Phishing testing / awareness / training suggestions?

manxam

Going down the rabbit hole here looking for an MSP friendly phishing platform. We'd like to test on one client initially (who recently got "bitten" though they we do provide training for them on this topic)

Knowbe4 seems to be hot but they're $2650 USD for only 100 endpoints. Webroot, I've heard, doesn't have quite the training videos but is $1200 CDN per year for the same number of endpoints.

Then comes Barracuda Phishline, Wombat/Proofpoint, Trend Micro, Sophos Phish Threat, and on and on, and on....

Does anyone have any hands-on experience with these platforms and could make some recommendations? I'd prefer not to spend weeks demoing each and adding our company to even MORE call lists.

Emad R

@manxam said in Phishing testing / awareness / training suggestions?:

HFS web server and log IPs that click the hyperlink.

mattbagan

I will be testing this framework in the coming weeks, hopefully. https://getgophish.com/

manxam

@mattbagan : That looks like a really neat platform but the amount of dev time is quite large as you have to develop your own emails, templates, forms, landing pages, etc.
If time permitted we'd consider this but, unfortunately, there just aren't enough hours in a day...

dafyre

@mattbagan said in Phishing testing / awareness / training suggestions?:

I will be testing this framework in the coming weeks, hopefully. https://getgophish.com/

This is the one I was going to recommend as well.

wrx7m

That Knowbe4 pricing seems like you went for a top tier. You can get training and phish testing in the lower tiers.

zachary715

KnowBe4 Silver (Base Product) starts at $15/seat MSRP. Probably has enough to get you started.

https://www.knowbe4.com/pricing-kevin-mitnick-security-awareness-training

wrx7m

Yeah, I looked it up. Last year, I paid $1312 for 101 users for the Gold tier of KnowBe4.

Dashrender

@wrx7m said in Phishing testing / awareness / training suggestions?:

Yeah, I looked it up. Last year, I paid $1312 for 101 users for the Gold tier of KnowBe4.

He has CDN pricing, so it will be a bit higher, FYI.

manxam

MSPs can only purchase Platinum or Diamond I was told, and at a minimum of 101 seats @ MSRP -20%. So, a minimum spend of $2400 CDN for us and $3000 for the customer for their "recommended" tier (platinum).

Does the old adage apply here? "Gotta pay to play"...?

JaredBusch

@manxam said in Phishing testing / awareness / training suggestions?:

MSPs can only purchase Platinum or Diamond I was told, and at a minimum of 101 seats @ MSRP -20%. So, a minimum spend of $2400 CDN for us and $3000 for the customer for their "recommended" tier (platinum).

Does the old adage apply here? "Gotta pay to play"...?

Well if you are approaching as an MSP, this is to be expected. You are assumed to be reselling the service. This is the only thing they allow to be resold.

You as the MSP buy 101 licenses and resell 10 each to a few clients at MSRP -5%.