Security Awareness

Security awareness is important for end-users to understand and practice. The best security tools are rendered ineffective when end-users are unaware of security risks and proceed to blindly trust seeming innocuous emails and web links.​

The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

These include:

  • User Satisfaction Rankings
  • Business Value Scores
  • Vendor Capability Comparisons
  • Product Feature Evaluations

The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

These include:

  • Strategy and Innovation
  • Service Experience
  • Conflict Resolution
  • Product Impact
  • Negotiation and Contract

Still need assistance?

We're here to help you with understanding our reports and the data inside to help you make decisions.

Latest Research

Windows 7 End-of-Life Troubles Continue: ESUs Don’t Apply to Enterprises That Purchased Licences
March 17, 2020

Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.

Author: Isaac Kinsella (Info-Tech)

Qualys Unveils Its New Vulnerability Management, Detection, and Response Matrix
March 17, 2020

Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.

Author: Isaac Kinsella (Info-Tech)

Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection
March 16, 2020

Microsoft has added its Windows 10 Tamper Protection controls to the public version of Microsoft Defender. Previously available only to enterprise users, Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.

Author: Isaac Kinsella (Info-Tech)

See All Research

Security Awareness Products

Filter by:

KnowBe4

KnowBe4 Security Awareness

KnowBe4 is the world's most popular integrated platform for awareness training combined with simulated phishing attacks. We help thousands of organizations to manage the continuing problem of social engineering.

8.2

Composite Score

8.5

CX Score

+87

Emotional Footprint

82%

Likeliness to Recommend

26

Reviews

Kaspersky

Kaspersky Security Awareness

Kaspersky Lab has launched a family of computer-based training products that utilize the latest learning techniques and address all levels of the organizational structure. Our integral approach consists of modern learning techniques ensuring all employees are trained up to their best needed level. Gamification, learning-by-doing and repeated reinforcement help to build strong skills retention and prevent obliteration. Each training is engaging and highlighting the personal importance of cybersecurity.

7.5

Composite Score

7.4

CX Score

+69

Emotional Footprint

78%

Likeliness to Recommend

15

Reviews

MediaPro

MediaPro

MediaPro helps you plan and deliver an adaptive awareness program where you analyze your employees’ behavior, target unique training and reinforcement to employees based on their risk profile, and measure your progress along the way with simulated phishing and knowledge assessments.

8.5

Composite Score

9.2

CX Score

+99

Emotional Footprint

85%

Likeliness to Recommend

5

Reviews

Proofpoint

Proofpoint Security Awareness Training

REQUEST A DEMO Overview Engage your end users and arm them against real-world cyber attacks, using personalized cybersecurity training based on our industry-leading threat intelligence. Instead of wasting time with one-size-fits-all content, we help you deliver the right cybersecurity awareness training to the right people at the right time.

8.1

Composite Score

8.6

CX Score

+90

Emotional Footprint

80%

Likeliness to Recommend

5

Reviews

Terranova WW Corporation

Terranova Security Awareness

With our comprehensive, end-to-end suite of security awareness solutions at your disposal, you can address threats completely, effectively and in a way that makes the most sense for your organization and its culture.

7.3

Composite Score

6.9

CX Score

+56

Emotional Footprint

75%

Likeliness to Recommend

6

Reviews

Cofense

Cofense

With more than 90% of breaches attributed to successful phishing campaigns, it’s easy for organizations to point to the everyday employee as the root cause – as the problem to be solved. We disagree. CofenseTM believes employees – humans – should be empowered as part of the solution to help strengthen defenses and gather real-time attack intelligence to stop attacks in progress.

--

Composite Score

--

CX Score

+99

Emotional Footprint

85%

Likeliness to Recommend

3

Reviews

SANS Institute

SANS Securing the Human

Easily manage your cyber awareness training program. The SANS Advanced Cybersecurity Learning Platform makes it easy to track results, be compliant, and change behavior.

--

Composite Score

8.2

CX Score

+88

Emotional Footprint

100%

Likeliness to Recommend

2

Reviews

The Security Awareness Company

The Security Awareness Company

Provides organizations with dynamic security awareness training materials on an international scale since 1991. SAC creates cyber security awareness training programs (including compliance standards such as HIPAA and PCI-DSS) for companies of all sizes.

