KnowBe4 vs Sophos Phish Threat comparison

KnowBe4 and Sophos are both solutions in the Security Awareness Training category. KnowBe4 is ranked #1 with an average rating of 9.5, while Sophos is ranked #3 with an average rating of 9.3. KnowBe4 holds a 32.1% mindshare in SAT, compared to Sophos’s 5.4% mindshare. Additionally, 100% of KnowBe4 users are willing to recommend the solution, compared to 100% of Sophos users who would recommend it.

KnowBe4

Read 4 KnowBe4 reviews

1,748 Views
1,317 Comparison Views

100% willing to recommend

Sophos Phish Threat

Read 12 Sophos Phish Threat reviews

335 Views
198 Comparison Views

100% willing to recommend

KnowBe4

Sophos Phish Threat

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between KnowBe4 and Sophos Phish Threat based on real PeerSpot user reviews.

Find out in this report how the two Security Awareness Training solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed KnowBe4 vs. Sophos Phish Threat Report (Updated: January 2025).

Buyer's Guide

KnowBe4 vs. Sophos Phish Threat

January 2025

Download the complete report

Helped 831,563 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

KnowBe4

Ranking in Security Awareness Training

1st

Average Rating

9.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Sophos Phish Threat

Ranking in Security Awareness Training

3rd

Average Rating

8.8

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of January 2025, in the Security Awareness Training category, the mindshare of KnowBe4 is 32.1%, down from 36.2% compared to the previous year. The mindshare of Sophos Phish Threat is 5.4%, up from 4.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Awareness Training

Featured Reviews

Brad Mathis

Employee-Owner, Senior Consultant, Information Security at Keller Schroeder

Lowers human element risks and has innovative training

Some more AI-driven automation for creating training and phishing testing campaigns, as well as automated reporting would help. The Phish Alert button could be improved, although it is understood this is due to Microsoft's constant changes. Any improvements in wizards and documentation are always a good thing!. Additonal areas for improvement could be around the technical training and best practice training areas such as NIST CSF, CISv8, Cyberinsurance, and more. Clearer whitelisting requirements are always appreciated. However, the current levels are significant and appreciated.

Read full review

Carlos Roberto Da Silva

Pre-Sales Director at 4 ITS

Significantly reduced phishing attacks in my customers' environments by training their users

Sophos should offer tests where we can emulate new attacks happening now. For example, people use traveling companies, so we could simulate a new test based on that. Sophos could update tests because we have tests for old attacks. We need new emails with new attacks, something that's happening now. Phish Threat has a lot of features that need to be improved, such as reporting. This is not just with EDR but with Sophos Central as well. For example, if we wanted to find the top ten machines that had been attacked the most last month, we could identify what the problem could be, whether it's the user or something happening with the machine. The report could say, "Last month, 20 machines were affected," maybe thanks to a virus or malware.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The main thing is the overall report card. We get to tell the percentages of users who click on links and who don't click on links. We also get an overall score or risk score from them, which also helps us."

"KnowBe4's formulas for risk reduction simply work. Being a technical company, our initial phish-prone percentage wasn't super high, but it was still around 18%. Since we have been requiring ongoing training and simulated phish testing, our average phish-prone percentage hovers in the 0 to 3% range now."

"Their customizable nature allows us to create scenarios that closely resemble real-world phishing attempts, making them highly relatable to our end users."

"There are many valuable features. It's already deployed in the cloud, and you don't have to install anything. You just upload your users to the cloud and tweak something if needed. You can whitelist some servers to work with this properly. When everything is ready, you can start using the platform and its many automated features."

"Sophos Phish Threat effectively identifies susceptible employees."

"Sophos Phish Threat is valuable as it is easy to use and effectively educates end users on the threats they may face and how to identify them."

"The installation is straightforward. You only need to upload the user's email address to the cloud and you can start using it."

"The solution is easy to integrate because it is on the cloud. We have been able to limit users to only accessing the Sophos platform by modifying the firewall and Sophos platform settings. The dashboard gives us detailed reports allowing us to be able to manage better."

"I have found the implementation process to be simple and straightforward."

"It is very simple to install and you can do it by yourself."

"It is simple to push tests out to a group of users."

"The scalability is very good."

More Sophos Phish Threat pros

Cons

"It could be more localized for Ukrainian users. This platform is international, and it has a lot of material in different languages, but not in Ukrainian and Russian languages. There's plenty of different content updated regularly for English, French, and German users. They have a lot more information, and Ukrainian users also want more."

"Enhancing the product's emotional intelligence, particularly by providing training content tailored to specific audiences, is an area for improvement."

