Item: KnowBe4 Security Awareness Training
Rating: 9
Author: Verified User

Overall Satisfaction with KnowBe4 Security Awareness Training

Use Cases and Deployment Scope

We originally implemented KnowBe4 Security Awareness Training to replace an existing training and awareness service which was lacking in content and did not include phish testing. KnowBe4 Security Awareness Training allowed us to develop well matured program with automated user onboarding, automated testing, and training as well as a large number of reporting features to monitor success of the program. KnowBe4 Security Awareness Training is continuously adding new features to the product to provide greater value to organizations.

Pros and Cons

Pros

Automated phishing campaigns with a wide variety of templates
Engaging and up to date training video content
Variety of phishing campaigns including USB based attacks
Strong integration with email providers
Ability to custom brand training material

Cons

Training content is lacking specificity for Canadian Data Privacy
KnowBe4 Security Awareness Training is on the higher end of pricing compared to competitors
There is some inconsistencies between the video player across content. It seems depending on who the content was created by dictates the player. Not a big issue but a UX redesign to maintain consistency would solve this.

Return on Investment

Readily available training content saves time and expenses associated with creating customized content.
Built-in learning management system can be used for other aspects like annual policy attestations.
Automation rules combined with smart groups allow administrators to fully automate the Security Testing and Awareness program saving time

KnowBe4 Training Content

The training content provided by KnowBe4 Security Awareness Training is current and focuses on security topics which are top of mind for end users and executives alike. The content is delivered is a simple yet engaging manner making it easier for non-technical staff to digest and absorb. KnowBe4 Security Awareness Training also offers training content in different formats like printable posters, monthly newsletters, and web based games.

KnowBe4 User Management

User manager is fully automated through Active Directory sync for on premise accounts and Entra for cloud accounts. When a user is created, in AD or Entra, it is automatically synced to KnowBe4 Security Awareness Training and a welcome email is sent to the users email. Single Sign-On is in place to ensure employees can sign in with their account password.

KnowBe4 Reporting

Primarily we track the following metrics: Phish prone percentage (number of users who click on phishing emails for each campaign), phishing reported (number of reported phishing emails for each campaign), and training completion (number of users completed vs number outstanding/past due). Phish prone percentage is a good Key Risk Indicator showing the likelihood that a percentage of the organization who would fall victim to a similar phishing attack. We have been placing more emphasis on improving the reported phishing emails as it suggests that employees are aware on how to spot a phishing email, and provides the security operations team with actionable detail to help detect/improve defences against true-positive phishing attacks.

Usability

For new customers, KnowBe4 Security Awareness Training is relatively easy to configure and setup. Once in place, admins can apply automation through smart groups and campaigns targeting the groups. With the automatic AD/Entra sync, and automations applied, the application can effectively run itself. Managers just need to review the campaign reports and metrics to ensure effectiveness and make changes based on what they observe and the desired outcomes. For end users, the training interface is easy to use. I have not received any complaints.

Alternatives Considered

Infosec IQ and Microsoft Defender for Office 365

KnowBe4 Security Awareness Training is by far the most polished and advanced out of the vendors we reviewed. If you are in an environment with Microsoft E5 licensing, you will want to evaluate Microsoft Attack Simulation Training which comes included with Defender. It lacks some features like randomizing the time and day emails send out which make it less effective for testing. Infosec IQ is ok and more cost effective but the interface is not as clean and organized compared to KnowBe4 Security Awareness Training.

Key Insights

Do you think KnowBe4 Security Awareness Training delivers good value for the price?

Yes

Are you happy with KnowBe4 Security Awareness Training's feature set?

Yes

Did KnowBe4 Security Awareness Training live up to sales and marketing promises?

Yes

Did implementation of KnowBe4 Security Awareness Training go as expected?

Yes

Would you buy KnowBe4 Security Awareness Training again?

Yes

Other Software Used

Google Security Operations, ExtraHop Reveal(x), Tenable Cloud Security, CrowdStrike Falcon, OneTrust Third-Party Management

Likelihood to Recommend

KnowBe4 Security Awareness Training is a cost effective solution to implement a Security Training and Awareness program and provides many features which allow it to scale as an organization grows and mature the Security program. KnowBe4 Security Awareness Training provides a large number of phish test templates and training content out of the box making it easy to implement. Administration of KnowBe4 Security Awareness Training is fairly simple and the company provides excellent documentation and support.

KnowBe4 Security Awareness Training Feature Ratings

Comments

Please log in to join the conversation

Elevate your Security Awareness and Training program!

Software Version

Modules Used