The KnowBe4 Security Awareness Platform is a fantastic tool that has made a dramatic impact on our users awareness and performance related to the ever-growing phishing threat landscape.
October 19, 2021
The KnowBe4 Security Awareness Platform is a fantastic tool that has made a dramatic impact on our users awareness and performance related to the ever-growing phishing threat landscape.
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with KnowBe4 Security Awareness Training
We are using the KnowBe4 Security Awareness Training platform across our entire organization. We push out quarterly training to all employees and monthly phishing exercises to keep all employees in the habit of both recognizing and reporting suspicious email activity. We also use the extra PhishER dashboard for processing/responding to all reported emails which have been an incredible time-saver for quickly (sometimes automatically) sifting out false-positive emails and streamlining the interactivity between the security team and end-users.
- The phishing platform is easy to use and powerful to target groups with different types and difficulties of emails to meet your exact needs and results in statistics are automatic, clear, and easy to share with stakeholders.
- The PhishER console is incredible for receiving, processing, tagging, escalating, and responding to reported emails. I love the ability to save man-hours by automating interactions with emails of certain criteria or creating one-click macro responses for those you want an eye on instead of fully automating. For me, this is the true powerhouse feature that sets KnowBe4 apart from other solutions we looked at.
- The level of fine-tuning you can do with the notification system for the phishing platform is another feature that stands out. I have created a series of template notifications that I string together with every training campaign, notifying the users they have training due, reminding them when they have a week left to complete training, reminding both the user and their supervisor when they have a couple of days left, and again reminding of past due training. Nobody likes being the person to nag and follow-up with users who need that extra nudge, so the platform takes care of that for you.
- The Phish Alert Button (add-on for Outlook/Gmail) allows users to quickly and easily report any email they are unsure of and gives confidence-building and much needed immediate feedback if they have spotted a simulation or have sent the questionable email off for analysis and lets them know they will be followed up with. It also retains all original email headers for the security team to properly diagnose. This is so much easier than employees needed to forward emails and potentially lose header information or go through the unnecessary steps to create support tickets every time they question an email.
- Part of the power of the PhishER add-on is creating one click ("quick actions") to escalate and respond very quickly to the end-user to handle reported suspicious emails. This would be incredibly more useful if there was a mobile app to display the inbox and give quick access to your quick actions. I have not found a mobile browser that works well with the PhishER console and would love the ability to quickly respond or escalate reported emails right from my mobile device.
- KnowBe4 has a very large library of training content, but much of it is because KnowBe4 bought out other companies that created content. I find a lot of it redundant (because 6 other companies all cover similar basic content) and because these other companies are from another country not incredibly useful (from a style/humor/etc perspective.) This just means the library of content isn't really as big as it appears. I will say the annual training and the "common threat" series they create themselves are quite good and would like to see more from KnowBe4 rather than so much of the acquired modules that bloat the library.
- If possible, I would love for the PhishER platform to integrate with popular email firewall solutions giving the ability to create quick actions to add senders to a block list. I understand this would never meet everyone's needs but would be helpful to a lot of users by just integrating with a few key systems and would save that much more time for the admins who can take advantage of it.
- Before we began an active, ongoing phishing simulation and training program we were at a pretty consistent 25% fail rate during annual phishing pen testing exercises. Within just a few months our employees were below the 10% failure mark and now 3 years later we are averaging at or below the 4% mark.
- Our culture has changed now that people are in the habit of watching for email threats (real or simulated) and understanding the impact of a failure. I am often met in the hallway with someone telling me (with a smile and a chuckle) "You almost got me with that last simulation! It looked really good, but I couldn't verify the sender so I reported it." (and of course, they get instant feedback that it was a simulation, but they are proud they are doing well and part of something important!) ...and this is exactly what we're going for. Not a "passing grade" but a shift in behavior that will follow them and protect them and their families as well as our organization.
We evaluated several other well-known products before purchasing KnowBe4. Most of them are very similar in basic functions but might be missing one or two features that make KnowBe4 stand out. Many of the products we reviewed a few years ago have since been bought by other companies and incorporated into different platforms. I have re-evaluated a couple of them, but have not yet found a good reason to leave KnowBe4.
Do you think KnowBe4 Security Awareness Training delivers good value for the price?
Yes
Are you happy with KnowBe4 Security Awareness Training's feature set?
Yes
Did KnowBe4 Security Awareness Training live up to sales and marketing promises?
Yes
Did implementation of KnowBe4 Security Awareness Training go as expected?
Yes
Would you buy KnowBe4 Security Awareness Training again?
Yes
Having access to an ever-growing and up-to-date training content library is critical to effective training and I appreciate the effort KnowBe4 puts into keeping both their platform and training content up to date and useful.
Our users are automatically synchronized with our Active Directory system. New users automatically go into a group that receives basic training introducing them to their role as part of the human firewall for our organization, and showing them how to use the Phish Alert Button. After completing the training and demonstrating the use of the "PAB" they are automatically moved into a new group where they begin receiving phishing simulations. It is a seamless process. Users can also automatically be placed in other "smart groups" based on how they are interacting with simulated phish, or their completion of training campaigns giving you automated power even of one-off or remediation scenarios.
Our most important metrics are pass/fail of simulations and the type of simulation that more commonly triggers a point of failure, as well as how well we are doing at reporting. Of a wide variety of types of phishing attacks, we quickly narrowed down our weakest points to 2 specific types of emails that our users are more likely to interact with, which allows us to focus our training and feedback on those areas. Many other metrics are available and allow some interesting insight across departments, user level, role, etc.