Comparing KnowBe4 to CaniPhish

ajason · 2025-04-10T15:12:45.992Z

I have known about KnowBe4 and CaniPhish for some time and have used the free versions of each software to run phishing tests for our users. The pricing for each is fairly simliar and I was wondering if anyone has had any experience with these and if there was one that was recommended more than the other. Or if there is another option that I have not considered. Now, I have checked into GoPhish, but do not feel like the additional time that I spend to set up those phishing email campaigns would be best for my situation.

As far as phishing training has gone, I have done it a few times over the last several years. It is not done regularly and with the free options there is a limit to the number of times and how many users I can send the test to. Recent discussions with management sounds like they would be open to paying for additional training for our users. Due to that, I have started looking at these platforms in more depth.

Also, has anyone used the PhishER? That looks like it would be a proactive way to identify and remove phishing emails from our M365 tenant that is easy to use. I realize that it would be an add on to the phishing tests, but can see it saving time by helping to remove the phishing emails from the system so that users wouldn’t get as many.

I do have a contact with KnowBe4, but really value the opinion of the community here and I am curious about your experiences with these products.

jeremym · 2025-04-10T15:46:22.749Z

I can only speak to KnowBe4. I used to be an advocate for it here on Spiceworks and I love the product. Security is a must spend. Training users should be a number 1 on your todo list. We phish test every month, and do quarterly mandatory training. KB4 has bee great. We always use the previous quarters released materials to build the training for the next quarter. They have great support, and customer reps, and PhishER is worth it IMHO.

We also use their PAB to send information back to Abnormal email security which has been working well too. They have been around a long time and have a lot of phishing training material. We are also not using them for compliance training.

ajason · 2025-04-10T16:15:42.215Z

Thank you, @jeremym, spoken like a true (former,) advocate.

Training users is very high on my list for sure, getting it to be equally important to management can be difficult sometimes.

KnowBe4 has always treated me well. I have done a few demos with them in the past and have discussed it with management. Most of the time the additional cost for it has been declined. This time around, I have someone in management that appears interested in user training, and understands the additional cost, so hopefully we can get something implemented soon.

Andrew_F · 2025-04-10T16:18:58.557Z

you might want to change the title - KnowBe4 is fine - but can-I-pish sounds like you’re a drunk staggering your way back home looking for somewhere to leave your waste beer … simple typo I’m sure!

ajason · 2025-04-10T16:23:18.188Z

Yup typo for sure. I changed it, thanks for letting me know.