Hate the Smell of Phish? Make the KnowBe4 Dish.
August 06, 2023
Hate the Smell of Phish? Make the KnowBe4 Dish.
Score 10 out of 10
Vetted Review
Verified User
Software Version
Training Access Level III (Diamond)
Modules Used
- KnowBe4
- El Pescador
Overall Satisfaction with KnowBe4 Security Awareness Training
We use KnowBe4 primarily for end-user training, simulated phishing campaigns, and PhishER. As much as I love the training modules and phishing campaigns, without a doubt, the best feature for us is PhishER. We have not only been able to identify active phishing campaigns against the company and stop them in their tracks, but we have also been able to identify account takeovers from legitimate vendors before they even knew. The combination of simulated phishing campaigns with quarterly user training has allowed us to be proactive in our efforts to stop the evil-doers of the world. I cannot say enough good things about the platform and especially PhishER. With all the automation options, integrations, and reporting, PhishER gives me a certain sense of relief when it comes to identifying and remediating phishing attacks.
- User management
- Reporting suspicious emails
- Email notifications
- Simulated phishing campaigns
- Automation
- Reporting: I use custom PowerShell scripts to generate my own reports from the csv files I download from training and phishing campaigns. The reporting is dynamic and based on current user information. This means that a campaign with a PPP of 10% last year will now show something like 8% since some users who were in that campaign are no longer in the system. This makes it impossible to track progress since the report for any phishing campaign changes when a user is removed from the system.
- The number of reported suspicious emails has increased exponentially from before we started. The number of active phishing campaigns and client account takeovers that we have been able to identify and remediate before spreading cannot be understated. I truly believe without KnowBe4, we would have an account compromise every quarter, if not more. The time and cost of remediating an account compromise can range from minimal to extreme. Thanks to KnowBe4, the number of account takeovers and/or compromised credentials has decreased significantly in the four years we have used the platform, and that number continues to drop.
Do you think KnowBe4 Security Awareness Training delivers good value for the price?
Yes
Are you happy with KnowBe4 Security Awareness Training's feature set?
Yes
Did KnowBe4 Security Awareness Training live up to sales and marketing promises?
Yes
Did implementation of KnowBe4 Security Awareness Training go as expected?
Yes
Would you buy KnowBe4 Security Awareness Training again?
Yes
We used to push out mandatory training to all of our users once a year. However, with the ever-increasing threat landscape, we have decided to increase this to mandatory quarterly training. If not for the expansive library of content and the ability to upload custom content, we would not be able to sustain this new increase in training.
We use the Active Directory Integration service. The setup and maintenance of this service are very easy; I was able to set up everything just by reading the KB articles. There are rarely any issues with the sync; when there are, simply restarting the service has fixed the issue every time.
Honestly, we don't use the reports in KnowBe4 for a few reasons:
1. Reports are dynamic and change as users are added and removed from the system. This means the report for any single phishing/training campaign changes from day to day. If you want to compare your very first simulated phishing campaign to the most recent, you won't have an accurate comparison. There is no snapshot reporting; it is all dynamic based on which users are currently active in the system.
2. We want very detailed reports that KnowBe4 is currently not able to generate, so we use custom PowerShell scripts instead. We have a unique environment where we have 3 different companies using KnowBe4. We have managers who want to know how many field employees in company two, department 01 failed the last campaign. All of this information is provided in the csv file you can download for a phishing campaign, but there are no reports that can parse the specific user information.
1. Reports are dynamic and change as users are added and removed from the system. This means the report for any single phishing/training campaign changes from day to day. If you want to compare your very first simulated phishing campaign to the most recent, you won't have an accurate comparison. There is no snapshot reporting; it is all dynamic based on which users are currently active in the system.
2. We want very detailed reports that KnowBe4 is currently not able to generate, so we use custom PowerShell scripts instead. We have a unique environment where we have 3 different companies using KnowBe4. We have managers who want to know how many field employees in company two, department 01 failed the last campaign. All of this information is provided in the csv file you can download for a phishing campaign, but there are no reports that can parse the specific user information.