--

Composite Score

--

CX Score

+100

Emotional Footprint

78%

Likeliness to Recommend

1

Reviews

Sophos

Sophos Phish Threat

Phishing is big business. Attacks have shown record growth in recent years, and a solid security awareness program is an integral part of any defense-in-depth strategy. Sophos Phish Threat educates and tests your end users through automated attack simulations, quality security awareness training, and actionable reporting metrics.

--

Composite Score

0.8

CX Score

-12

Emotional Footprint

33%

Likeliness to Recommend

2

Reviews

Ninjio

Ninjio Aware

NINJIO is a “Content First” Company. Over 200 hours are spent on each Hollywood story-based episode, to deliver the highest quality production on the market today. Most Awareness providers are “Phishing First” companies who have viewed Awareness content as an after-thought. Creating engaging story-based content on a frequent basis keeps cyber security awareness “Top of Mind.” Top of Mind equals retention. Retention changes behavior such that when a user is hit with a threat, they remember how to react. The outcome for your organization- FEWER BREACHES.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Lucy Security

Lucy

Employees are the last line of defense. This is why education, the testing of know-how and the active involvement of employees in your cyber defense are essential components of your IT Strategy. LUCY is SOFTWARE that allows companies to take on the role of an attacker and uncover and close weaknesses in both the technical infrastructure and the staff.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Inspired eLearning

Inspired Security Awareness

Named an Inc. 5000 company for the 5th year in a row, Inspired eLearning delivers the highest quality educational products to transform corporate culture, nurture and enhance workforce skills and deliver maximum ROI for the corporate education budget. Inspired eLearning offers Security Awareness and Compliance solutions that include Security First Solutions, CyQ Cybersecurity Assessment tool, PhishProof phishing assessment software, content integration and a fully hosted web-based eLearning course delivery and tracking system using the iLMS (Inspired Learning Management System).

--

Composite Score

7.7

CX Score

+80

Emotional Footprint

85%

Likeliness to Recommend

3

Reviews

InfoSec Institute Inc

Infosec SecurityIQ

Our phishing simulator, PhishSim, includes 1,000s of phishing templates in a variety of attack types and difficulty levels, including drive-by, attachment and data-entry attacks. New templates are added each week, helping you — and your workforce — stay ahead of the latest threats.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

CybSafe

CybSafe Security Awareness Training

CybSafe is the world’s first intelligent cyber security and data analytics platform that enables you to quantify your human cyber risk and resilience, whilst measuring whether your awareness activities (such as training and phishing simulations) are actually working. CybSafe does this in a way both information security professionals and executives can understand and provides data-driven insight that can be used to optimise awareness, behaviour and culture programs. CybSafe is cyber security technology that fuses psychology and behavioural science with artificial intelligence and data science.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

ControlScan

ControlScan Security Awareness

ControlScan’s Security Awareness Training Service delivers courses over the web so that employees can view them anytime and anywhere. You get to choose the courses available to them, which can include general instruction in security as well as specific courses in areas like PCI and HIPAA-HITECH. The ControlScan Security Awareness Training online program can be implemented in days, provides you with a critical security measure, and enables you to demonstrate compliance with training requirements that apply to your business.

--

Composite Score

--

CX Score

+54

Emotional Footprint

0%

Likeliness to Recommend

1

Reviews

BeOne Development Group

BeOne Security Awareness

Employees are increasingly the target of cyber criminals. That is why we help your people improve their cyber skills. With BeOne Development's security awareness solutions, employees can better withstand the current cyber threats. We increase awareness for information security and improve risk-aware behavior. This way we complete your cyber security policy.

--

Composite Score

8.8

CX Score

+100

Emotional Footprint

100%

Likeliness to Recommend

1

Reviews

Barracuda Networks

Barracuda PhishLine

Defend your business against social-engineering attacks and transform employees from potential victims into a layer of defense with Barracuda PhishLine. With PhishLine, you guard against every facet of social-engineering threats with continuous simulation and training for employees. Show them the latest attack techniques, how to recognize the subtle clues and help stop email fraud, data loss, and brand damage.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Mimecast Services

Mimecast Cyber Security Awareness

Increasing cyber security awareness among your users will undoubtedly help to prevent more cyber security threats. Email-borne threats have always targeted human beings, duping them into clicking on links, opening attachments or providing passwords and personal information that can be used to penetrate cyber security defenses. It doesn't matter how much you've invested in the latest cyber security tools or the most sophisticated cyber security strategies – if your users can't spot a suspicious link or a fraudulent email, your defenses are likely to be compromised.

