Press Release • FOR IMMEDIATE RELEASE

HailBytes Launches Phishing Simulation Platform on AWS and Azure to Help Companies Cut Human Error and Pass SOC 2 Audits

With 68% of breaches still involving a non-malicious human element (Verizon DBIR 2024), HailBytes SAT gives security teams recurring phishing campaigns, interactive training quizzes, and branded certificates of completion, all inside their own AWS or Azure account, with unlimited campaigns and a 30-day free trial.

← Back to Press Kit

HailBytes SAT product demo video thumbnail

Embeddable demo for press coverage. Direct link: youtu.be/MEnm6welV1M

Wire-Service Submission Package

Copy each field below directly into PR Underground, EIN Presswire, PRWeb, or any major wire-service submission form. The full press-release body is provided as plain text further down for paste-and-go.

Headline (under 130 chars)

HailBytes Launches Phishing Simulation Platform on AWS and Azure to Help Companies Cut Human Error and Pass SOC 2 Audits

Summary / Subheadline

With 68% of breaches still involving a non-malicious human element (Verizon DBIR 2024), HailBytes SAT - a self-hosted enterprise phishing-simulation and training platform with recurring campaigns, interactive quizzes, and auto-generated branded certificates of completion - is now available on AWS Marketplace and Azure Marketplace with hourly pricing, unlimited campaigns for unlimited users, and a 30-day free trial.

Suggested Categories

Computer Software / Cloud Computing / Information Technology / Cyber Security / Education and Training

Keywords / Tags

self-hosted security awareness training, phishing simulation AWS Marketplace, phishing simulation Azure Marketplace, KnowBe4 alternative, Proofpoint Security Awareness alternative, GoPhish enterprise, SOC 2 phishing training evidence, recurring phishing campaigns, OIDC SSO phishing simulator, cloud security 2026, HailBytes SAT

Primary URL

https://hailbytes.com/sat/

Suggested Hero Image

https://hailbytes.com/images/blog/introducing-hailbytes-sat.png

Media Contact Block

David McHale, Founder
HailBytes
david@hailbytes.com
https://hailbytes.com/press/

Full Body (plain text - paste into wire-service body field)

DENVER, Colo. -- May 5, 2026 -- The 2024 Verizon Data Breach Investigations Report found that 68% of breaches still involve a non-malicious human element - a clicked phishing link, a reused password, a moment of misplaced trust. A decade into the security awareness training market, that number has barely moved.

HailBytes, LLC, a Delaware-registered cloud security company headquartered in Denver, Colorado, today announced the general availability of HailBytes Security Awareness Training Platform (HailBytes SAT) on the Amazon Web Services (AWS) Marketplace and the Microsoft Azure Marketplace. The platform is engineered for security teams that need to measure human risk, document recurring training, and produce audit-ready evidence for SOC 2, ISO 27001, and PCI DSS reviewers - without sending employee data to a third-party SaaS vendor. New customers can deploy HailBytes SAT in their own cloud account with a 30-day free trial, hourly pricing, and unlimited campaigns for unlimited users.

Unlike SaaS phishing-simulation products that store employee data on vendor infrastructure and tie deliverability to a shared sender reputation, HailBytes SAT runs entirely inside the customer's own AWS or Azure account, with their own VPC, security groups, retention policies, sender domains, and OIDC identity provider. The platform is distributed under the Elastic License 2.0 (ELv2), giving customers full source availability so they can inspect, modify, and self-host the platform on infrastructure they control.

Key capabilities of HailBytes SAT include:

- Recurring training campaigns scheduled on a monthly, quarterly, or annual cadence, with per-user and per-group compliance tracking across every campaign.
- Interactive landing-page quizzes with real-time feedback that explain correct answers in the moment, turning a clicked phishing simulation into an immediate learning event.
- Auto-generated branded PDF certificates of completion with employee name, training title, and completion date - ready to hand to auditors as documented training evidence.
- A structured audit log capturing every campaign launch, export, and admin action, exportable to JSON or CSV (with REST API and webhooks for live SIEM/SOAR streaming) for direct SIEM ingestion.
- Modernized infrastructure with hardened deployment pipelines, refreshed TLS and SMTP configuration, MFA/TOTP, OIDC SSO (Microsoft Entra ID, Google), and custom branding controls.

