Sophos Phish Threat Reviews

I had experience with other products before KnowBe4, specifically we had Sophos Phish Threat for three years, but the catalog of training, video, and simulated phishing has some limits. Last February, the contract ended and we tried to select other security awareness training applications. In this case, we selected KnowBe4.

Regarding the comprehensive reporting feature with Sophos Phish Threat, one of the features we desired was a better reporting system. You can segment by department or others, but you can only export the report as a CSV and then you have to organize it in Excel.

Some of the best features with Sophos Phish Threat are good, but it has some limits. For instance, if you send an attachment to target the user with a macro, it doesn't work very well because by default Outlook disables opening macro files. Word macro files open in read-only mode. It has some false positives, such as when the user opened the file.

We had good experience, and based on our three years of use, the users responded well. The videos are animated, and users prefer them, similar to our other applications for training in other areas.

The integration with Sophos Central benefits us for the management of the phishing campaign by being very user-friendly.

We used the customizable phishing emails with Sophos Phish Threat. We customized the template and modified it so we can phish our users. They are very customizable.

The pricing and licensing for Sophos Phish Threat is good compared to other products.

Sophos Phish Threat is a good product, but it has some limitations. We prefer Spanish language content, and the video selection has limitations. The catalog is very small compared with products such as Terranova or KnowBe4.

My recommendation for Sophos Phish Threat is to expand their catalog and include other languages, specifically Spanish.

Regarding the comprehensive reporting feature, we would prefer a better reporting system. While you can segment by department or other criteria, you can only export the report as a CSV which then requires manual organization in Excel.

We had experience with other products before KnowBe4, specifically we had Sophos Phish Threat for three years.

The initial setup with Sophos Phish Threat was very easy.

We had good experience over our three years of usage. The videos, which users prefer, are similar to our other applications for training in other areas.

On a scale of one to ten, I would rate the customer service with Sophos Phish Threat as nine out of ten.

They provide excellent response times. Whenever I have an issue, I receive a good reply and can contact them by phone or email. In the case of MDR, it is one of the greatest products I have ever seen in managed products. They call whenever you have an incident and keep calling to assist until you solve the issue.

Positive

We had Trend Micro before changing to Sophos Phish Threat.

The main differences between Trend Micro and Sophos Phish Threat are that Trend Micro is expensive, and beyond the cost, the administration and integration that Sophos Central has are better than those of Trend Micro.

The initial setup with Sophos Phish Threat was very easy.

We used a reseller to help deploy Sophos Phish Threat, but implementation was mainly handled by our team. We have some partners in the area that assisted in the initial step. It was a very easy and smooth implementation without problems.

I rate Sophos Phish Threat eight out of ten due to some limitations, specifically the limited training catalog and the need for more trainings in local languages, particularly Spanish. A bigger course catalog would be beneficial.

The main use case for Sophos Phish Threat is security awareness training for users and employees in their offices to gain knowledge of cybersecurity hygiene, including how to use emails and how to avoid phishing and spam emails that are coming into the inboxes. Their aim is to give them an awareness of the cybersecurity part.

The most useful features of Sophos Phish Threat are the campaigns that we can automate.

I have experience with the customized phishing simulation feature of Sophos Phish Threat, which is excellent. There are many simulations which we can resemble in a real-time environment.

The phishing simulation feature of Sophos Phish Threat helps simulate phishing attacks to users so we can view how many users clicked into or got attacked with that simulation. We can review it as a real-time attack that we can experience in a security environment.

The integration capabilities of Sophos Phish Threat with Sophos Central are good. We can completely view the statistics and other reports from the Sophos Central portal itself. We can see how many users trained with the modules and how many users completed the simulation through the integration part.

The reporting and analytics tools in Sophos Phish Threat are very detailed, and the visibility is excellent. It has very good reporting capability.

I have had experience with the automated training modules in Sophos Phish Threat, and they are effective.

To make Sophos Phish Threat better, the user interface should be improved. They can enhance the preview of the campaigns and the templates of the phishing simulation. I see some difficulty there. The performance and phishing simulation emails are good, but the preview and user interface could be improved.

I have been working with Sophos Phish Threat for two years.

I face challenges with Sophos Phish Threat because we need to verify the domain name. It is difficult when we have dependency with the domain name verification to onboard this solution. This is an issue I've faced with several customers regarding the CNAME record. If we have a CNAME record, there is no alternative option to verify this domain name.

