education content and
methodology while PhishMe’s position and approach to the market is to build
differentiation and value within its platform and technology.

Pricing & Availability

Based on research, websites and conversations with industry professionals, it
appears that general pricing for 250 users (emails) includes usage of Simulator
and Reporter products and above starts around $10,000 per year. As the user
count grows, so does the annual license cost. Triage functionality is priced
separately as a flat price and begins at $50,000 per year. Based on interviews
with existing PhishMe customers we are confident that for larger deployments
PhishMe will get creative with its pricing and will work with customers to create
a custom enterprise licensing agreement (like other large technology platform
providers).

PhishMe has announced a Small Business Edition of its software to support

companies with less than 250 users. The initial pricing for PhishMe’s Small Busi-
ness Edition appears to be aggressive and affordable.

Like Wombat, PhishMe sells its product direct to end user organizations through
its sales team and also sells through various reseller channels (who buy the
PhishMe product wholesale through distributors). Keep in mind that manufactur-
ers create discount policies that create price parity between direct sales and
reseller sales organizations so they don’t create a pricing conflict. That said, we
have witnessed some manufacturers provide better pricing and discounts to the
distribution channel as that channel provides them with broader reach at a better
or equal cost. Manufacturers strive to create a 50/50 blend of selling its products
to end users through direct sales and distribution channels. PhishMe has
publically indicated that it will be announcing a new product and new pricing in
2016 that is specifically focused on smaller organizations. It is expected that this
new product will be primarily sold through technology resellers and distribution.

Services
PhishMe offers flexible professional services and partially or fully managed
services that can enhance existing employee security behavior management
and security operations programs. The company is able to combine deep
security expertise and proven operational processes with their Simulator,
Reporter solutions and its managed services to improve a customer’s
organizational security while reducing risk.

2016 Terra Verde Briefing I www.TVRMS.com

PhishMe Scorecard
Below is a scorecard highlighting key attributes of PhishMe’s offerings. The
scorecard provides our opinion on what market segment the company’s
solutions fit best within. We also attempted to define the “ideal” IT and security
maturity levels that an organization would need to have in place in order to
receive the largest value and benefit from deploying PhishMe’s solutions.

Small Biz Medium Biz Enterprise Low Med High

PhishMe Capability (1 to 99 (100 to 999 (1000 + Maturity Maturity Maturity
FTEs) FTEs) FTEs) (0-1) (2-3) (4-5)

Robust knowledge and awareness

assessments (Phishing simulations)
Robust training and awareness
methodology

Robust training and awareness

modules
Robust simulated phishing platform

Robust phishing simulation reporting

Diversified social engineering

assessments and simulations
(smishing, USB, etc)
Pre-launch assessment and
simulation support
Post-launch assessment and
simulation support
Learning management system
integration services
Rebranding for internal use

Licensing can include access to all

training and education modules
Robust Phishing attack intelligence,
prioritization, triage and remediation
Robust Phishing platform professional
services and integration support
Robust Phishing platform managed
services

Summary
PhishMe’s solutions are technically advanced. Their offerings are ideal for
enterprises that have an upper medium to high maturity level within IT and
security. Customers will need more advanced IT capabilities (or support) to fully
deploy the platform and realize value from its advanced functionality. PhishMe
offers a managed service to assist customers with lower levels of maturity or
fewer IT resources to fully take advantage of their platform’s capabilities.

