These products won a Top Rated award for having excellent customer satisfaction ratings. The list is based purely on reviews; there is no paid placement, and analyst opinions do not influence the rankings. Read more about the Top Rated criteria.
TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.
Security awareness training protects enterprises against cyber threats that exploit human nature, or simple inattention. These threats include primarily phishing, as well as ransomware or other behavior-based vulnerabilities. Cyber security awareness training services can include instructional materials, live teaching, and realistic phishing simulations. To keep up with evolving attack methods, security awareness training vendors provide continuous training and updates.
There is a range of security awareness training methods. One popular security awareness training approach is prescheduled classroom training. However, the consensus among cyber experts is that prescheduled classroom training is ineffective on its own. As a result, cyber awareness testing is central to enterprise security awareness training and services. E-learning libraries are often included in many online security awareness training offerings, but simulations delivered without employee knowledge provide the most authentic proof of workforce resilience in the face of real cyber attacks. Various kinds of simulated attacks may include:
spear phishing (e.g. pretending to be a trusted sender)
BEC (business email compromise)
Social engineering attacks
HTTPS spoofing
Drive-by cyber attacks.
After simulations, employees who responded inappropriately can then be trained according to their mistakes via classes and lessons, delivered in context. Security awareness training is ideally delivered as microlearning courses: sections that take only 10 minutes or less to complete. After the security awareness testing cycle, service providers offer detailed reports about what simulated attacks were successful, or what policies were violated.
Providers of security awareness training may also provide privacy or compliance training, or behavior monitoring and remediation.
Security awareness training offerings may consist of the following:
Pre-assessments, or baseline testing to assess vulnerability
Phishing simulation imitating known attack patterns
Random, asynchronous attack delivery
Phishing reply notification & alerting, reply tracking
Non-email based testing (e.g. Smishing/SMS, or Vishing/voice, found USB drive)
Testing analytics and user attribution (e.g. role, day/time of response, demographics)
Industry benchmarking for security awareness performance
Prebuilt library of Interactive training modules
E-learning delivery with live or self-paced modules
Security awareness materials for distribution
Custom-test building tools for company-specific tests
Reinforcement training, gamification, knowledge retention testing
Auto-assign security awareness training for new or vulnerable employees
Company-wide simulation response analytics and reporting
Certification training for security personnel
Industry-specific certifications (e.g. federal security, banking)
When comparing security awareness training vendors, consider these factors:
Product scope: Do buyers’ organization’s security needs focus on employee risks, or do they require broader cybersecurity offerings? Some security awareness training providers focus on solely testing and training employees against various behavior-based threats, such as phishing. Others providers will offer a broader range of security features around email security, web browsing security, or even all-in-one cyber security suites. Consider whether the organization needs comprehensive security, or if the specific concern at hand is around employee security awareness training. Setting that scope will help narrow the list of options.
Security testing options: Testing is a crucial part of any security awareness training platform. However, products will vary in the range of tests they can conduct. Buyers should consider the frequency and customizability of the tests they wish to conduct, as well as the kinds of reporting on those tests the business will require after the fact.
Security-specific training vs. full eLearning suite: Many e-Learning products will offer security awareness training as part of their library of resources. They are also likely to have other resources, such as HR and compliance trainings, for businesses that are primarily concerned with maintaining regulatory compliance. However, these products are less likely to offer the same level of testing and reporting as standalone security awareness training tools.
Security awareness training is available on per seat basis. Larger companies with greater pools of employees pay less per seat. Additionally, security awareness training offer tiers of service. Lower tiers of service provide core services like phish testing, and online training. Higher levels of service may include more elaborate testing (e.g. found USB device testing, BEC simulation), and more testing modules, as well as knowledge certifications. Security awareness service providers may also provide cybersecurity suites of software, or security appliances. These vendors offer the option to bundle security awareness training with email security services, threat intelligence, and related services.
(1-25 of 35) Sorted by Most Reviews
KnowBe4 is a security awareness training and simulated phishing platform. The vendor reports that is used by more than 39,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security…
Infosec IQ security awareness and training aims to empower employees with the knowledge and skills to stay cybersecure at work and home. With over 2,000 awareness and training resources, Choose Your Own Adventure® Security Awareness Games and personalized learning experiences, the…
Proofpoint Security Awareness Training (formerly ThreatSim from Wombat Security) is a cloud-based training platform that simulates threat scenarios (e.g. phishing) and also provides assessment testing developed by Wombat Technologies, which was acquired by Proofpoint in March 2018.…
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
Inspired eLearning in San Antonio offers their Security Awareness Training computer-delivered courses and phishing simulations to prepare workforces against possible threats.
Sophos offers security awareness and phishing training and preparation testing via Sophos Phish Threat, the company's phishing attack simulator.
Webroot Security Awareness Training provides cybersecurity education to enterprise employees and provides security best practice so employees can avoid phishing attempts, and social engineering cybersecurity attacks.
PhishLine provides a suite of applications supporting phishing social engineering simulations with data analytics for evaluation of results as well as targeted training and education to boost readiness. PhishLine was acquired by Barracuda in January 2018, and is now part of Barracuda'…
Global Learning Systems (GLS) offers a variety of training modules supporting security awareness and compliance training needs.
MediaPro in Bothell, Washington offers a suite of training modules and application supporting security awareness and education, touting an advanced Adaptive Planning Tool to meet the needs of various kinds of enterprises.
Security Innovation in Wilmington offers security awareness and education training modules supporting teaching and evaluation / assessment.
The Security Awareness Company offers a suite of e-learning modules supporting compliance and employee security awareness.
Dutch company BeOne Development offers security awareness training modules from pre-packed modules to more customized plans dependent on the needs of the requesting enterprise.
Security Mentor in California offers computer-delivered training modules supporting employee security awareness, and as well as their phishing simulator: PhishDefense.
Optiv Security Awareness Training features CyberBOT, their story driven eLearning platform to improve employee security awareness, as well as phishing simulation to present realistic examples and scenarios.
Booz Allen Hamilton offers CyberSim, a security training and awareness simulation and service.
Kaspersky Labs offers Security Awareness Training and software learning management tools, gamified teaching, and training modules specific to employees in various industries designed to prepare the workforce against phishing, and other cyber threats.
Mimecast Awareness Training is a security awareness training and cyber risk management platform that helps the user to combat information security breaches caused by employee mistakes, dramatically reducing risk.
Hut Six Security allows users to train, test and track an organisation's information security culture with one comprehensive solution. The service combines Hut Six's Information Security Awareness Training with its Simulated Phishing platform. The dashboard integrates training results…
MediaPRO Privacy Awareness TrainingPack Courses The Privacy Awareness TrainingPack includes a collection of training courses focusing on data privacy best practices plus GDPR, HIPAA, FERPA, and select corporate compliance training courses. It also includes our privacy-themed reinforcement…
Living Security headquartered in Austin describes their security awareness training product as a means to engage employees with cybersecurity, as well as motivate, change and reinforce desired security behaviors. The suite includes gamified learning via online sessions and training…
ThreatCop is a cyber security simulator and awareness tool that launches dummy cyber attacks on employees followed with awareness modules and gamified assessment. It simulates and imparts customized awareness based on top 6 attack vectors namely Phishing, Ransomware, Vishing, SMiShing,…
Offensive Security headquartered in New York offers the OffSec Flex Program, a security awareness training program available to enterprises in blocks with variable levels of challenge to accommodate different training needs and roles.
CyberPilot awareness training provides security training in cyber security and GDPR for companies employees. The employees can complete the courses whenever and wherever it fits them. The vendor describes their courses as quick to complete and covers topics such as phishing, personal…
