Fight phishing and other potentially devastating attacks that can slip through security gateways. These evolving and sophisticated attack techniques, designed to fool employees, put your business at risk for data loss, financial fraud, and embarrassing exposure. Transform employees into a layer of defense with Barracuda PhishLine.

With PhishLine, you guard against every facet of social-engineering threats with continuous simulation and training for employees. Expose them to the latest attack techniques, and teach them to recognize the subtle clues and help stop email fraud, data loss, and brand damage. Embed learning into your everyday business processes with customized simulations that test and reinforce good behavior.

Only PhishLine helps you guard against a range of threats with patented, highly-variable attack simulations for multiple vectors, including phishing, smishing, vishing, and found physical media.

Barracuda PhishLine trains users to understand and respond correctly to the latest phishing techniques, recognize subtle phishing clues, and prevent email fraud, data loss, and brand damage. It transforms employees into a powerful line of defense against damaging phishing attacks.

This versatile, scalable, cloud-hosted SaaS solution includes hundreds of email and landing-pages templates, updated based on threat trends. Levelized training and gamification make it more effective by engaging employees.

Phishing Training

Barracuda PhishLine uses advanced, automated education technology that includes simulation-based training, continuous testing, powerful reporting for administrators, and active incident response awareness.

Phishing Simulation

Simulated phishing attacks are constantly updated to reflect the most recent and most common threats. Simulations are not limited to email, but also include voice, SMS, and portable-media (USB stick) attacks. Templates let you customize simulations.

Phishing Reporting

Barracuda Phishline provides advanced analytics and reporting tools that enable you to identify how effective your training is and how users react to actual phishing attacks that may slip through other defenses.

Patented Simulations

PhishLine's patented attack simulations train your employees to spot email threats that can compromise data and result in financial and reputational loss. A/B tests prevent users from receiving duplicate simulations.

Total Email Protection Portfolio

PhishLine is part of Barracuda’s Total Email Protection portfolio, delivering truly comprehensive email security.

Curated Content

PhishLine Content Center Marketplace™ provides dozens of simulation templates, landing pages, risk-assessment surveys, and other training content. New, customizable content is added daily, to reflect current threat trends.

Gamification

PhishLine boosts user engagement with gamification. Videos, infographics, newsletters, and other materials supplement core training.

Levelized Programs

As employees progress through their training program, the content constantly changes, challenging them to continuously improve their phishing detection and reporting skills.

PhishLine Concierge Service (Optional)

PhishLine Concierge is an optional service that offloads the complex tasks of defining, configuring, executing, and analyzing your simulation campaigns to a dedicated consultant, to minimize your resource overhead.

Users Are NOT the Weakest Link. Let’s bust that myth right now. 100% of the phish Cofense finds in customers’ environments were reported by users. 0% were stopped by perimeter technology. When secure email gateways fail, users are your last line of defense. Will they fall for a phish or report it? Cofense PhishMeTM educates them on the real attacks your company faces, transforming vulnerable targets into active defenders.

YOUR PROBLEM

No matter how good your perimeter security, phishing emails still reach users and threaten to trigger breaches. The Cofense Phishing Defense CenterTM finds that 90% of user-reported emails are in environments using secure email gateways (SEGs). Every phishing email that reaches the user is an attack on your organization. When technology fails, users need to become human sensors and report phishing, so the SOC can remediate the threat. But how can users report if they don’t recognize today’s evolving attacks?

OUR SOLUTION

Teach users to identify (real) phish. Cofense PhishMe educates users on the real phishing tactics your company faces. We leverage extensive research, threat intelligence, and front-line phishing defense resources that other providers lack. We believe that real phish are the real problem. Through experiential learning—simulations of current phishing threats — you’ll condition smarter email behavior, transforming vulnerable targets into an essential layer of defense.

Click Only: A phishing email that urges the recipient to click on an embedded link.

Data Entry: A phishing email with a link to a customized landing page that entices users to enter sensitive information.

Attachment-based: A phishing email with seemingly legitimate attachments in a variety of file formats.

Double Barrel: Patented technology that simulates conversational phishing techniques by sending two emails – one benign and one containing a malicious element – to train users on this tactic used by APT groups.
Benchmarking: A patented feature to conduct an identical scenario and receive an additional report that provides an anonymous comparison of your results with other Cofense customers or industry peers that ran the same scenario.

Highly Personalized: Simulate advanced social engineering tactics by using specific public, known details about email recipients gathered from internal and public sources.