"It can be more interactive with users. We want to put the users in different scenarios and let them make decisions. For example, instead of making users go through a video and then asking questions, it can have a video where they click on the scenarios and have to make decisions. It can maybe have something like a live simulation. It would be nice for users."

"Sophos Phish Threat can improve load balancing."

"The pricing of Sophos Phish threat can be improved."

"The solution could be much more secure."

"There is a need for improvement regarding false negatives dealing with Office 365."

"I would like to see more manager-level training that teaches what needs to be done after a phishing email attack is found."

"The security could be simplified within the product."

"Sophos should offer tests where we can emulate new attacks happening now."

"Sophos Phish Threat can improve by adding other languages, such as Mandarin or Cantonese to their online trainer video center, it would be helpful."

More Sophos Phish Threat cons

Pricing and Cost Advice

"I don't know the cost, but I believe we are paying yearly. We did like a three-year or five-year contract. I am not aware of any extra costs in addition to a standard licensing fee."

"Licensing is paid on a yearly basis. You can go to the official site to check their approximate pricing. It's based on the number of users or staff. It can vary from country to country, but for Ukraine, it works as it's stated on the site."

"I rate the product pricing as four out of ten."

"There is a license required for this solution and the cost depends on the number of users."

"The license for the product comes with the firewall offered by Sophos, so a user need not buy it separately."

"The pricing is very good, and some of my customers who have used other vendors say that Sophos is priced well within the market."

"Licensing fees are paid annually."

"There are monthly and annual subscriptions available to use Sophos Phish Threat. The price is reasonable."

See which vendors are best for you

Use our free recommendation engine to learn which Security Awareness Training solutions are best for your needs.

See recommendations

831,563 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

13%

Financial Services Firm

Educational Organization

Healthcare Company

Computer Software Company

23%

Financial Services Firm

13%

Real Estate/Law Firm

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about KnowBe4?

Their customizable nature allows us to create scenarios that closely resemble real-world phishing attempts, making them highly relatable to our end users.

See all answers

What is your experience regarding pricing and costs for KnowBe4?

My advice would be to find a trusted partner and work with them. The pricing model is simple. If you have the technical staff and bandwidth, you may implement it yourself. However, if you want to g...

See all answers

What needs improvement with KnowBe4?

See all answers

What do you like most about Sophos Phish Threat?

I find the solution's reports very valuable.

See all answers

What needs improvement with Sophos Phish Threat?

Integration with other products could be improved. There is potential for enhancing the dashboard. Additionally, the feature utilizing AI for phishing detection should be further developed.

See all answers

What is your primary use case for Sophos Phish Threat?

The primary use case of Sophos Phish Threat is to educate users on identifying fraudulent or spam links, thereby preventing them from clicking on malicious links.

See all answers

Comparisons

Terranova Security vs KnowBe4

Compared 18% of the time

Arctic Wolf Managed Security Awareness vs KnowBe4

Compared 15% of the time

Proofpoint Email Protection vs KnowBe4

Compared 13% of the time

Kaspersky Security Awareness vs KnowBe4

Compared 9% of the time

Barracuda PhishLine vs KnowBe4

Compared 7% of the time

More KnowBe4 Competitors

No data available

Product Reports

Buyer's Guide

KnowBe4

January 2025

Download KnowBe4 product report

Buyer's Guide

Security Awareness Training

January 2025

Download Sophos Phish Threat product report

Also Known As

No data available

Phish Threat

Overview

Old school Security Awareness Training is static. It’s a one-time event without follow-up. KnowBe4's Kevin Mitnick Security Awareness Training starts with a baseline test to show the actual Phish-prone percentage of your users. Then it steps users through effective, interactive, on-demand browser-based training. As step three, you send frequent simulated phishing attacks to your employees to reinforce the training. This last feature, frequent simulated phishing attacks (we recommend at the very least once a month) really creates a change in behavior.

KnowBe4

Sophos Phish Threat emulates a range of phishing attack types to help you identify areas of weakness in your organization’s security posture, and empower users through engaging training to strengthen your organizations defenses.

Sophos

Sample Customers

West Aurora Public School District 129

Information Not Available

Buyer's Guide

KnowBe4 vs. Sophos Phish Threat

January 2025

Free Report: KnowBe4 vs. Sophos Phish Threat

Find out what your peers are saying about KnowBe4 vs. Sophos Phish Threat and other solutions. Updated: January 2025.

DOWNLOAD NOW

831,563 professionals have used our research since 2012.

See our KnowBe4 vs. Sophos Phish Threat report.

See our list of best Security Awareness Training vendors.

We monitor all Security Awareness Training reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.