Skip to main content

Help us improve the Digital Marketplace - send your feedback

COOLSPIRiT

COOLSPIRiT a Databarracks Company: KnowB4 Security Coach (Realtime Training)

KnowBe4 SecurityCoach is the first real-time security coaching product that delivers immediate feedback to users the moment of risky behaviour. Leverages event data from your existing security stack delivering real-time coaching, reinforces security culture and turns insecure user behaviour into opportunity to train to have security top of mind.

Features

  • Real-Time Coaching: Coach your users about risky behaviour in real-time.
  • Built-In Detection Rules: Specify risky activity you want to track
  • Campaign Recommendations: Best suited campaigns for your detection rules.
  • API-Based Integrations: Integrate with your existing security stack vendors.
  • SecurityTip Notifications: Real-time via common messaging platforms.
  • Easy User Mapping: Connect Identity provider or directory.
  • Rule-Based Automation: Real-time campaigns based on existing rules.
  • Dashboard and Detailed Reporting: Summary of campaigns, rules & events
  • Robust SecurityTip Catalogue: Large catalogue, available in 34 languages.

Benefits

  • Reinforce user comprehension and retention of security training.
  • Leverage your existing security stack to deliver real-time coaching.
  • Build custom campaigns for high-risk users, or roles.
  • Measure and report on improved real-world security behaviour.
  • Reduce burden on your SOC by decreasing the alert noise.

Pricing

£2.40 a unit

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@coolspirit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

2 4 5 8 0 3 1 5 8 0 3 1 0 2 5

Contact

COOLSPIRiT Alex Raben
Telephone: 01246 454 222
Email: frameworks@coolspirit.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Brower and internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
We provide UK office hours support directly, including technical and best practice related questions. The client also has access to a dedicated Customer Success Manager (CSM) who will assist throughout the subscription period. On top of this the full KnowBe4 technical support service is available on US hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
1st point of contact is through the UK where the majority of queries are managed. Escalation to the US based support engineers will then be categorised level 1, 2 and Priority dependent on urgency. All telephone and web-based support is included in the cost of the subscription, there are no extra charges for support or maintenance.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
All onboarding and offboarding is managed by a customers dedicated Customer Success Manager and the KnowBe4 Support function. The CSM can assist with any documentation that is required. SCM's are there to provide guidance and assistance through a customers subscription, this also includes the cancellation of a subscription if required.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Downloadable via CSV/ API extraction. The remaining data is securely destroyed on customer request. Our SOC can provide a certificate of destruction.
End-of-contract process
All required elements of the service are included in the price. The subscription, training, documentation, support and product updates are all included in the single subscription price. Contracts are a minimum of 1 year. At the end of the year, if the customer does not wish to renew, the customer can request the data be deleted.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
WCAG 2.1 A
API
Yes
What users can and can't do using the API
KnowBe4’s APIs are REST APIs that allow you to pull phishing, training, user, and group data from the KnowBe4 console. Data is returned in a JSON structure by default--no additional parameter is needed. Our APIs use resource-oriented URLs for requests and HTTP response codes for error handling. HTTP features, such as HTTP authentication and HTTP verbs, are built-in and understood by standard HTTP clients. Our APIs are available to Platinum and Diamond subscription customers.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
All onboarding and offboarding is managed by a customers dedicated Customer Success Manager and the KnowBe4 Support function. The CSM can assist with any documentation that is required. SCM's are there to provide guidance and assistance through a customers subscription, this also includes the cancellation of a subscription if required.

Scaling

Independence of resources
We use auto scaling which monitors our application and automatically adjusts capacity to maintain steady, predictable performance.

Analytics

Service usage metrics
Yes
Metrics types
Reporting on phishing and training as well as a real time view through the administration dashboard. Enterprise level reporting is available to report on all aspects of a simulated phishing campaign and training campaign.
Reporting types
API access

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
KnowBe4

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
KnowBe4 leverages AWS for data encryption at rest (AES-GCM 256)
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Exporting data from KnowBe4 by the customer is done in the form of reports on user activity.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
Though Active Directory

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
Production environment leverages Amazon AWS, WAF, Guard Duty, Shield, VPCs, IAM, security groups and other controls. Changes to environment or logged and monitored. All changes require going through the change management process. Production environment leverages Amazon AWS, WAF, Guard Duty, Shield, VPCs, IAM, security groups and other controls. Changes to environment or logged and monitored. All changes require going through the change management process

