Sold by: KnowBe4, Inc.
Deployed on AWS
PhishER Plus is your lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate your threat response and manage the high volume of potentially malicious email messages reported by your users.
4.5
Overview
Introducing PhishER Plus - the most powerful anti-phishing defense available in the world. PhishER Plus is a light-weight SOAR platform that automatically analyzes and prioritizes reported email messages to identify and quarantine malicious email across your organization. Additionally, transforms in-the-wild phishing emails into training opportunities by flipping them into simulated phishing campaigns.
PhishER Plus adds AI-and-human-validated, crowdsourced blocklist and PhishRIP capabilities to proactively block and remove active phishing attacks that have bypassed email filters BEFORE your user gets exposed to them. PhishER Plus is powered by an active global threat feed (Global Blocklist) that is crowdsourced from more than 10 million highly trained KnowBe4 end users from across the globe to spot and report on active phishing and social engineering attacks in the wild. The reported email-based threats are subject to three levels of human and AI-based validation and analysis: the collective initial reporting from all KnowBe4 trained users; each PhishER customer organization's own SOC/IT security team; and the KnowBe4 Threat Research Lab team, which examines and vets each submitted threat for validity.
Machine learning and AI-powered analysis eliminates the guesswork of identifying high-risk phishing threats from all the user-reported messages and to automate the security workstream for managing the "other 90%" of user-reported emails. This allows your organization to build a fully orchestrated and highly effective SOC team that can identify and mitigate social engineering threats in near real-time.
WHY IS THIS DIFFERENT?
-Cut through the mail clutter and allow your IR and SOC teams to focus on the high-level threats -Group or cluster messages based on patterns to allow incident response teams to quickly identify a widespread phishing attack -Automatically remove phishing emails from users' inboxes at the email server level -Harness the power of blocklisting and crowdsourcing to prevent malicious emails -Take real-world phishing attacks and change them into simulated phishing templates to train your employees, strengthen your organization's human firewall against future assaults -Global Blocklist: Fingerprints of validated threats are used to automatically block matching new incoming messages from reaching your users' inboxes. This constantly updated Global Blocklist threat feed syncs with your Microsoft 365 mail server -Global PhishRIP: Messages that match an identified phishing threat other PhishER customers have removed and have been validated by the KnowBe4 Threat Research Lab can be automatically quarantined by removing (ripping) them from all of your users' inboxes
Contact us with any questions or for custom pricing at AWS@knowbe4.com
"Buy Now" Disclaimer: When you click "Create Contract" your purchase request will be forwarded to KnowBe4 for additional evaluation. You will receive a notification confirming the acceptance of your order as soon as it has been reviewed and approved. Your subscription will not begin until your order has been fully accepted in accordance with the EULA.
Highlights
- Block email threats that have bypassed other email security filters or systems before they reach your users' mailboxes
- Isolate malicious emails that already bypassed your mail filters through automated quarantine with Global PhishRIP
- Crowdsource threat intelligence from 10+ million KnowBe4 trained users
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Users | Users per month | $18.00 |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable, except in the event KnowBe4 is unable to cure a valid warranty claim within thirty (30) days of notice, as provided in further detail in Section 9 of the KnowBe4 Terms of Service.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
When you have questions, we have answers. We make it easy to connect with us when you need technical support, the way you want to connect: Online Community, Support Knowledgebase, and full time dedicated Technical Support teams worldwide. With an average Median Response Time of an hour in responding to new support tickets and a 98% customer support satisfaction rate, KnowBe4's tech experts respond quickly and get your issues resolved super-fast! Visit:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By KnowBe4, Inc.
