You're absolutely right, and I highly recommend Duo Insight! While I developed Gophish, I also work at Duo so I'm happy to discuss the differences between the two. :)
While my experience with Gophish was one of the things that brought me to Duo, Insight is not based on Gophish at all. I had the privilege of working with the team of engineers who built Insight and they are amazingly talented. It's a really high-quality product from an incredible team.
You hit the nail on the head as to why someone may prefer Insight to Gophish. Gophish, while being easy to set up, still requires _some_ setup and hosting. With Insight, everything is managed for you. This has significant time savings and infrastructure savings.
The downside to this is flexibility, which is what Gophish offers. Insight offers a good few pre-built templates while Gophish lets you create your own. You control everything and have the ability to tailor phishing campaigns exactly how you want them. Gophish was also built from the ground-up to be driven by an API, and has other features that may useful in more red-team scenarios (such as credential capture).
The other benefit to Gophish that you mentioned is that, since you control the infrastructure, you control all of the data end-to-end.
So while they're in a similar space, they're pretty different products with different strengths and weaknesses. If you're just starting to look into running a phishing simulation, I'd lean towards giving Insight a shot since it's super quick and easy to get a campaign out the door. Once you need more flexibility and power, Gophish is an easy transition. :)
While my experience with Gophish was one of the things that brought me to Duo, Insight is not based on Gophish at all. I had the privilege of working with the team of engineers who built Insight and they are amazingly talented. It's a really high-quality product from an incredible team.
You hit the nail on the head as to why someone may prefer Insight to Gophish. Gophish, while being easy to set up, still requires _some_ setup and hosting. With Insight, everything is managed for you. This has significant time savings and infrastructure savings.
The downside to this is flexibility, which is what Gophish offers. Insight offers a good few pre-built templates while Gophish lets you create your own. You control everything and have the ability to tailor phishing campaigns exactly how you want them. Gophish was also built from the ground-up to be driven by an API, and has other features that may useful in more red-team scenarios (such as credential capture).
The other benefit to Gophish that you mentioned is that, since you control the infrastructure, you control all of the data end-to-end.
So while they're in a similar space, they're pretty different products with different strengths and weaknesses. If you're just starting to look into running a phishing simulation, I'd lean towards giving Insight a shot since it's super quick and easy to get a campaign out the door. Once you need more flexibility and power, Gophish is an easy transition. :)