Assess: Identify Your Most Vulnerable Users and Top Clickers

Security Awareness Training


The first step to building an impactful security awareness program is to assess the current state of your program— who your vulnerable users are, what they know, and what they believe. Proofpoint Security Awareness Training provides you with a range of valuable tools, including phishing simulations, tests and internal cybersecurity assessments. These help you establish a baseline by identifying your most vulnerable users, your Very Attacked People, and your current gaps. And it allows you to focus your program on real risk by assessing users with real-world threats.

See user risk through a whole new lens

Proofpoint helps you identify your most vulnerable users, including top clickers and users that are being targeted with a significant volume of attacks. With this, you get a data-driven security awareness program that goes beyond phishing simulation. We provide you with unique insights of user risk profiles that are based on users’ interaction with real world threats. This means you can assess and identify those who need the most attention, and easily assign them targeted education with our built-in automation.

  • Conduct a more targeted, sophisticated phishing campaign that simulates real-world attacks.
  • Provide thousands of templates of simulated phishing, SMS, and USB attacks based on lures seen in tens of billions of messages a day by Proofpoint threat intelligence.
  • Easily send predefined knowledge assessments on today’s most important cybersecurity and compliance topics to get a baseline on user security awareness knowledge.
  • Auto enrol users who fall for simulated attacks and fail knowledge assessments into targeted simulated phishing tests and additional training.
  • Phishing tests allow you to uncover Very Attacked People (VAPs) and top clickers via integration with Proofpoint’s email security solution.

Phishing Simulations

Phishing  Simulations

You can set up phishing simulations and tests, USB, SMS, and SMShing campaigns in minutes. This allows you to gauge your users’ susceptibility to these important threat vectors. You also get unique insights into user vulnerability. And you can easily see if your users demonstrate consistent positive reporting behavior by flagging simulated messages using the PhishAlarm email reporting button.


Learn More About Very Attacked People

Knowledge Assessments

PSAT Assessment Assignments Dashboard

You get predefined cybersecurity assessments and tests on topics such as data protection, passwords, compliance, phishing and more. These include hundreds of questions in more than 40 languages. This helps you answer questions such as:

  • What do my users know?
  • Who are my most and least knowledgeable users?
  • Which security topics do my users struggle with?

How security-aware are your users?

Very Attacked People

Dive deeper into the current state of your security awareness program and user vulnerability via integrations with our Threat Protection Platform.

Simulated Attacks, Knowledge Assessments, and Very Attacked People

Uncover who your Very Attacked People are. Learn how they’re being attacked and by what types of threats, and whether they’re engaging with malicious messages. By combining this information with phishing test results, you can focus your program on these highly vulnerable users. This will more effectively reduce your overall risk.


Learn more about Very Attacked People and top clickers

Nexus People Risk Explorer

Nexus People Risk Explorer

Improve your visibility into people risk using vulnerability, attack, and privilege data. Using Nexus People Risk Explorer, you can look at a subset of the organization and get a ranked list of risky users. Analyze the list of vulnerabilities based on the security controls you have (such as security awareness training). And get information on the users that each control should be applied to, along with a risk reduction score if a particular control is applied.


Learn more about Nexus People Risk Explorer