Security Teams are not Ready Eventually, your organization will be attacked. When this happens, your SOC team’s skillsets, including playbook knowledge, detection and investigation skills, teamwork and communication skills, and security tool operation, will be put to the test. However, conventional training courses do not prepare incident response teams for the intense experience of a cyberattack. SOC teams are unprepared and overwhelmed.

Cyberbit Range: Simulating the Cyberattack Experience Cyberbit Range was created to address this critical gap. It introduces a new training approach by providing a hyper-realistic, virtual SOC environment, where your team can train in responding to real-world, simulated cyberattacks and dramatically improve their skills.

Instant, Cloud-Based Training Your SOC team’s time is precious. Their training needs to be accessible, so they can train before or after their shift without leaving the office. By training with Cyberbit Cloud Range, your team can log in anytime, anywhere, and start a simulated training session within minutes, either individually, or as a team.

Cyber Range Simulated Training

• Train Groups or Individuals

• Train Blue or Red Teams

• Train any Role From Tier-1 Analysts to Executives

• Guided or Independent Training with Automated Assessment

• Entry-Level to Complex Scenarios

• Cloud Based Access - Anytime, Anywhere

Hyper Realistic Simulated Training Real-World Network A comprehensive virtualized network that includes application servers, database servers, email servers, switches, routers, and a simulated internet segment. Real-World Security Tools Train your teams in a virtual SOC using market-leading security products: commercial SIEMs, firewalls, endpoint security systems and analysis tools, so your trainees can practice using the same tools they would use in real-life. Real-World Simulated Attacks Choose from an extensive catalog of simulated training scenarios, from entry-level to advanced, multi-stage attacks. Train individuals or teams, from tier-1 analysts to SOC managers and red teams. Attacks are simulated by an automated attack generator, running scenarios crafted by training experts, which means that SOC teams can train in elaborate attacks without the involvement of a red team. Cyberbit’s training scenarios are designed for multiple roles and aligned with NICE Cybersecurity Framework KSA’s.

How It Works Our core solution takes a customized, three-fold approach to readiness: anti-phishing assessment, monitoring, and training. We send disguised emails using different attack scenario simulations (including both spray and spear phishing) to your employees on an ongoing basis. Employees’ reactions are tested using various methods and levels of deception. Phishing Readiness It’s not how much effort you’ve put into training employees, how fast your servers are or how up-to-date your software may be. Cyber security awareness programs often fail because readiness is what matters most. Most organizations invest heavily in awareness programs that encourage employees to excel on tests and to keep security best practices in mind. Yet as readiness is skill-dependent and not awareness-dependent, most of these programs ultimately lead to high levels of awareness and regrettably low levels of performance. When it comes to phishing readiness, the true measurement is hindsight: did you know what to do, and did you react accordingly? Instant Deployment We know that timing and context are of the essence. CybeReady’s training programs are fully customizable and ready for technical testing. Within 48 hours of a purchase order, your branded content and simulation suggestions will be ready for use. We deliver programs in your native language that are customized to fit the specific context of your industry and the regions in which your company operates. Once your program has launched, you’ll receive weekly ‘Readiness Reports’ that contain information on the automated operation and performance of your training programs, along with suggestions from our team. Smart Learning  You can only be assured of employees’ readiness with the most rigorous behavioral training, and that requires fully customized content–not templates. CybeReady specializes in highly convincing phishing attacks at varying levels of difficulty–from sector-specific, tailor-made messages to department and position-specific messages, to customer-branded, simulation-specific content that is linguistically and culturally adapted to your needs. With such realistic scenarios, you’ll be well equipped to prepare your employees for any hacker’s diverse approaches to phishing.

Phishing in many of its manifestations has been and remains a tool for the initial stage in the chain attack. If we turn to the classical model of the chain attack from Lockheed Martin, then phishing will be present not only at the first stage, but also in many subsequent ones. The number of attacks that were launched or implemented using phishing is nothing to call, big names and grandiose amounts of losses. If you add fines for this to the loss of user data, these amounts often grow at times.

5 Reasons Your Security Awareness Program Needs Continuous Learning

• Because security awareness education is not a fire drill.
• Because the threat landscape is always changing.
• Because it’s the only way to truly assess how much your end-users are learning.
• Because people learn at different rates.
• Because you will learn what works and what doesn’t.

Complete Workforce Training

Autonomus training platform continuously trains 100% of employees every month, year-round, using proven methodology and localized, customized content.

Advanced Automation

Machine Learning-powered training selects and adjusts training to each employee, including adaptive difficulty level and frequency of training.