--

Composite Score

8.4

CX Score

+92

Emotional Footprint

89%

Likeliness to Recommend

1

Reviews

Webroot Software

Webroot Security Awareness Training

Security awareness training is an education process that teaches employees about cybersecurity, IT best practices, and even regulatory compliance. A comprehensive security awareness program should train employees about a variety of IT, security, and other business-related topics. These may include how to avoid phishing and other types of social engineering cyberattacks, spot potential malware behaviors, report possible security threats, follow company IT policies and best practices, and adhere to any applicable data privacy and compliance regulations (GDPR, PCI DSS, HIPAA, etc.)

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

All Research

Windows 7 End-of-Life Troubles Continue: ESUs Don’t Apply to Enterprises That Purchased Licences
March 17, 2020

Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.

Author: Isaac Kinsella (Info-Tech)

Qualys Unveils Its New Vulnerability Management, Detection, and Response Matrix
March 17, 2020

Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.

Author: Isaac Kinsella (Info-Tech)

Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection
March 16, 2020

Microsoft has added its Windows 10 Tamper Protection controls to the public version of Microsoft Defender. Previously available only to enterprise users, Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.

Author: Isaac Kinsella (Info-Tech)

United Nations Faces Cyber-Espionage; Failure to Patch Causes Breach
March 03, 2020

A leaked UN report showed that servers were compromised during a cyberattack that exploited an older version of Microsoft SharePoint. This breach is a case study in the importance of both patch management and transparency.

Author: Isaac Kinsella (Info-Tech)

Microsoft Troubles Continue; Zero-Day Vulnerability Places Windows Users at Risk
February 24, 2020

Reported by Microsoft on January 17, the company admitted to another vulnerability in the older versions of its Windows products. A vulnerability in the remote code execution (RCE) was found in the scripting engine of Internet Explorer (IE).

Author: Isaac Kinsella (Info-Tech)

Windows 7 Reaches End of Life; Are You About to Pay the Price?
February 24, 2020

Last fall, Microsoft announced that it would be ending support for Windows 7 on January 14, 2020.

Author: Isaac Kinsella (Info-Tech)

Citrix Systems Remain Vulnerable Despite Patching Attempts
February 04, 2020

A Citrix vulnerability first discovered on December 17, 2019 is being continually exploited by ransomware attackers despite patching attempts by Citrix.

Author: Isaac Kinsella (Info-Tech)

Project Zero Extends Its Vulnerability Disclosure Agreement to 90 Days, Changes to Follow
February 04, 2020

Project Zero is changing its vulnerability disclosure policy to give software developers more time to patch vulnerabilities. The policy is now shifted to a stringent 90-day policy.

Author: Isaac Kinsella (Info-Tech)

Bishop Fox Discovers Eight Vulnerabilities in ConnectWise: Patching a Managed Service Provider
January 30, 2020

Cybersecurity firm Bishop Fox identified eight vulnerabilities in ConnectWise’s remote control and remote access software.

Author: Isaac Kinsella (Info-Tech)

Tenable Chosen as the Successor for BeyondTrust’s Vulnerability Management Suite; BeyondTrust Steps Aside
January 30, 2020

Announced on December 31, 2019, BeyondTrust named Tenable as the successor to its Vulnerability Management suite.

Author: Isaac Kinsella (Info-Tech)

Department of Defense Seeks Improved Patch Management Tech: Why You Should Care
January 30, 2020

On January 15, 2020, the Department of Defense (DoD) issued an open call to vendors to fulfill a contract to help improve their technology and inventory management.

Author: Isaac Kinsella (Info-Tech)

Windows 10 Security Flaw Discovered; Millions of Devices at Risk
January 28, 2020

On January 14, Microsoft issued a statement acknowledging a crucial security flaw within its Windows 10 operating systems: a failure in the Windows 10 CryptoAPI service that affects both Windows 10 and Windows Server Update systems.

Author: Isaac Kinsella (Info-Tech)

Cisco Suffers Security Flaw With Zoom Interoperability
December 19, 2019

Cisco is beginning to lose patience with its Zoom interoperability after another Zoom security risk: access for the Zoom Connector for Cisco hosted on zoom.us did not require authentication, allowing external users to join a Zoom meeting without password credentials.

