Item: KnowBe4 Security Awareness Training
Rating: 10
Author: Verified User

Use Cases and Deployment Scope

This is one piece of the CyberSecurity puzzle we have. Using KnowBe4 we are able to train our users what the risks are and how to spot probable malicious attempts. Along with that we are able to test and see what patterns we have for strengths and weaknesses. We are also able to determine attitudes and perceptions so we can implement training that explains the possible attacks and why it is important to be aware.

Pros and Cons

Identifies and defines all the different possible attack scenarios.
Gives real life examples of successful attacks and how they could have been identified and avoided.
Keep things simple and easy to understand. The training is for the everyday person so they avoid a lot of tech-speak - or define it simply when they can't avoid it.

Split out a lot of the current attack strategies into their own training modules to be more in depth.
Work on the exit of the module to show user has completed. Frequently have to have users log back on just to "finish" one or two screens at the end so that it will register them as having completed.
Cover more things like replying to a phish and why it's bad

Return on Investment

The testing and training has opened a lot of eyes and minds to the potential threats that are out there. Most of them had a general idea it was there but didn't know what to look for. Now they do.
The training can be focused so that weather the user fails a test or a real life phish they can get something that helps them better identify what they did wrong and not make that mistake again in the future.
Sometimes it's not so much learning something new, so much as it is the reminders to be on the look out. Keep paying attention to what you're seeing.

Alternatives Considered

We have not used any other products for this kind of testing and training at this time.

Key Insights

Do you think KnowBe4 Security Awareness Training delivers good value for the price?

Yes

Are you happy with KnowBe4 Security Awareness Training's feature set?

Yes

Did KnowBe4 Security Awareness Training live up to sales and marketing promises?

Yes

Did implementation of KnowBe4 Security Awareness Training go as expected?

Yes

Would you buy KnowBe4 Security Awareness Training again?

Yes

KnowBe4 Training Content

KnowBe4 has done a great job of keeping up with current threats as they come, go, evolve, re-immerge... With that is a look into how the bad guys are trying to use their "tools" so they can update the training they offer on a regular basis. Sometimes the changes are slight and sometimes they are more obvious, but KnowBe4 always has the trends covered and simple explanations for how to not get caught in something.

KnowBe4 User Management

All employees who have a company email are added to KnowBe4. Every year there is an annual training that is mandated for each person to successfully complete. Along with that, every person will see at least 1 test email per month and those who fail could be put through remedial training. All new employees are also required to go through a set of training modules during the onboarding process.

KnowBe4 Reporting

Currently we are using the testing results as we report back to the board and also for various auditing purposes. The reporting we run is for users who have training assigned that has not been completed to help keep people on track.

Other Software Used

Trend Micro Apex One, Rapid7 InsightAppSec

Likelihood to Recommend

Learning how to recognize who actually sent an email or how to hover over a link to see where it actually points are great little tips that people have been able to pick up. Understanding the threats that come with simple everyday things most people don't really think about like tailgating or finding a USB drive and knowing that it may not be harmless to just plug it in and see what it is. Even after all these years people are still learning that attachments can be bad. KnowBe4 SAT has done a pretty good job at explaining how that all works in simple to understand terms.

Training Content

Keeping track of different laws and practices in multiple countries around the world can be tough. However, KnowBe4 keeps up to date on all of that and then provides training that is fitted to each of the different locations and in the languages that each person finds easiest to use. That even applies to people who are at one location but can still use a language they are more comfortable with.

Value of Centralized Services

Before, everything had to be produced and presented in house. This is done by a number of different teams each trying to find what presentation method works best for them. However, now that we have been using KnowBe4 for several years for security, being able to add compliance and other materials in an easy yet very effective way makes it so much better to coordinate between functions.

Cost

Adding the Compliance Plus feature was a no brainer. After looking at what they have to offer and the ability to quickly deploy accurate in multiple different locations and languages around the world it was a must have. Being able to deploy this along with the cyber security testing and training package enables them to keep it very cost effective. Being able to deploy all of this from one location makes it very efficient for us.

We started with the Phish testing and training features they offered. From there we upgraded our subscription to include more testing and training features to be more effective towards our goals. We then added the PhishER feature to be more proactive about how we deal with possible threats to the organization. We've added the Compliance plus because it is as well put together as all the cyber training. We continue to look at the additional features KnowBe4 introduces because they are very effective and always at a great price.

Cost Comparison

I can not give a good answer to this as I have not looked very closely at competitive products and the pricing they require. I also can not attest to how well competitors do to maintain or advance the training they offer.

User Provisioning

Currently we have only been using sso/saml for users to log into their KnowBe4 console.

Users and Roles

1100 - Everyone in the company who has an email address is tested at least once a month and required to do training at various times. This includes machine opperaters on the plant floor all the way up to the CEO.

Support Headcount Required

4 - There are 4 of us that have admin permissions for our KnowBe4 account but typically 95% of what gets handled is done by one person.

Business Processes Supported

Deploying testing to the entire organization on whatever schedule we determine
Deploying training to the entire organization as we need
Deploying Compliance Plus information and training as needed
Real life Phish emails are used for the testing we do
Testing and training can all be done by the language the user needs

Innovative Uses

Having real life phish emails to use for testing
Deploying training to new employees as part of the onboarding process so we can be more effective at educating them
Having the training available in the proper languages for each user to make sure they understand as clearly as possible

Future Planned Uses

Fully adapt into the onboarding process across the company as a whole
Continue to monitor failure patterns to help target the best training

Likelihood to Renew

Between the ease of use, cost effectiveness, functionality and continued improvements Knowbe4 continues to make it would be pretty hard to find another competitive product that wraps it all up like KnowBe4 has. Not saying it couldn't happen, but haven't seen anything that competes at this point.

Easy but thorough CyberSecurity Training

Software Version

Modules Used

Overall Satisfaction with KnowBe4 Security Awareness Training