By Barracuda Networks
By Proofpoint
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Security Orchestration and Automation
Lightweight SOAR platform that automatically analyzes, prioritizes, and orchestrates response to reported email messages to identify and quarantine malicious emails across the organization
AI and Machine Learning-Powered Threat Analysis
Machine learning and AI-powered analysis to identify high-risk phishing threats from user-reported messages and automate security workflows for threat prioritization
Crowdsourced Global Threat Intelligence
Active global threat feed powered by crowdsourced intelligence from over 10 million trained end users with three levels of human and AI-based validation from collective reporting, customer SOC teams, and dedicated threat research lab
Automated Threat Remediation
Automatic removal of phishing emails from users' inboxes at the email server level and quarantine of matching threats through Global PhishRIP capability that syncs with Microsoft 365 mail servers
Threat Pattern Clustering and Campaign Conversion
Message clustering and pattern-based grouping to identify widespread phishing attacks, with capability to convert real-world phishing attacks into simulated phishing training templates
AI-Powered Threat Detection and Response
Leverages AI engine to detect and block phishing, malware, ransomware, spear phishing, spam, and account takeover threats through cloud email gateway and API-based inbox defense mechanisms.
DMARC Authentication and Domain Spoofing Prevention
Provides DMARC reporting with granular visibility and analysis of SPF/DKIM/DMARC configurations to prevent email domain spoofing and minimize false positives.
Cloud-to-Cloud Backup and Data Protection
Offers unlimited Microsoft 365 backup for OneDrive and SharePoint environments with automated data recovery capabilities against malicious or accidental data deletion.
Sensitive Data Discovery and Remediation
Includes Data Inspector tool that scans OneDrive and SharePoint for sensitive information and malware-containing files, with visibility into file sharing and automated remediation for improper shares.
Security Awareness Training and Attack Simulation
Provides simulation-based training with localized content library and continuous attack simulation testing with reporting capabilities for security awareness and user education.
AI-Driven Threat Detection
Utilizes artificial intelligence to detect and prevent advanced email attacks, phishing, credential theft, ransomware, business email compromise, and cloud account takeover threats.
Unified Cross-Channel Visibility
Provides centralized dashboard with holistic view of user interaction and threat telemetry across cloud, email, endpoint, and web channels in a cloud-native interface.
Automated Incident Response
Enables automated remediation and consistent, scalable incident response to sophisticated email attacks with reduced manual triage requirements.
Behavioral and Content Analysis
Correlates user activity, behavior patterns, and content analysis with threat intelligence and data movement to identify and prevent data loss and insider threats in real time.
Data Protection and Privacy Controls
Implements anonymization of user data, content snippet masking, and regional data residency management to protect user privacy while defending against data loss scenarios.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
No security profile
-
-
-
-
-
Standard contract
No
No
No
Customer reviews
Jason H.
Powerful Platform for Reporting, Reviewing, and Removing Phishing Emails
Reviewed on Feb 09, 2026
Review provided by G2
What do you like best about the product?
PhishER provides a good platform for users to report potential phishing emails with. As admin, it provides a safe location to review those reported emails and ways to handle those. You can integrate several platforms with it to make it more powerful. The PhishRIP is great for pulling phishing emails out of user's inboxes that may not have reported it yet. It's another useful tool when combating phishing emails. It doesn't take long to set up and is pretty basic, making it easy to review the reported emails. I use it daily to review reported emails and take the necessary action against them.
What do you dislike about the product?
My biggest dislike with KnowBe4 is the delay that it operates at time. That may be due to it being a web based application, or it may be due to it's integration with M365 that I use, but sometimes it can take awhile to respond, so I have to wait for it to catch up. These do not happen every time, but when they do, it is fairly annoying.
What problems is the product solving and how is that benefiting you?
I need a good way for our users to report phishing and spam email and a platform that I could use to proactively respond to the reported emails. PhishER has helped me do that.
Arrow W.
Efficient Email Threat Detection with User-Friendly Interface
Reviewed on Feb 09, 2026
Review provided by G2
What do you like best about the product?
I really like that KnowBe4 PhishER/PhishER Plus lets users across our company simply click a button to report suspicious emails, which significantly boosts its adoptability. It's also very easy to set up. The initial automated analysis is crucial in making our decision-making process quick and effective, allowing us to evaluate emails and determine the correct course of action almost instantaneously.
