KnowBe4 Security Awareness Training vs. KnowBe4 PhishER/PhishER Plus

I don't have any frame of reference for comparison, but the training that I have used has proved impactful for my staff. Since starting KnowBe4 training, we've seen a great increase in the number of phishing attempts, but also a great increase in the number of attempts that have been recognized by staff, and we have thus not been the victim of phishing or other cyberattact vectors

Incentivized

PhishER comes with some good features, such as PhishML, PhishRIP, PhishFlip, etc. These features help us manage phishing email reporting incidents. From reporting emails via Phish Alert Button plug-in to collecting all reported emails in one place at the PhishER dashboard. Now, the PhishML comes into play, scanning all reported emails and tagging each as clean, spam, or threat. With the help of this machine learning-based algorithm, our investigation process becomes easier. Other features, such as PhishRip, help to search and quarantine phishing emails, and PhishFlip converts a real phishing campaign to a test phishing campaign.

Incentivized

• Phish tests can be set to various difficulty levels as staff becomes more knowledgeable in catching phish emails.
• Automated phish tests and training save a lot of admin time. The product can also test for phone and USB stick practices.
• The phish alert button in Outlook, along with PhishER and PhishFlip allow easy managing and response to actual phishing emails.
• The interactive training is well designed to cover all types of phishing and safe email and phone behavior.

Incentivized

• One platform that integrates reported emails and using PhishFlip to educated staff.
• Automation to remove malicious emails from mailboxes.
• Instantly report back to users if an email is safe or malicious.
• Easily review vital technical information to help you make a decision if an email is a threat.
• Allow comments to be left from staff and IT.

Incentivized

• The provided templates for phishing simulations are mainly available in English. There are also some templates available in our native language, but their number is small. We have seen other platforms offer way more phishing simulation templates in our language.
• Although there is a really huge number of training videos available, some of them are outdated and no longer have much to offer. Some cleaning up could help in this direction.
• Although there a some games / puzzle like trainings available, we have seen other platforms offer more and better ones (on the other platforms had they had almost no videos at all...). It would help significantly to also invest in enriching the provided puzzles / games.
• We have seen other platforms offer games, where, for example, employees of the company can compete against each other while working together in groups to achieve a common goal (e.g., eliminate a fictional security threat that has "hit" the company. Plan the steps needed to be taken, take the steps one after another and have a chance to see the impact each action has. At the end the team that has suffered the least cost to end the threat is the one that wins. Just an example. The point is to make this challenging, using gamification and to make the employees part of the prevention force of the company against cybersecurity threats.

Incentivized

• Issues with Global Blocklist
• Email Template Modification - Simplification
• Target Specific Users vs. Groups
• PhishRIP info tabs (i.e. if improperly check ripped emails are turned into tests. This has caused issues.) Info tabs or markers allow user to hover and get more information about what action a check box or slider provides.

Incentivized

Between the ease of use, cost effectiveness, functionality and continued improvements Knowbe4 continues to make it would be pretty hard to find another competitive product that wraps it all up like KnowBe4 has. Not saying it couldn't happen, but haven't seen anything that competes at this point.

Incentivized

When we first discovered that KnowBe4 released something like this, we saw a demo of it and were floored at what it could do and how it could help us from a security standpoint. Gone are the days of us in IT sending out a mass email saying please don't click on anything in the email from sender "X", and it allows us to quietly and easily ensure that people don't take any action on malicious emails.

Incentivized

KnowBe4 Security Awareness Training is simple to use, simple to administer, effective, with quality content. It is easy to take the training and we have the reminders set so that the longer a user puts the training off, the more frequently they will receive reminder emails. Eventually they get emailed every day until they take the training. But with a simple click, they can get into the training content.

Incentivized

I give it an eight for the feature set. While I only give it an eight because the complexity and interconnectedness of the tools mean that there needs to be quite a bit of RTFM to get the most out of the products.

Incentivized

There have only been a handful of outages in the 2 years we have had the product. Even during those instances, parts of the system were still operational

Incentivized

Pages load quickly, filter/sort quickly, and don't slow down or freeze. Everything is smooth and very easy to use. There are a places in the UI where you can forget how to get there, but other than that everything is great. We have had no issues using any part of the website.

Incentivized

Tech prod support is great! I did have to ask for a new customer success rep, needed a more experienced person to match my 12 years of experience running Cybersec training programs. Would suggest that more matching of rep level of knowledge to client level knowledge would help.

Incentivized

Responses to questions were answered quickly and accurately.

Helpful and knowledgeable account managers have helped us navigate and use the system to our full potential

Incentivized

confusing question. I inherited this application so I didnt get any formal training other than the person who was leaving. The CSM provided some later on when I asked in a zoom call

The implementation went really well and KnowBe4 was there the whole time on setup to make sure things were setup correctly. The only thing we had to figure out on our own was to script users automatically being added to security groups. So that when they sync to knowBe4 from AD they are placed into the same/correct groups.

Incentivized

It was very simple to implement - with just a few settings needed to connect it to our O365 environment

Incentivized

KnowBe4 offered a significantly more favorable cost-benefit ratio compared to other solutions. Its seamless integration with our existing infrastructure—particularly Active Directory and email systems—was the most compatible with our operational and security requirements.

Incentivized

Harmony does not provide security awareness training or simulated phishing emails like KnowB4. However, it does provide a phish alert button & workflow similar to PhishER & we may stop using PhishER because the Phish Alert reports from PhishER don't feed into Harmony to help train it from phishing emails that go through. We got Harmony after KnowB4 because we needed a tool to PREVENT phishing emails from getting to people's inboxes in the first place, which KnowB4 has very little capability for other than PhishER+ blacklists. It is a shame KnowB4 does not have the anti threat phishing prevention like Harmony considering all the email data it has & its existing AI analytic capabilities.

Incentivized

I was not involved in the pricing, billing or contract terms.

Incentivized

The product scales greatly. As long as you upgrade the license to support the number of users you are needing, adding in those new users is easy. Also getting those users set up with trainings/campaigns is very easy as well

Incentivized

The team was great to work with and took their time to ensure that we knew what we were doing with the product and that it was set up to meet the specific needs of our organization. This wasn't just a cookie-cutter deployment, but rather they focused specifically on our needs.

Incentivized

• With the implementation of KnowBe4 Security Awareness Training, we have reduced a lot of issues of social engineering attacks like Phishing attacks, Smishing attacks, Vishing attacks, and a lot more. After implementing the KnowBe4 Security Awareness Training, we have seen a significant decrease in the clicking on a phishing email. Now users are aware of phishing attacks and they know how to react to them.
• With KnowBe4 Security Awareness Training, we got another tool Phish Alert Button that we have installed on the user's outlook and after providing training on these topics, now we are receiving a lot of spam report emails are users are protecting them from clicking and just reporting it to the IT team.
• With the Phishing test, we are seeing the growth and analyzing how our users will react in the case of a real phishing attack, and with this, we are providing more training to them and going with them as per the test report. This whole process is making our company more stronger against any type pf social engineering attack.
• After implementing KnowBe4 Security Awareness Training, we have seen a lot of improvements in the account compromise case in our company because users are not clicking on fake links now.

Incentivized

• Phish/ER & PAD: Identifying email threats more quickly allowed us to send alert to the users' community in a timely manner based on the pattern of the threat.
• KnowBe4 Training Campaigns have proven to noticeably increase users' awareness.
• KnowBe4 Phishing Campaigns made users realize how dangerous and deceiving hacker can be.

Incentivized