"SOC 2 auditors and cyber-insurance underwriters now ask whether you ran phishing simulations last quarter, not whether you have a security awareness program on paper," said David McHale, Founder of HailBytes. "That shifts SAT from an HR line item into a procurement-required control. We built HailBytes SAT so security teams can satisfy that requirement with documented per-employee training and audit-ready evidence - and keep all of it inside their own cloud account. The 30-day free trial on AWS and Azure lets them prove the value before they commit."

By the numbers:

- 3,000+ HailBytes deployments worldwide
- 68%: share of breaches that still involve a non-malicious human element in 2024 (Verizon DBIR)
- $4.88M: average global cost of a data breach in 2024 (IBM)
- $0.24/vCPU/hour: HailBytes SAT starting price - unlimited campaigns and users on a single subscription, no per-seat fees
- 30 days: free trial length on both AWS Marketplace and Azure Marketplace

HailBytes SAT is available immediately on the AWS Marketplace at https://aws.amazon.com/marketplace/pp/prodview-yyk6iton3ghu4 and on the Azure Marketplace at https://marketplace.microsoft.com/en-us/product/virtual-machines/lcmcon1687976613543.gophish-phishing-simulator. Pricing starts at $0.24 per vCPU per hour. Customers pay only for the cloud infrastructure they use; there are no per-seat license fees, and a single marketplace subscription runs unlimited campaigns for unlimited users. Standard support is included; priority support and managed-service options are available through the HailBytes Cloud Support Hub.

About HailBytes
HailBytes provides cloud-deployed security testing tools for modern security teams. With 3,000+ deployments worldwide, HailBytes makes enterprise-grade phishing simulation and reconnaissance automation accessible to organizations of all sizes. Flagship products HailBytes SAT and HailBytes ASM are distributed under the Elastic License 2.0 and deploy on customer-controlled AWS and Azure infrastructure, ensuring data sovereignty and supporting SOC 2, ISO 27001, and GDPR compliance workflows. Learn more at https://hailbytes.com.

Media Contact:
David McHale, Founder
HailBytes
david@hailbytes.com
https://hailbytes.com/press/

###

For Immediate Release

DENVER, Colo., May 5, 2026. The 2024 Verizon Data Breach Investigations Report found that 68% of breaches still involve a non-malicious human element (a clicked phishing link, a reused password, a moment of misplaced trust). A decade into the security awareness training market, that number has barely moved.

HailBytes, LLC, a Delaware-registered cloud security company headquartered in Denver, Colorado, today announced the general availability of HailBytes Security Awareness Training Platform (HailBytes SAT) on the Amazon Web Services (AWS) Marketplace and the Microsoft Azure Marketplace. The platform is engineered for security teams that need to measure human risk, document recurring training, and produce audit-ready evidence for SOC 2, ISO 27001, and PCI DSS reviewers, without sending employee data to a third-party SaaS vendor. New customers can deploy HailBytes SAT in their own cloud account with a 30-day free trial, hourly pricing, and unlimited campaigns for unlimited users.

Unlike SaaS phishing-simulation products that store employee data on vendor infrastructure and tie deliverability to a shared sender reputation, HailBytes SAT runs entirely inside the customer's own AWS or Azure account, with their own VPC, security groups, retention policies, sender domains, and OIDC identity provider. The platform is distributed under the Elastic License 2.0 (ELv2), giving customers full source availability so they can inspect, modify, and self-host the platform on infrastructure they control.