What do you dislike about the product?
I wish the tool had a partnership with a company like any.run to allow us to analyze attachments in a safe environment real-time within the platform to see if there's malicious code or additional attack vectors embedded inside attachments.
What problems is the product solving and how is that benefiting you?
I use KnowBe4 PhishER to quickly evaluate suspicious emails and decide the correct course of action. Its initial automated analysis is crucial for our decision-making, streamlining the process of determining if emails are phishing attempts.
Megan K.
Customizable Phish Testing Platform That Engages Employees
Reviewed on Feb 09, 2026
Review provided by G2
What do you like best about the product?
I like the Phish testing and the customization of the emails. It's great that we can customize the phish tests to fit our specific business and industry needs. Additionally, the initial setup of KnowBe4 PhishER/PhishER Plus was easy for us.
What do you dislike about the product?
I wish when people reported emails using the Phish email that it would give them more info, like if it is spam, threat or clean.
What problems is the product solving and how is that benefiting you?
It's our first platform to test employees on phishing emails with consequences for failure.
Non-Profit Organization Management
Easy Testing & Phishing Setup, but Training Campaigns Are Manual
Reviewed on Feb 09, 2026
Review provided by G2
What do you like best about the product?
Easy setup on testing and phishing email
What do you dislike about the product?
Campaigns for training have to be setup one by aone
What problems is the product solving and how is that benefiting you?
reminding staff to be careful on emails and texting, showing which staff are at high risk
Jeff G.
Lacking in key areas including features, reporting, and support.
Reviewed on Dec 19, 2025
Review provided by G2
What do you like best about the product?
That we have an actionable portal in which to sandbox potential threats. In most cases, it does a good job determining if a reported email is either a threat, spam or clean.
What do you dislike about the product?
PhishER is lacking in key areas including features, reporting, and support. It does not offer the robust capabilities found elsewhere in the KnowBe4 ecosystem, particularly when compared to KSAT. The interface feels unpolished, and the platform frequently struggles to process requests, often running slowly and encountering errors more often than is acceptable for a security product.
Automation capabilities are minimal. Beyond basic keyword-based tagging, there is very little available to meaningfully streamline workflows or reduce manual effort. Reporting is another major weakness—built-in reports provide limited actionable insight and pale in comparison to the comprehensive reporting available in KSAT.
My experience with PhishER support has been particularly disappointing. Issues are routinely minimized or described as “expected behavior,” even when the platform becomes difficult or impossible to use. It is apparent that frontline support agents lack sufficient training and escalation support from senior staff and the development team.
If you are considering PhishER because you have been impressed with KnowBe4’s KSAT product, be aware that the same level of polish, investment, and maturity has not been applied here. Based on my experience, PhishER does not currently meet the expectations one would reasonably have for a product in this space.
Automation capabilities are minimal. Beyond basic keyword-based tagging, there is very little available to meaningfully streamline workflows or reduce manual effort. Reporting is another major weakness—built-in reports provide limited actionable insight and pale in comparison to the comprehensive reporting available in KSAT.
My experience with PhishER support has been particularly disappointing. Issues are routinely minimized or described as “expected behavior,” even when the platform becomes difficult or impossible to use. It is apparent that frontline support agents lack sufficient training and escalation support from senior staff and the development team.
If you are considering PhishER because you have been impressed with KnowBe4’s KSAT product, be aware that the same level of polish, investment, and maturity has not been applied here. Based on my experience, PhishER does not currently meet the expectations one would reasonably have for a product in this space.
What problems is the product solving and how is that benefiting you?
Through the KnowBe4 Phish Alert Button (PAB), end users have tool to quickly delete and report suspected threats to the IT department. However, the engine itself, through which the IT department processes these reports, suffers greatly from shortfalls described in the main review.