PhishER by KnowBe4

PhishER is a Security Orchestration, Automation, and Response (SOAR) platform from KnowBe4 that has revolutionised my ability to monitor, respond to and resolve phishing and spam emails sent to my organisation.

It is packed full of features, each of which combine to create an amazing product I now wouldn’t want to be without.

PhishER costs between $11 to $5.50 per year per end-user. You can of course choose to license only part of your organisation, such as only Staff and not Students in an education setting.

Here are the major benefits and features of the platform, which I will cover in more detail below:

  • Effortless Reporting: End-users can report suspicious emails with just two clicks using the Phish Alert Button, ensuring quick threat identification and response. PhishER is designed to be simple for end-users, minimising the learning curve and making it accessible to all end-users.
  • Actions Save You Time: Automated Actions allow for routine tasks on reported emails, such as replying to the reporter and notifying the ticketing system, to be executed quickly and efficiently.
  • Categorise Emails Using Machine Learning: PhishML utilises machine learning to automatically categorise reported emails with minimal manual intervention. You can configure your own tolerances with PhishML, enabling customisation and confidence in the automated categorisation process.
  • Powerful Automation: Combining automated Actions with PhishML enables the platform to automatically respond to emails based on predefined criteria, enhancing efficiency and reducing manual effort.
  • Immediate User Feedback: Automated Actions can instantly notify users about the status of their reported emails, keeping them informed in real-time.
  • Automatically Remove Threats from Mailboxes: Included at no extra cost, PhishRIP allows automated searches across the entire organisation’s mailboxes, effectively removing threats from all relevant mailboxes. PhishRIP encourages end-users to report even seemingly obvious phishing emails, knowing they are contributing to the security of less experienced users.
  • Turn Threats Into Real-world Training Exercises: PhishFLIP turns real phishing emails into learning experiences by replacing dangerous links and attachments, facilitating safe training and testing of end-users. PhishFLIP can be combined with PhishRIP, automatically replacing links and attachments in mailboxes while leaving the email in place for real-world testing.
  • Comprehensive Audit Logging and Reporting: PhishER provides automatic audit logging of every action performed, ensuring transparency and accountability. Generate comprehensive and customisable reports to gain insights into your organisation’s email security.

Effortless Reporting

With just two clicks in the email client end-users can report suspicious emails using the Phish Alert Button, safe in the knowledge that any legitimate emails will be returned to them. In doing so they are helping to protect the organisation from cyber threats.

Simple for end-users

Actions Save You Time

Actions (whether manual or automated) allow you to quickly carry out routine tasks on reported emails, such as replying to the end-user and notifying your ticketing system.

Actions let you carry out multiple steps with a click of a button

Categorise Emails Using Machine Learning

Using PhishML you can rely on machine learning to automatically categorise, respond and resolve reported emails with minimal manual resolution required. The platform lets you configure your own tolerances, enabling you to use the feature with confidence.

PhishML allows automation with confidence

Powerful Automation

The real power of the platform however comes from combining automated Actions with PhishML. When an end-user reports an email PhishML will try to match it as either Clean, Spam, Threat or Unknown based upon your confidence thresholds and apply the relevant label.

Automated Actions are an incredibly powerful tool that will save you so much time

Immediate User Feedback

Your automated Actions can recognise these labels and instantly take action, such as replying to the reporting person that their email is a threat and thank them for reporting it before automatically emailing the Helpdesk with all of the information they need to block the sender, or carry out a PhishRIP (see below).

Or maybe the email is Clean? In which case your automated Action might simply return it to them and inform them it is most likely safe.

Automated Actions let you notify users immediately on their reported emails

But what if PhishML cannot categorise a reported email with enough confidence to meet your thresholds? Well, you could set up an automated Action that tells the user that it couldn’t automatically be categorised and that someone will be manually checking it and will reply based upon your SLA. The action could then immediately raise a ticket on your helpdesk.

Automatically keep your end-users informed, as well as your helpdesk

Automatically Remove Threats from Mailboxes

The PhishRIP feature (which is included at no extra cost) lets you automatically carry out a search on your entire organisation, searching every mailbox for similar emails. If the email was sent to multiple end-users just one of them reporting it would allow you to strip it out of every mailbox – before any of the other users notice it.

This PhishRIP feature really lets your end-users who report emails feel like super heroes. In my experience they will start to report even the most ‘obvious’ (to them) phishing emails, knowing that they are saving less experienced users from the risk of falling victim.

PhishRIP rips threats straight from mailboxes, before they are even opened

Turn Threats Into Real-world Training Exercises

Finally, PhishFLIP lets real phishing emails become a learning experience, with the phishing links and attachments replaced and made safe. In doing so a major threat is turned into a tool for the organisation, allowing you to test and train end-users using real phishing attacks.

Flip real phishing emails into templates for your simulated phishing attacks

PhishFLIP can be combined with PhishRIP, automatically replacing the links and attachments in any other mailboxes which received the email with safe test links, but leaving the email in place to act an immediate real world test.

Comprehensive Audit Logging and Reporting

There’s even more to PhishER, including the to be expected automatic audit logging of every action performed, as well as comprehensive and customisable reporting.

A Product I Wouldn’t Want to Be Without

I am, unabashedly, a big fan of KnowBe4. A large part of that comes from how incredible the PhishER platform is. It allows you to automate a massive part of your security process, while empowering users. It is £1,500 a year for us to license all of our staff and I believe it is worth every penny.

Disclaimer: I am in no way affiliated with KnowBe4 (other than being a customer) and have no affiliate links or kickbacks from anyone purchasing PhishER or any other product or service from them. KnowBe4 did not ask for this review and have never indicated I should publically write about their company or services — I just really love the product!

By Jon Brogan

A cybersecurity enthusiast currently pursuing a BSc (Hons) in Cybersecurity with The Open University. With a background in web development and a passion for problem-solving, I'm on a journey to strengthen digital security and share insights along the way.

Leave a comment