Key Capabilities

  • Recurring training campaigns scheduled on a monthly, quarterly, or annual cadence, with per-user and per-group compliance tracking across every campaign (see the 12-month phishing simulation program guide).
  • Interactive landing-page quizzes with real-time feedback that explain correct answers in the moment, turning a clicked phishing simulation into an immediate learning event.
  • Auto-generated branded PDF certificates of completion with employee name, training title, and completion date, ready to hand to auditors as documented training evidence.
  • A structured audit log capturing every campaign launch, export, and admin action, exportable to JSON or CSV (with REST API and webhooks for live SIEM/SOAR streaming) for direct SIEM ingestion, and aligned with SOC 2 and PCI DSS evidence requirements.
  • Modernized infrastructure with hardened deployment pipelines, refreshed TLS and SMTP configuration, MFA/TOTP, OIDC SSO (Microsoft Entra ID, Google), and custom branding controls (details in the email deliverability writeup).
“SOC 2 auditors and cyber-insurance underwriters now ask whether you ran phishing simulations last quarter, not whether you have a security awareness program on paper. That shifts SAT from an HR line item into a procurement-required control. We built HailBytes SAT so security teams can satisfy that requirement with documented per-employee training and audit-ready evidence, and keep all of it inside their own cloud account. The 30-day free trial on AWS and Azure lets them prove the value before they commit.”
David McHale, Founder, HailBytes

By the Numbers

  • 3,000+ HailBytes deployments worldwide
  • 68%: share of breaches that still involve a non-malicious human element in 2024 (Verizon DBIR)
  • $4.88M: average global cost of a data breach in 2024 (IBM)
  • $0.24/vCPU/hour: HailBytes SAT starting price, with unlimited campaigns and users on a single marketplace subscription and no per-seat fees
  • 30 days: free trial length on both AWS Marketplace and Azure Marketplace

Multimedia Available for Press

Journalists and editors covering this announcement may use the following images with credit to HailBytes. Higher-resolution assets are available on request from the media contact below.

HailBytes SAT dashboard showing recurring phishing campaigns and per-user compliance tracking
HailBytes SAT dashboard.
HailBytes SAT phishing campaign builder with interactive landing-page quiz
Interactive quiz campaign builder.
Email deliverability architecture for HailBytes SAT inside the customer's AWS or Azure account
Self-hosted email deliverability architecture.

Availability and Pricing

HailBytes SAT is available immediately on the AWS Marketplace and the Azure Marketplace. Pricing starts at $0.24 per vCPU per hour. Customers pay only for the cloud infrastructure they use; there are no per-seat license fees, and a single marketplace subscription runs unlimited campaigns for unlimited users. Standard support is included; priority support and managed-service options are available through the HailBytes Cloud Support Hub.

Story Angles for Reporters

Working an industry beat? Below are five distinct framings of this announcement that pair well with different beats. Each is supported by HailBytes data and an on-the-record spokesperson; email david@hailbytes.com for an interview, embargoed briefing, or written quotes.

  • Cybersecurity beat: "Why click-rate dashboards stopped being the SAT story." Auditors want documented per-employee training completion, not click-rate vanity metrics. HailBytes SAT auto-generates branded certificates and a structured audit log precisely to clear SOC 2 / ISO 27001 / PCI DSS reviews.
  • Compliance / audit beat: "What actually counts as phishing-training evidence in a SOC 2 audit." A practitioner-grounded angle backed by named auditors and customer references; HailBytes ships the artifacts auditors ask for and can walk a reporter through real audit-evidence packets.
  • Cloud / privacy beat: "Self-hosted SAT and the end of shipping employee click data to vendors." HailBytes SAT keeps employee email lists, click data, and quiz results inside the customer's own VPC, a concrete data-sovereignty angle for privacy and regulated-industry coverage.
  • Cloud-economics beat: "Hourly pricing vs. per-seat licensing in security awareness." HailBytes SAT runs unlimited campaigns for unlimited users on a single $0.24/vCPU/hour marketplace subscription, a useful contrast piece against KnowBe4 and Proofpoint per-seat licensing.
  • MSSP / channel beat: "How MSSPs are reselling self-hosted SAT as a multi-tenant service." Managed-service partners are deploying HailBytes SAT for downstream clients and bundling it with quarterly campaign management. Channel architecture and margin notes available on request.

Frequently Asked Questions

How is HailBytes SAT different from KnowBe4 or Proofpoint Security Awareness?

