KnowBe4 Review

KnowBe4 Reporting needs improvement by adding more flexibility.

Customizing Reports is a very cumbersome process.

Browsing my Library under "Modstore", I should be able to see if an item was used or not, how many times, or filter by "Usage".

Phishing Templates: create or modify Template - need the ability to embed an image (either by copy and paste or by selecting one from local computer. Currently, the only way is to use a URL that pints to an image.

Landing page of the Modstore: please add ability to change the results in "Detailed List" in addition to the "Tiles".

Phish/ER: Add the ability to Block an email or a URL with "Never Expires" option. Currently, the maximum is "60 Days". As a result, I have to go to the "Tenant Allow/Block List" on Microsoft 365 and add entries manually. That defeats the feature in Phish/ER to block from its "Console".

Phish/ER: There are some well known URLs and Domains to be safe. For example, https://aka.ms/LearnAboutSenderIdentification. Such URL should not be listed under "Domains & URLs" when viewing "Message Details". At least, do not allow admins to "Block" it by greying out the option to block. If, by mistake, someone blocked that URL, all messages company-wide will get blocked. That happened with me and everyone struggled to find out why emails are being blocked, including "KnowBe4 Support". It took a while until we were able to find out what was happening.

Phish/ER Reports are extremely limited. A lot needs to be done to offer more visibility.

Phish/ER Rules: It is time to introduce a Point & Click alternative to Yara.

Modstore: Introduce more Training modules that does not include drama or acting, just strictly instructional training. My users' community, especially execs, ask for those that are not drama or cartoonish.

Modstore: Although that might be outside the scope of Cybersecurity, it would be beneficial to have some training modules that teaches users about "Computer Basics". A considerable number of users do not have the basic knowledge of how a computer works, what are the different types of files, how files et stored, what is an Operating System. It is true that we, as admins, make sure they know before getting them on a corporate system. But the fact is that doe not happen in reality. You get a new user and asked to onboard him / her in a few hours. I would consider that type of training to ba an integral part of Cybersecurity awareness.