I have contacted technical support regarding Sophos Phish Threat multiple times. They respond with valuable feedback about how to fix issues or complete tasks. They demonstrate very good technical expertise.

Setting up Sophos Phish Threat is very straightforward.

My customers have seen a return on investment with Sophos Phish Threat because the employees and users receive training on cybersecurity. They can secure their organization in terms of cybersecurity by giving awareness to users to prevent attacks. They are definitely getting the return on investment through that.

The cost of Sophos Phish Threat is very reasonable for customers as they charge based on usage only.

The integration with O365 is efficient, allowing direct connection with the O365 API in two clicks. It is a very user-friendly and capable solution.

Sophos Phish Threat is flexible and agile as a cloud-deployed solution. It offers flexibility for user management, adding users, and managing campaigns for administrators.

I recommend Sophos Phish Threat to those planning to use it as it is a very cost-effective solution. I have used different solutions for the same purpose, but Sophos has excellent templates that can be customized according to needs.

On a scale of 1-10, I rate Sophos Phish Threat an 8.5.

I use Sophos Phish Threat to test employee security awareness. Essentially, my clients utilize Phish Threat to ensure that users are not clicking on suspicious emails or links. It is a simulated campaign that I set up, so it is not a major threat, however, it allows me to identify vulnerable human resources within an environment.

Sophos Phish Threat effectively identifies susceptible employees. It depends on knowing my staff. For example, if I receive an email claiming my Facebook account is compromised, I immediately recognize it as suspicious, as I don't have Facebook. If I know my staff use LinkedIn, I utilize the LinkedIn simulation. Similarly, if they bank with Absa, I use the Absa simulation. 

There isn't a single 'one size fits all' approach. Sophos Phish Threat ensures users do not click on dodgy emails or dodgy links within an environment.

There is a need for improvement regarding false negatives dealing with Office 365. The issue stems from policies in Office 365 that prevent scanning certain elements, which might trigger errors. I would like more clarity on how to address false negatives and reduce false positives.

I have been using the solution for around four years now since its release.

I have not encountered any stability issues.

I find Sophos support is always a ten out of ten. 

I'm not just saying that because we are a distributor; I genuinely believe their product is excellent. Their support is always on point. The only potential issue could be turnaround times. That is typical for any global company. 

They usually contact me within an hour or two, and improving this would require hiring a significant portion of the world's population.

Positive

The setup is simple and intuitive. It involves a step-by-step process where I go through all the configurations correctly, and problems are resolved.

The cost of getting ransomware from clicking a malicious link, compared to the cost of the product, makes the return on investment quite favorable. It essentially pays for itself.

I do not work in processing, so I cannot provide the exact pricing. However, as far as I understand, it is a tiered model. For one to nine users, there is a certain price, and for 20 to 30 users, it's slightly cheaper, and so on.

I advise understanding that Sophos Phish Threat is not a security product per se; it will not protect you. It tests employees through simulated attacks to identify phishing attempts. It is not a standard product but is designed to supplement existing security infrastructure. 

The overall product rating is nine out of ten.

I have a customer who faces problems with phishing, and they wanted to have Sophos Central mail separate emails from spam or phishing emails, for example, by using SPS verification. But the user is the weak point. And the customer wanted to train their users and test their knowledge. We made a proof of concept for this customer and applied Phish Threat to around 100 users out of almost 8,000 users. The customer was happy to see that 100 users received the phishing test, an email, and just ten or 12 users clicked on it. The users were then directed to the training videos. The customer felt it was a great solution and told all their customers about it. CSOs and CIOs mainly value the solution.

I find the solution's reports very valuable. Here in Brazil, we must have some phishing tests in Portuguese. This is valuable to test the user's knowledge. The reports let us know how many users clicked on something, and the emails and videos are in Portuguese to train the users.

Sophos should offer tests where we can emulate new attacks happening now. For example, people use traveling companies, so we could simulate a new test based on that. Sophos could update tests because we have tests for old attacks. We need new emails with new attacks, something that's happening now.

Phish Threat has a lot of features that need to be improved, such as reporting. This is not just with EDR but with Sophos Central as well. For example, if we wanted to find the top ten machines that had been attacked the most last month, we could identify what the problem could be, whether it's the user or something happening with the machine. The report could say, "Last month, 20 machines were affected," maybe thanks to a virus or malware.

I've been using Sophos Phish Threat for one year.

The solution is totally stable. I have not faced any problems, and none of my customers have told me something isn't working. They usually say they are very happy with the solution. "We have the numbers and compliance, and it works fine."