2016 Terra Verde Briefing I www.TVRMS.com

Phishbite HIGHLIGHTS
Phishbite, Inc. provides an effective, easy Name:
to use phishing simulation platform that Phishbite, Inc.
rapidly assesses, measures and tracks an Founded:
organization’s susceptibility to phishing 2015
attacks. The company has partnered with a
Managed Security Services Provider and Address:
Security Training Company to distribute 9 E. 8th St. STE. 138
the Phishbite platform and to offer a New York, NY 10003
customizable, fully managed Phishing and
Phone:
security awareness training solution to 877-707-7997 ext
small and mid-sized organizations. 2016

General Observations Web:

phishbite.com
Phishbite is a phishing simulator that can be used to
test your employees’ susceptibility to phishing by Markets:
actually phishing them (in a controlled and safe Serves small to mid
manner). Phishbite was architected and developed sized businesses
as a 100% cloud-based solution, there’s no software within technology,
to download and no hardware required, just sign-up finance, retail,
and start phishing in minutes. consumer packaged
goods, healthcare,
Awareness and training content can be easily inte- state, local and
grated and added into the Phishbite platform and higher education
phishing campaigns to capitalize on the “Training sectors.
Moment” - the moment that an employee “takes the
bait” and falls victim to a phishing campaign. During Funding/Revenues:
the awareness process, employees can be NA
presented with a warning message that alerts them
that they have been successfully phished and Acquisition:
provides them with knowledge on how to recognize None
a phishing attempt. They can also be redirected to a
learning management platform and series of training Source:
modules that are modified for each customer’s Google
business and employee population. Phishbite PR Newswire
includes detailed, real time reporting on phishing Discussions
campaigns so administrators or executives can gain
visibility into what percent of their employees are at
risk and where to go deploy additional awareness
training and education.

2016 Terra Verde Briefing I www.TVRMS.com

Pricing & Availability
Unlike Wombat or PhishMe, Phishbite can be accessed via a freemium model
through the product’s master distributor and reseller channel. An organization of
any size can access the platform for free for a limited amount of time. Based on
research, websites and conversations with industry professionals, it appears
that general pricing includes a fully managed phishing service, and begins at
less than $2 per user / per month, for unlimited phishing attempts.

Phishbite only sells its products through its OEM and various reseller channels
(who buy the PhishMe product wholesale through the master OEM). Phishbite
special pricing is available to OEMs, White Label partners and enterprises that
wish to broadly distribute and utilize the platform. Phishbite is continuing to
expand its product functionality and through its master OEM and distributor will
be broadly distributed throughout the U.S. market by the end of 2016.

Services
Through its master OEM and Managed Security Services Provider, Phishbite’s
phishing campaigns and reporting can be customized to fit any business or
employee population within any market segment.

While the Phishbite product was purpose built for the small to mid-size business
and organizations with early stage IT and security maturity, the platform can be
integrated into any 3rd party learning management system or training curriculum
and be delivered through a fully managed service. The Managed Security
Services Provider also provides a robust Managed Security Operations Center
and full portfolio of security and compliance assessment, audit and remediation
services.

2016 Terra Verde Briefing I www.TVRMS.com

Phishbite Scorecard
Below is a scorecard highlighting key attributes of Phishbite’s offerings. The
scorecard provides our opinion on what market segment the company’s
solutions fit best within. We also attempted to define the “ideal” IT and security
maturity levels that an organization would need to have in place in order to
receive the largest value and benefit from deploying Phishbite’s solutions.

Small Biz Medium Biz Enterprise Low Med High

Phishbite Capability (1 to 99 (100 to 999 (1000 + Maturity Maturity Maturity
FTEs) FTEs) FTEs) (0-1) (2-3) (4-5)

Robust knowledge and awareness

assessments (Phishing simulations)
*Robust training and awareness
methodology

*Robust training and awareness

modules
Robust simulated phishing platform

Robust phishing simulation reporting

*Diversified social engineering

assessments and simulations
(smishing, USB, physical, etc)
Pre-launch assessment and
simulation support
Post-launch assessment and
simulation support
*Learning management system
integration services
Rebranding for internal use

*Licensing can include access to all

training and education modules
*Robust Phishing attack intelligence,
prioritization, triage and remediation
*Robust Phishing platform profession-
al services and integration support
*Robust Phishing platform managed
services

*Denotes features and functionality that requires a 3rd party integration or services partner
Summary
Phishbite’s solution is purpose built for small to mid-sized business and
organizations with low to medium maturity levels within security and IT. The
platform’s functionality is minimal and little to no IT assistance is required. When
combined with online training, a learning management system or a Managed
Security Operations Service from a Phishbite Partner, the platform can be a very
affordable and effective phishing solution for small to mid sized businesses.