Just in Time (JIT) Learning

Phishing simulations and short learning sessions in one integrative experience ensure learning ‘in the golden moment’ and eliminate friction with employees.

Guarantees Results

Significant change in employee behavior towards cyber attacks: 83% reduction in Serial Clickers, 403% increase in employee resilience score.

Effortless

Cybeready’s fully managed solution ensures results yet eliminates IT effort, so you can dedicate valuable resources to other, more challenging tasks.

HELP EMPLOYEES PRACTICE THE RIGHT CYBER BEHAVIORS

Organizations like yours have implemented cybersecurity programs to train employees how to identify and avoid phishing, CEO fraud, and other social engineering attacks. And yet employees continue to fall victim to these scams, putting your business at risk. That’s because social engineering is designed to evoke an emotional response that makes the impulse to respond or “click” irresistible. To combat social engineering attacks like phishing, you need focus on employee behavior (emotional response) not just on employee knowledge (rational thinking).
Only Dcoya harnesses the power of machine learning, behavioral psychology best practices, and marketing methodologies to help employees learn and practice behaviors that will minimize cybersecurity mistakes.

PERSONALIZE ANTI-PHSIHING TRAINING FOR EVERY EMPLOYEE

Practice makes perfect. But your SecOps don’t have the time to devote to individual training. With Dcoya Behave, every employee gets a personal cybersecurity training regimen automatically. Dcoya Behave simulates social engineering attacks, triggered automatically by employee real-time interactions with a phish, or by risk scores from past performance. These real-world phishing simulations test the cybersecurity savvy of your employees; give them opportunities to practice the right behavior; and enroll them automatically in refresher training as needed.

WITH DCOYA BEHAVE YOU GET

• Real-world, social engineering attacks based on the latest Dcoya intelligence; built-in and customized to imitate even the most devious attacks.
• Cognitive computing and ML algorithms to automate employee segmentation.
• Analysis of each keystroke in employee training sessions.
• Detailed {WHO} analytics on each employee’s behavior-changing journey.
• Automatic launch of simulated attacks to single employees and to groups of employees, with immediate analysis of results, and next-step recommendations.
• Automatic enrollment in refresher training for employees who need it.

KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. More than 30,000 organizations worldwide are using it. You now have a way to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks.

SaaS subscription is priced per seat, per year. Offer Silver, Gold, Platinum or Diamond levels to meet your organization’s needs, comprised of three levels of training access and increasingly powerful features.

• The world's largest library of well over 1000+ security awareness training content items; including interactive modules, videos, games, posters and newsletters - with the Diamond level you get frequent, new fresh content.
• Translated phishing and training content in 30+ languages across phishing and training content, with support for localized learner experience in select languages.
• On-demand, engaging, interactive browser-based training.
• Brandable Content feature enables you to add branded custom content to the beginning and end of select KnowBe4 training modules.
• The learner experience offers optional gamification, with leaderboards and badges, to incentivize and motivate users to take their assigned training.
• Localized training interface option for your users! Currently available in 20+ local languages, your users can choose the language they are most comfortable with, helping deliver a more immersive training experience.
• Create multiple training campaigns as ongoing or with a completion date.
• Assessments help you identify users that have a higher proficiency in security in not only knowing the right thing to do but also actually doing the right thing as part of the security culture you’re trying to achieve in your organization.
• Automate enrollment and follow-up emails to “nudge” users.
• Allows you to create an effective “Human Firewall”.
• Hosted in our Cloud LMS, run the course in your own Learning Management System, or delivered as a Managed Service.
• Hints & Tips Security Awareness emails for compliance.
• Point-of-failure training auto-enrollment.
• Within one account, you can have multiple allowed domains (e.g. com, net, .org) and users can sign up with any of the domains associated to an account.
• Industry's largest full-time content development staff: 40+ people.
• Visible training results: Phish-prone percentage™ for whole organization graphed over time in your console for reporting.
• Enhanced Training Campaigns with ""relative enrollment duration"" feature.
• Certificate printing where users can view/download/print their own certificates after completing a course.
• Automatic SCORM delivery via console if you use your own LMS.
• Upload Your Own Content! You now have the option to upload your own SCORM-compliant training and video content in any language you choose, directly into your KnowBe4 account - at no extra cost!
• Extend training deadlines for overdue users.

To educate end users without wasting time, you first need to identify their individual vulnerabilities, as well as broader cybersecurity concerns for your organization. Our ThreatSim® Phishing Simulations help you assess users’ susceptibility to phishing and spear-phishing attacks, with email templates based on real phishing lures spotted “in the wild” by Proofpoint threat intelligence. We also offer CyberStrength® Knowledge Assessments, a powerful web-based tool that helps you measure users’ understanding of critical cybersecurity topics and track progress over time, driving continuous improvement.

