Security Awareness Training Reviews – KnowBe4

On first glance of KnowBe4’s products and services list a familiar name can’t help but be
noticed – Kevin Mitnick. For those unaware, Kevin Mitnick is a notorious hacker and social
engineer who was once on the FBI’s most wanted list, and he is also the author of
educational books such as the Art of Intrusion, the Art of Deception, and the Art of
Invisibility, all essential reading for anyone involved in information security.

Mitnick’s name alone brings an air of knowledge and expertise and KnowBe4 seem to understand
this. Bolstering the “world’s largest library” of security awareness training content,
KnowBe4 are certainly living up to their security awareness programme’s namesake, and with
innovative technologies such as EZXploit and USB drive test they seem to want to provide
more than just the standard security awareness training. Below is an explanation of just
some of the services that make KnowBe4 stand out from other provider’s security awareness
training.

EZXploit: EZXploit is described as a “human pentest” and goes beyond the scope of a traditional
phishing campaign simulation. Adding a second ruse in the form of something like a Java popup
after a user has clicked on a link sent in a simulated phishing email, EZXploit demonstrates your
staff’s vulnerability or resilience to a social engineering attack. EZXploit then performs a
scan to grab pieces of data from their workstation such as IP address, username and Active
Directory information.

USB Drive Test: The USB Drive Test tests your staff’s reactions to unknown USB drives.
Almost half of people who find a USB drive will plug in to a machine either they own or use,
and very few of those people had concerns for security. The USB Drive Test put’s a beaconized
Word, Excel, or PDF file on to a USB and when the file is opened, an alert is sent to your
KnowBe4 admin console.The great thing about knowBe4’s USB Drive test is that there is a free
7 day trial so you can assess your user’s security awareness before you buy the full programme.

As mentioned above, KnowBe4 provides a free USB Drive Test, but they also offer other
free tools to help your overall security posture. Below are the top 3 of their free tools

Phish Security Test: KnowBe4 provide a phishing campaign simulation for free, so you can assess
up to 100 users phishing awareness using a customized test sample, which provides results in a
a PDF format within 24 hours.

Phish Alert Button: KnowBe4’s Phish alert button is a one-click solution for users to report
suspicious emails, which is then sent to your incident response team for further analysis and
action. It also deletes the email from the users inbox to prevent future exposure.

Email Exposure Check Pro (EEC): EEC works in 2 stages. In the first stage EEC performs deep web
searches to find publicly available organizational data that can be used to formulate spear
phishing attacks. The second stage finds user account information that has been exposed in a
data breach.

Finally KnowBe4’s ingenuity and originality shines through with their Crypto-Ransom Guarantee.
KnowBe4 are so confident of the efficacy of their security awareness training that under this
guarantee, if you are currently a KnowBe4 client, and your files are encrypted with ransomware,
KnowBe4 will pay your ransom.

If you would like to know more about KnowBe4, you can visit their website at knowbe4.com.

To see a comparison of all Security Awareness Training programmes go to: Security Awareness Training – Comparisons & Conclusions.