KnowBe4 has been a fantastic tool for us, with quick and easy management and reporting.
June 26, 2020

KnowBe4 has been a fantastic tool for us, with quick and easy management and reporting.

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with KnowBe4 Security Awareness Training

User management has been relatively straightforward. Importing users from file has been seamless, although it would be nice to be able to 'clean up' or do some other management a little more easily than one-by-one, especially in times where we've discovered some of our previous team hadn't maintained the user list properly. Auto-provisioning via SAML SSO or other would be a nice add, if we were to enroll our users into CBT / other training, first, then automatically have them added to phishing. (Perhaps there are APIs for this that I'm unaware of, so not necessarily faulting them or guaranteeing lack of functionality here.)
We have utilized both the CBT modules from KnowBe4 and the Phishing campaign tests across our entire organization, to educate and validate retention among our users, with regard to security awareness. The ease of deployment / configuration and use of the tool to manage the user experience and testing has helped to ease the load on our already small security team, allowing us to focus on bigger ticket items, while keeping information security visibility in the front of our users' minds.
  • Ease of deployment/configuration.
  • Depth of coverage, while keeping modules short, so as not to confuse users or bore them.
  • Clear, concise reporting to keep us apprised of the return on investment, in terms of educating employees and ensuring their retention of the information.
  • A few of the modules were more 'all encompassing', and I think those could be broken down into smaller bites for better understanding and consumption (but hardly a major concern).
  • It would be nice if SSO (for instance SAML) was built into the offering by default, for easy / automated user population / creation and authentication management.
  • We've had fewer cases of employees falling for phishing emails, allowing us to focus on other initiatives and projects.
  • More users have reported phishes, allowing us to add to our email / spam filters and increase the effectiveness of our other security tools.
  • We've had far fewer virus / malware alerts within our endpoint security suite, showing that users aren't falling for the 'easy' attack vectors as often.
There are other phishing tools out there (both commercial and FOSS - free, open source), but as far as phishing campaigns go, KnowBe4's has been very accommodating of our needs and campaign designs, and has really been a solid investment.

As far as the CBT side of the training, we supplement KnowBe4 with some of the free modules from Cofense (because they're shorter / more concise and easier for some users to progress through without longer sessions). Additionally, some of the KnowBe4 modules didn't work well / integrate with our LMS and its required SCORM format, whereas Cofense was very quick to accommodate and turn around a version that was compatible. As our LMS is somewhat antiquated and tied to other departments within our organization, I don't fault KnowBe4 here, just that the combination of the two vendors' tools is working well.
Every time we've needed assistance from the vendor, they've been quick to accommodate and respond. They've also been very forward (in a good way) with marketing emails about new and existing functionality and features, and regularly check in on how their product is performing and meeting our needs. Their proactivity is fantastic!

Do you think KnowBe4 Security Awareness Training delivers good value for the price?


Are you happy with KnowBe4 Security Awareness Training's feature set?


Did KnowBe4 Security Awareness Training live up to sales and marketing promises?


Did implementation of KnowBe4 Security Awareness Training go as expected?


Would you buy KnowBe4 Security Awareness Training again?


KnowBe4 is allowing us to quickly modify our training as new attacks and concerns arise. We can easily tailor it to different user groups and ensure that up-to-date, relevant content is delivered to our organization.
Being able to quickly show the status from phishing campaigns has been key to training / retraining our users and emphasizing the importance of security awareness within our program. We can quickly see if there is a spike or drop in failures, and react in a timely fashion to adjust training / schedules accordingly.
This offering works well, especially for Information Security teams with a small footprint/few employees. Management is simple and to the point, and reporting provides good visibility as to the effectiveness of the tool, with regards to driving the information home to the users.

While I'm certain its applicability within larger organizations is equally suited, often times larger orgs want more customized modules (like CBT's) that are branded or geared specifically to their organization. Perhaps this is simply something we haven't seen, because of our size and need, but I could see that being a drawback for larger enterprise.