2016 Terra Verde Briefing I www.TVRMS.com

Conclusion
Each of the three companies reviewed approaches the market with different
positioning and each company has solutions with unique capabilities that can be
valuable to companies that operate in different segments of the market.

Wombat is approaching the market as a training platform provider that

utilizes innovative technology based simulations and assessments to
benchmark an organization’s understanding of risk, security and compliance
topics, policies and practices. They are also focused on promoting training and
a continuous learning methodology and process. This assists organizations with
employee skill development and change management as organizations attempt
to become more secure and compliant.

Mid-size and Enterprise organizations that are looking for a strategic training
and assessment partner that will help them to manage and automate the
process of increasing employee awareness of security and compliance topics
while reducing the risk of cyber attacks would be well served to speak with
Wombat.

PhishMe is approaching the market and positioning itself as a predomi-

nant technology platform provider. The company continues to buy and build
additional technologies to expand its value proposition. We expect the company
to continue to expand its feature set outside of phishing simulations and move
into proactive monitoring and reporting of cyber attacks.

Upper Mid-Market and Enterprise organizations that are highly tech savvy and
looking for a technology platform partner that will help them to proactively miti-
gate the risk of cyber attacks while automating the employee awareness and
training process would be well served to speak with PhishMe.

Phishbite is approaching the market and positioning itself as a simple,

easy to use phishing simulation platform. The company has formed a strategic
distribution relationship with a Managed Security Services Provider and Training
Company that serves the small to mid-size market segment in order to bring a
more comprehensive and cost effective solution to the market that anyone can
afford.

Small to Mid-Sized organizations with minimal security and IT resources that

are looking for an easy to use, cost effective solution to help them to proactively
educate employees and mitigate the risk of cyber attacks would be well served
to speak with Phishbite.

2016 Terra Verde Briefing I www.TVRMS.com

 About Terra Verde CONTACT US
Founded in 2008 as a cybersecurity, risk and Give us a call for
compliance consulting company, Terra Verde is more information
headquartered in Phoenix, Arizona and is one of the about TruSOC™ or
Largest PCI QSAs in the southwest region. The our other products
company performs hundreds of security and and services.
compliance assessments, audits and consulting
engagements each year, supporting customers
across multiple continents. Terra Verde
7400 E Pinnacle
Terra Verde’s TruSOC™ service supports customers Peak Rd Suite #100
across the U.S. and over the last 6 months has Scottsdale, AZ 85255
tracked over 15 Billion security events and 200,000
vulnerabilities for customers. PH: 877-707-7997
trusoc@tvrms.com
Executives, security and risk professionals utilize our
consultants, subject matter experts, services and
solutions to:
Visit our website
 Reduce overall security and compliance risk. www.tvrms.com

 Eliminate capital expenditures on security

technology and personnel.

 Gain deeper visibility and understanding of cyber "Terra Verde has the
security vulnerabilities and risks.
technical acumen and
 Deploy a new or optimized Security Operations business skill sets that
Center or cybersecurity program. can provide value to any
organization...I highly
The Terra Verde Difference
recommend this firm to
Our experienced staff is trained in the latest industry any organization as their
best practices and can technologies. We provide a professionals provide
comprehensive portfolio of cybersecurity and risk
management services, solutions and training. superior consulting that
exceeds expectations
When you need us the most we are here. every time.”

- Director, IT Security
Architecture, Financial
Services Corporation

7400 E Pinnacle Peak Rd Suite #100

Scottsdale, AZ 85255
2016 Terra Verde Briefing I www.TVRMS.com