ThreatSim® tests your organization’s susceptibility to a variety of phishing and spear-phishing attacks. Unlike other phishing simulation tools, we provide Dynamic Threat Simulation phishing templates based on current lures spotted “in the wild” by Proofpoint’s industry-leading threat intelligence.

With thousands of different phishing templates across 35+ languages and 13 categories—and more added each month — you can evaluate users on multiple threat types, including:

• Malicious attachments
• Embedded links
• Requests for personal data

Wide Variety of Customizable Templates

The ThreatSim phishing tool supports more than thousands of templates across more than 35 languages. Our variety of templates address three key testing factors: embedded links, requests for personal data, and attachment downloads (.pdf, .doc, .docx, .xlsx, and .html). Average failure rates calculated from assessments sent by all customers for each template are visible within the phishing tool, which allows administrators to gauge difficulty prior to campaign creation.

Dynamic Threat Simulation

Using real, “in-the-wild,” threat intelligence data from our Targeted Attack Protection, we deliver new ThreatSim phishing templates to help create simulated attacks that will challenge the user’s ability to respond to the most relevant threats. Administrators can customize the content in any template, or create their own. This flexibility allows organizations to quickly and easily create timely phishing tests that mimic threats seen in the wild and within their own networks.

Teachable Moments

We strongly suggest that all employees who fall for a ThreatSim Phishing Simulation be automatically presented with an “intervention message” (which we like to call a Teachable Moment). By utilizing “just-in-time teaching” at the moment an employee interacts with a mock phishing email, Teachable Moments explain what happened, outline the dangers associated with real attacks, and give practical advice about avoiding future traps.
We offer several formats — including static and animated landing pages, short videos, and interactive challenges — for our Teachable Moments and allow you to tailor the message as you see fit. A selection of static landing pages is available in 17 languages, which allows your global employees to view key messages in their native languages. You can also opt to route clicks to your own internal messaging.

Auto-Enrollment

We were the first-to-market with this time-saving and behavior changing feature that allows you to automatically assign follow-up training to anyone who falls for a ThreatSim Phishing Simulation. While you can still assign training to everyone, Auto-Enrollment allows you to quickly deliver targeted training to your most susceptible end users first. This approach can dramatically improve the efficiency of your program and engage those who need the most attention.

Multinational Support

Multinational support allows administrators to deliver simulated attacks and Teachable Moments in dozens if languages which means you can assess your global employees in their native language.

PhishAlarm and PhishAlarm Analyzer

Our PhishAlarm one-click email reporting tool is available to install at no cost. This email client add-in allows employees to report suspicious messages to your security and incident response teams with a single mouse click. We recommend adding our PhishAlarm Analyzer anti-phishing email analysis tool, which utilizes machine learning to prioritize emails reported via PhishAlarm and enables faster remediation of the most dangerous threats on your network.

System Click Exclusion

System Click Exclusion is a feature built into ThreatSim that identifies and isolates phishing simulation interactions initiated by email protection tools. This patented approach ensures an accurate view of risky end user behaviors and enables productive and efficient security education programs.

What does this provide?

• Accuracy - A mechanism to ensure an accurate view of end user interactions (versus clicks from email gateways) in phishing simulations
• Intuitive UI - An easy-to-use interface for creating System Click Exclusion rules for multiple system interactions based upon IP address or user agent
• Reporting - Easily identify the interactions from systems instead of users to validate that all interactions are being captured
• Integration with TAP - A seamless experience for Targeted Attack Protection (TAP) customers because the customer’s email protection tool clicks are already systemically whitelisted through existing integration between the ThreatSim product and TAP

Random Scheduling

This option allows you to spread out the distribution of phishing simulations to minimize the impact to your email servers and IT helpdesk. Paired with the ability to use multiple simulated attack templates in a single assessment campaign, these functions reduce the chances that employees will figure out – and discuss – the phishing test, which helps provide the purest test of end-user susceptibility.

Valuable Business Intelligence

ThreatSim provides extensive analytics and reporting about employee responses to various phishing attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.

Weak Network Egress and Vulnerability Checks

ThreatSim offers an optional Weak Network Egress function, which can help detect data egress from users’ PCs and, as a result, allow security personnel to identify and modify security controls to reduce potential threats. Administrators can also check for browser vulnerabilities with the capability to flag out-of-date (and potentially vulnerable) third-party plug-ins on end-user PCs.