There's no problem with scalability since the solution is on the cloud. The total number of users is not a problem if you have the license.

The initial setup is great because you don't have to do anything. You just have to select the users to apply and the mail you want to send them. It's easy to apply to a new environment. Users don't need any experience because it is very easy.

It takes five to ten minutes to deploy the solution, no longer.

I don't have a team. It's just me who implements the solution.

The pricing is very good, and some of my customers who have used other vendors say that Sophos is priced well within the market.

The user is the weak link in the chain, and in Brazil, most companies don't understand how important it is to train their users. They just look for processes and solutions, but they forget about people.

However, some CSOs and CIOs don't see the solution's aggregate value. They don't think they need some functions and might be satisfied with their current endpoint solution. But I disagree because you need to train and educate your users. You could have the best solution and technology, but the user is the weakest link in the chain. They could click on a link even if it opens a backdoor to their machine, and we'd lose everything.

My advice regarding Sophos Phish Threat is to buy this solution because you'll need it. I suggest a proof of concept to some of my customers so they can see the solution's value. After a proof of concept, some customers choose Sophos Phish Threat, while others might say, "It's a great solution, but I haven't got the budget for it at the moment." Instead, they might prefer to buy endpoint solutions, such as Device Encryption and the Intercept X. But I still recommend a proof of concept for the next year to see the solution's value.

I believe in Sophos solutions such as XDR, XG, and XGS Firewall, and I tell my users, "Don't believe what I'm saying. Let me show you how the solution works, and you decide whether you want it." Believe it or not, we could close deals with our customers once I did a proof of concept with network devices like XG, XGS, or Sophos Central Intercept X. Sophos is the best security solution.

I rate Sophos Phish Threat a ten out of ten. Working with the solution is easy, and none of my customers' users face any problems.

The primary use case of Sophos Phish Threat is to educate users on identifying fraudulent or spam links, thereby preventing them from clicking on malicious links.

Sophos Phish Threat is valuable as it is easy to use and effectively educates end users on the threats they may face and how to identify them. It helps users recognize fraudulent or spam links, preventing them from clicking harmful links. It has improved user awareness, leading to a reduction in ransomware and Trojan attacks, contributing significantly to the organization's security posture.

Integration with other products could be improved. There is potential for enhancing the dashboard. Additionally, the feature utilizing AI for phishing detection should be further developed.

I have used Sophos Phish Threat for three years.

I would rate the stability of Sophos Phish Threat as eight out of ten. It is quite stable.

The scalability of Sophos Phish Threat is also rated as eight out of ten.

Sophos' technical support is very helpful and responsive.

Positive

I initially used Cyberoam, and when Sophos acquired Cyberoam, I continued with Sophos since it is easy to install, robust, and performs well in the market.

The deployment of Sophos Phish Threat is handled by a team of four people, and I oversee it.

The improved education of users has led to fewer ransomware and Trojan attacks, but the financial benefits can't be quantified.

Pricing is a bit expensive and not that affordable. On a scale from one to ten, I would rate it a four.

I recommend Sophos Phish Threat. I would rate the overall solution an eight out of ten.

The major use cases attached to the solution stem from the fact that my company caters to the needs of a lot of customers who use the solution and haven't faced any problems with it or any malware, spyware, or ransomware attacks.

One of the company's customers who used the solution faced an issue last year, and our company fixed it before reporting it to the Sophos customer support team. The customer support team of Sophos helped resolve the problem faced by one of our company's customers within seven working days with the help of AnyDesk.

I cannot suggest which areas in the solution need improvement since Sophos has a research and development team that updates Sophos Phish Threat, and users mostly get the upgraded firewall online.

The product's price is an area of concern, and it can be improved if Sophos reduces the prices by seven to nine percent, considering the current market price at which the product is offered.

I have been using Sophos Phish Threat for five years.

The product's stability is amazing.

The product's scalability is good.

Almost 600 to 700 of our company's customers use the solution.

If our company faces any issues or complications with the product, then we contact the product support team. The technical support offered by the product is good. After contacting the technical support team or after generating a ticket with the support team, the technical team from Sophos tries to resolve the problem as soon as possible, and based on the decisions and timings, it takes around an hour or two.

My company has a dedicated support team to take care of the product setup process.

The product's installation process is very easy since Sophos provides our company with some EXE files we need to install in our system. To use the firewall, a user needs to click on certain checkboxes and activate it.

The solution is deployed on an on-premises model.