HailBytes SAT runs entirely inside the customer's own AWS or Azure account. Employee email lists, click data, and quiz results never leave the customer's VPC. KnowBe4 and Proofpoint store this data on vendor SaaS infrastructure and license per seat; HailBytes SAT charges hourly per vCPU with unlimited campaigns for unlimited users on a single marketplace subscription. See the detailed comparison.

Is HailBytes SAT a GoPhish alternative?

HailBytes SAT extends the open-source GoPhish engine with enterprise features: recurring training campaigns, interactive landing-page quizzes, auto-generated branded certificates of completion, OIDC SSO (Microsoft Entra ID, Google), MFA/TOTP, structured audit logs, and one-click deployment on AWS or Azure. The platform is distributed under the Elastic License 2.0 with full source availability.

How much does HailBytes SAT cost?

Pricing starts at $0.24 per vCPU per hour, billed through the customer's existing AWS or Azure account. A single marketplace subscription runs unlimited campaigns for unlimited users, with no per-seat license fees, and new customers receive a 30-day free trial.

Does HailBytes SAT produce audit-ready evidence for SOC 2 or PCI DSS?

Yes. HailBytes SAT auto-generates branded PDF certificates of completion with employee name, training title, and completion date, and maintains a structured audit log of every campaign launch, export, and admin action, exportable to JSON or CSV (with REST API and webhooks for live SIEM/SOAR streaming). These artifacts are designed to be handed directly to SOC 2, ISO 27001, and PCI DSS auditors as documented training evidence.

Can HailBytes SAT integrate with our existing identity provider?

Yes. HailBytes SAT supports OIDC single sign-on with Microsoft Entra ID and Google Workspace, plus MFA/TOTP for administrator accounts.

Related Reading

About HailBytes

HailBytes provides cloud-deployed security testing tools for modern security teams. With 3,000+ deployments worldwide, HailBytes makes enterprise-grade phishing simulation and reconnaissance automation accessible to organizations of all sizes. Flagship products HailBytes SAT and HailBytes ASM are distributed under the Elastic License 2.0 and deploy on customer-controlled AWS and Azure infrastructure, ensuring data sovereignty and supporting SOC 2, ISO 27001, and GDPR compliance workflows. Learn more at hailbytes.com.

Media Contact

David McHale, Founder
HailBytes
david@hailbytes.com
hailbytes.com/press

Notes to Editors

  • Brand style: "HailBytes" (one word, capital H, capital B). Legal entity is "HailBytes, LLC". Product is "HailBytes SAT" (Security Awareness Training) or "HailBytes Security Awareness Training Platform" on first reference.
  • License characterization: HailBytes SAT is "source-available" under the Elastic License 2.0 (ELv2). Please avoid the term "open source" so the licence description stays accurate.
  • Deployment model: HailBytes SAT is "self-hosted" because it runs inside the customer's own AWS or Azure account. It is not a SaaS product.
  • Statistics sourcing: "68%" cites the 2024 Verizon Data Breach Investigations Report (DBIR). "$4.88M" is from the 2024 IBM Cost of a Data Breach Report. "3,000+ deployments worldwide" is a HailBytes-internal figure derived from cloud-marketplace fleet telemetry.
  • Companion release: HailBytes also announced general availability of HailBytes ASM (Attack Surface Management Platform) on the same day; reporters covering this story may find pairing the two releases useful for a broader self-hosted-cybersecurity narrative.
  • Spokesperson: David McHale, Founder, is available for interviews on phishing simulation, security awareness training, audit-evidence collection (SOC 2 / ISO 27001 / PCI DSS), and KnowBe4 / Proofpoint / GoPhish ecosystem trade-offs. Bookings via david@hailbytes.com; we typically confirm a 30-minute briefing within 24 hours.
  • Embargo policy: HailBytes will honor agreed-upon embargoes through david@hailbytes.com. Quotes attributed to a HailBytes spokesperson should be confirmed with the named media contact before publication.
  • Customer references: Anonymized customer references are available on request to qualified media (please allow 24-48 hours for customer-side approval).
  • Press kit: Logos, screenshots, executive bios, and the full set of story angles are available at hailbytes.com/press.

###

Try HailBytes SAT

Deploy in your own AWS or Azure account with a 30-day free trial.