Availability and resilience

Guaranteed availability
99.9% to be measured annually.
Approach to resilience
KnowBe4 engineers have designed a cloud first highly scalable and resilient product architecture within AWS. Performance of systems within our product architecture are monitored for key metrics to ensure that the load on any one system is within an acceptable range. Should any components become overloaded or experience a fault, automated processes will execute to bring online additional temporary systems or to cycle out existing systems for new ones. Automation is built into the KnowBe4 architecture so system monitoring, updates, and corrective actions can take place as needed with no downtime.
Outage reporting
Outages reported by email and on status webpage.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Single Sign on SAML with access based on Role.

Administrators of the console can have privileges set according to function.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ANAB
ISO/IEC 27001 accreditation date
Feb 2022
What the ISO/IEC 27001 doesn’t cover
Not Known
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
01/12/2023
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Not Known
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
All certs linked here - https://www.knowbe4.com/security

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
All KnowBe4 Products are SOC 2 type 2 compliant. KMSAT is also FedRamp Compliant. Please reference: https://marketplace.fedramp.gov/#/product/knowbe4-security-awareness-training?sort=productName&productNameSearch=knowbe
Information security policies and processes
KnowBe4 has established and maintained various Information Security and Privacy Policies. These are inspected and reviewed for completeness as part of our multiple annual external audits. These include but are not limited to Change Management, BCP/DR, Information Security, Third Party Security Guidelines, Data classification, etc.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The KnowBe4 R&D department leverages a Continuous Integration / Continuous Delivery (CI/CD) pipeline for managing code deployments. Code changes are peer reviewed, approved by separate QA staff, and tested in a staging environment before they are pushed into production. The staging and production environments are logically separated and no data is shared between them.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The KnowBe4 information security team performs web application vulnerability scans monthly. These scans are configured to run as authenticated scans. Any vulnerabilities found during these scans or any other vulnerability discovery activities are added to a vulnerability tracking system. There the vulnerabilities are verified, categorised, and evaluated for actual risk. Vulnerabilities are remediated in accordance with a defined schedule.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All KMSAT processes have audit logging enabled as part of the default configurations. Additional logging for Infrastructure, system and networking are managed leveraging various tools. These are monitored by a dedicated team.
Incident management type
Supplier-defined controls
Incident management approach
KB4 has a formal incident response plan, of which the key elements include: Preparation, Identification, Containment, Remediation, Investigation, Follow-up/ Lessons Learned, and Notifications.
In the event of an incident involving your data you will be informed via email within 72 hours.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

As an organisation, COOLSPIRiT is wholly committed to improving our social & sustainability record and drive real change through to delivery of our contracts. We take great pride working with our supply chain and customers to understand how our services can be provided with reduced emissions seeking a net zero impact on our environment. We employ a number of activities / initiatives to help accelerate us towards our global population becoming carbon neutral, including, Partnering with World Land Trust to plant trees in Borneo, SME Climate Commitment, Working from solar-powered offices, Availability of electric car charge points, Electric-powered company vehicles, Upgrading to LED lighting throughout our offices, Eradicating the use of single-use plastic, Achieving ISO 14001 Certification, Supporting the 721 Challenge. We understand that our business has a direct impact on the environment, so we're actively working towards best practices in the technology sector. In regard to our Social Responsibility, we also thrive on making differences wherever possible, be it big or small, to help support the overall impact that organisations can have on our local communities. Initiatives we have in place include, Apprenticeships for local people, Employment skills structure, Supporting the community, Donations of technology equipment, Local collaboration, Sustainability and environmental focus, Supporting Charity. We're excited to have now partnered with the World Land Trust (Registered Charity No. 1001291) as a corporate supporter. The World Land Trust carries out essential reforestation projects, supporting conservation and creation of wildlife-rich habitats benefitting local communities, reconnecting forest areas, and storing carbon. In addition to the measures noted above we will automatically plant a tree for every contract placed with us. More information can be found on our website https://www.coolspirit.co.uk/

Pricing

Price
£2.40 a unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
After a demonstration, KnowBe4 allow access to the ModStore for content preview and test what is included.
Link to free trial
Please contact us

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@coolspirit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.