KnowBe4 - The platform trying to wrangle the risky, messy, not as talked about, HUMAN element of IT.
December 12, 2019
KnowBe4 - The platform trying to wrangle the risky, messy, not as talked about, HUMAN element of IT.
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with KnowBe4
KnowBe4's AD integration functionality allows for fantastic user management. The ADI feature uses a service on an on-prem server to grab KnowBe4 users and then delivers that updated user listing info to KnowBe4 multiple times a day. In addition to the default features of the AD tool, it also allows for customization to import non-standard AD attributes and other information that is helpful for me to automate and organize my administrative efforts in KnowBe4.
The KnowBe4 Security Training and Phishing platform is used by our users organization-wide. We administer new hire IT security training to all new hires and and perioidically recurring security training refresher courses to all of our users. Also, all of our users have access to the phish alert button which they use to report potential phishes to us, the InfoSec team. We use KnowBe4's PhishER platform to inspect & respond to reported phishes. Lastly, we use the simulated phishing functionality of KnowBe4 to identify phish-prone users and keep our users "on their toes."
The KnowBe4 platform helps us, the InfoSec team, to bolster our first line of defense against attacks, our users, by providing high-quality training modules. It also helps us gather important metrics around phishing in regards to reported real phishes and phishing-prone percentages from simulated phishes.
The KnowBe4 platform helps us, the InfoSec team, to bolster our first line of defense against attacks, our users, by providing high-quality training modules. It also helps us gather important metrics around phishing in regards to reported real phishes and phishing-prone percentages from simulated phishes.
Pros
- PhishER allows us to practically address the mountains of reported phishes that come in daily - providing a quick workflow for us to determine the nature of a reported message and respond to it quickly.
- KnowBe4's Security awareness training is a great tool not only due to its actual training content, but also its reporting functionality, AD integration functionality (incredibly valuable from an admin time saving perspective), and more.
Cons
- I would like to see KnowBe4 expand their API functionality to also allow for easy reporting of PhishER metrics, instead of just metrics from training campaigns, org. risk scores, etc.
- I would like to see KnowBe4 improve the technical reliability of their Training modules. It's a small percentage, but we typically hear back from a subset of users reporting that: the training campaign froze 70% of the way through, sound wouldn't work properly, a certain page of a training was improperly rendered (improperly scaled/zoomed in), etc.
- It's difficult to track how SAT impacts ROI as they are several layers removed from one another. However, considering that our AP department has fallen victim to damaging wire fraud phishes in the past, SAT modules that cover phishing, fraud, and develop a user's general sense of skepticism and caution on the web definitely help us defend against those risks recurring in the future.
- KnowB4's PhishER platform has dramatically improved the InfoSec department's efficiency at responding to reported potential phishing messages, therefore freeing up those labor hours to contribute to the organization in other value-adding ways.
Do you think KnowBe4 Security Awareness Training delivers good value for the price?
Yes
Are you happy with KnowBe4 Security Awareness Training's feature set?
Yes
Did KnowBe4 Security Awareness Training live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of KnowBe4 Security Awareness Training go as expected?
I wasn't involved with the implementation phase
Would you buy KnowBe4 Security Awareness Training again?
Yes
Fresh content from KnowBe4 helps us issue refresher courses to users to further bolster our human firewall without having to bore our users with repetitive material.
Our overall security risk score is a metric that we report up to the board on a regular basis. Also, counts of users that have received new-hire training are reported up to the board on a regular basis. Lastly, we report up simulated phishing test results to the board.
Comments
Please log in to join the conversation