For the deployment and maintenance of the product, our company has three admins consisting of one person with a technical background. If there is a need for any support, then our company's technical team arranges for it.

The benefits come in after the solution is installed on the PCs of our company's clients.

The license for the product comes with the firewall offered by Sophos, so a user need not buy it separately.

I recommend the product to those who plan to use it.

I rate the overall tool a ten out of ten.

The most valuable features of Sophos Phish Threat are internal web filtering and security.

Sophos Phish Threat can improve load balancing.

I have been using Sophos Phish Threat for approximately five years.

Sophos Phish Threat is a stable solution.

It is possible to scale Sophos Phish Threat.

The support from Sophos Phish Threat is very good.

I rate the support a five out of five.

Positive

The initial setup of Sophos Phish Threat was straightforward.

I rate the initial setup of Sophos Phish Threat a four out of five.

I would highly recommend this solution to others if they're looking for connectivity in one solution. Their wireless, web filtering, and endpoint solution are all packaged into one.

I rate Sophos Phish Threat an eight out of ten.

Sophos Phish Threat is primarily used for email. It is used for filtering and securing your email.

Sophos Phish Threat is great. It is easy to use.

It would be great if the price was reduced.

We have been selling Sophos Phish Threat for two years. It is not something that we deal with every day.

It's a cloud-based solution. The agent is on-premise, but the solution itself is on the cloud.

The number of customers we have is very minimal, we have approximately two to three customers.

Technical support is good.

We analyze the products we sell every six months, and when we notice that one is failing, we investigate why. Once we know why, we can determine whether to keep it, improve it, or abandon it.

Since there have been more sales with Sophos, we stopped selling Kaspersky.

The initial setup is straightforward.

Five users can be set up in 10 to 15 minutes.

One engineer can easily maintain this solution.

Licensing fees are paid annually.

Recently, Sophos introduced monthly payments but most people go with them annually.

You can have certain issues with monthly payments but annually is if you are in production. They deploy it.

Sophos has such a broad portfolio that explaining it would take hours. We sell all Sophos products.

Most customers will have Office 365 which has its own solutions. Sophos Phish Threat will benefit people who are not yet on the cloud or using Google, but it can work for them.

It is not a fast-selling product. The demand will be only for people who are opening their new companies or moving and migrating their email.

I would definitely recommend this solution.

I would rate Sophos Phish Threat a nine out of ten.

Sophos Phish Threat product is the solution we integrated into our infrastructure when I became the Chief Information Security Officer. It is a good solution because it is used for sensitizing our staff to the risk linked to information security. Additionally, we measure and confirm the efficiency of staff after awareness campaigns. If they are not fully aware then they have to complete the training again.

The solution is easy to integrate because it is on the cloud. We have been able to limit users to only accessing the Sophos platform by modifying the firewall and Sophos platform settings. The dashboard gives us detailed reports allowing us to be able to manage better.

The security of the solution could improve.

I have been using this solution for approximately 2 years.

The solution is stable. However, they could improve by making it more stable.

Sophos Phish Threat is scalable.

We have approximately 260 users using this solution.

The support for Sophos is very good. They are known for provided high-level support. Sophos acquired Cyberoam and other solutions which included their staff. I have experience with the Cyberoam technical team and they are quick to respond and now Sophos is benefiting from this support.

The installation is easy and it took us three weeks. We integrated the solution into our infrastructure to share our Active Directory with the platform. We enroll users to have the add-on on their Outlook mailing clients.

We use two technical consultants to do the implementation and maintenance of Sophos Phish Threat.

There is a license required for this solution and the cost depends on the number of users.

This solution has helps us to confirm the efficiency of the awareness of employees. This is achieved by launching the phishing simulation just after the awareness campaign.

I rate Sophos Phish Threat a nine out of ten.

Sophos Phish Threat is a phishing simulation email platform.

Sophos Phish Threat can improve by adding other languages, such as Mandarin or Cantonese to their online trainer video center, it would be helpful.

I have been using Sophos Phish Threat for approximately two years.

Sophos Phish Threat is stable.

The scalability is very good. You can use it for many users.

We have five people using this solution.

The support from Sophos is good.

The installation is straightforward. You only need to upload the user's email address to the cloud and you can start using it.

We have one person that handles the support of Sophos Phish Threat.

There are monthly and annual subscriptions available to use Sophos Phish Threat. The price is reasonable.

I would recommend this solution to others.

I rate Sophos Phish Threat an eight out of ten.