Author: Thomas Randall (Info-Tech)

KnowBe4 Completes the FedRAMP Authorization Process
November 05, 2019

On October 30, 2019, KnowBe4, a leader in the end-user security training space, was awarded Federal Risk and Authorization Management Program (FedRAMP) approval from the US federal government.

Author: Ian Mulholland (Info-Tech)

National Cyber Security Alliance Names Habitu8 As Their Official Security Awareness Video Training Partner
October 03, 2019

For 2019’s National Cybersecurity Awareness Month (NCSAM), the National Cyber Security Alliance (NCSA) has named the security awareness and training vendor Habitu8 its official partner.

Author: Ian Mulholland (Info-Tech)

KnowBe4 Releases Machine Learning Module for PhishER Platform
October 03, 2019

Security awareness and training vendor KnowBe4 has added a machine learning module called PhishML to its existing SOAR platform, PhishER.

Author: Ian Mulholland (Info-Tech)

Trend Micro Partners With NINJIO, InfoSec, GoldPhish, and NextTech Security to Offer Free Training Content
August 24, 2019

Trend Micro has added training content to its free Phish Insight tool, originally a simple, cloud-based phishing platform. The new training content comes from partnerships with NINJIO, InfoSec, GoldPhish, and NextTech Security.

Author: Ian Mulholland (Info-Tech)

Prebuilt, Layered Campaign Kits Make Security Awareness and Training a Low-Effort, High-Value Initiative
August 23, 2019

Infosec now offers campaign kits through its Infosec IQ product: prebuilt campaigns consisting of layered training materials and implementation recommendations. While many vendors are willing to provide guidance on how you should build and deliver your campaign, these kits from Infosec Institute already have that guidance built in.

Author: Ian Mulholland (Info-Tech)

Avaya Releases New Firmware to Resolve Vulnerability in VoIP Phones
August 21, 2019

Avaya’s newly released firmware addresses a vulnerability that has survived for 10 years in VoIP phone models configured with H.323 signaling.

Author: Thomas Randall (Info-Tech)

Hacker Compromises Data of 106 Million Capital One Customers
August 14, 2019

A hacker has compromised 106 million Capital One customers after a data breach. But the real story might be less to do with cloud security itself and more to do with Capital One’s own security engine for cloud services.

Author: Thomas Randall (Info-Tech)

Apple Rushes to Fix Zoom Security Flaw
July 22, 2019

Apple has delivered a silent update to Macs, rectifying a security flaw in its Zoom web-conferencing service.

Author: Thomas Randall (Info-Tech)

To Combat the Reactive Culture Surrounding New Data Privacy Laws, MediaPRO Releases Training on the CCPA
May 27, 2019

MediaPRO has taken the lead in the market on offering training around the impending California Consumer Privacy Act (CCPA), a data privacy law set to go into effect on January 1, 2020.

Author: Ian Mulholland (Info-Tech)

ISACA and InfoSec Institute Produce Whitepaper on Using Marketing Techniques and Metrics for Improved Security Awareness Programs
March 26, 2019

ISACA has partnered with InfoSec Institute to produce a whitepaper on leveraging marketing techniques and metrics to improve security awareness. This is a valuable resource that contains universally applicable information.

Author: Ian Mulholland (Info-Tech)

KnowBe4 Begins the Federal Risk and Authorization Management Program (FedRAMP) Authorization Process
March 18, 2019

KnowBe4, a leader in end-user security training, has begun the authorization process for the Federal Risk and Authorization Management Program (FedRAMP). This is yet another initiative by KnowBe4 to better secure the data collected by its customers.

Author: Ian Mulholland (Info-Tech)

KnowBe4 Expands Into Brazil With the Purchase of El Pescador From Tempest
February 27, 2019

KnowBe4, a leader in end-user security training, has acquired El Pescador, a Brazilian security awareness and training company. This could be a good fit if you are looking for a vendor who can provide a wide variety of topics and training formats.

Author: Ian Mulholland (Info-Tech)

Qualys Discovers Critical Flaw With OpenBSD Mail Server, Multiple Programs Vulnerable

Qualys Research Labs, a vulnerability management provider, discovered a vulnerability in the OpenSMTPD Mail server used in conjunction with the OpenBSD operating system. This flaw allows for an attacker to execute arbitrary code with command privileges.

Author: Isaac Kinsella (Info-Tech)

Load More