COOLSPIRiT a Databarracks Company: KnowB4 Security Coach (Realtime Training)
KnowBe4 SecurityCoach is the first real-time security coaching product that delivers immediate feedback to users the moment of risky behaviour. Leverages event data from your existing security stack delivering real-time coaching, reinforces security culture and turns insecure user behaviour into opportunity to train to have security top of mind.
Features
- Real-Time Coaching: Coach your users about risky behaviour in real-time.
- Built-In Detection Rules: Specify risky activity you want to track
- Campaign Recommendations: Best suited campaigns for your detection rules.
- API-Based Integrations: Integrate with your existing security stack vendors.
- SecurityTip Notifications: Real-time via common messaging platforms.
- Easy User Mapping: Connect Identity provider or directory.
- Rule-Based Automation: Real-time campaigns based on existing rules.
- Dashboard and Detailed Reporting: Summary of campaigns, rules & events
- Robust SecurityTip Catalogue: Large catalogue, available in 34 languages.
Benefits
- Reinforce user comprehension and retention of security training.
- Leverage your existing security stack to deliver real-time coaching.
- Build custom campaigns for high-risk users, or roles.
- Measure and report on improved real-world security behaviour.
- Reduce burden on your SOC by decreasing the alert noise.
Pricing
£2.40 a unit
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
2 4 5 8 0 3 1 5 8 0 3 1 0 2 5
Contact
COOLSPIRiT
Alex Raben
Telephone: 01246 454 222
Email: frameworks@coolspirit.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- None
- System requirements
- Brower and internet connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We provide UK office hours support directly, including technical and best practice related questions. The client also has access to a dedicated Customer Success Manager (CSM) who will assist throughout the subscription period. On top of this the full KnowBe4 technical support service is available on US hours
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- 1st point of contact is through the UK where the majority of queries are managed. Escalation to the US based support engineers will then be categorised level 1, 2 and Priority dependent on urgency. All telephone and web-based support is included in the cost of the subscription, there are no extra charges for support or maintenance.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- All onboarding and offboarding is managed by a customers dedicated Customer Success Manager and the KnowBe4 Support function. The CSM can assist with any documentation that is required. SCM's are there to provide guidance and assistance through a customers subscription, this also includes the cancellation of a subscription if required.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Downloadable via CSV/ API extraction. The remaining data is securely destroyed on customer request. Our SOC can provide a certificate of destruction.
- End-of-contract process
- All required elements of the service are included in the price. The subscription, training, documentation, support and product updates are all included in the single subscription price. Contracts are a minimum of 1 year. At the end of the year, if the customer does not wish to renew, the customer can request the data be deleted.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- Yes
- What users can and can't do using the API
- KnowBe4’s APIs are REST APIs that allow you to pull phishing, training, user, and group data from the KnowBe4 console. Data is returned in a JSON structure by default--no additional parameter is needed. Our APIs use resource-oriented URLs for requests and HTTP response codes for error handling. HTTP features, such as HTTP authentication and HTTP verbs, are built-in and understood by standard HTTP clients. Our APIs are available to Platinum and Diamond subscription customers.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- All onboarding and offboarding is managed by a customers dedicated Customer Success Manager and the KnowBe4 Support function. The CSM can assist with any documentation that is required. SCM's are there to provide guidance and assistance through a customers subscription, this also includes the cancellation of a subscription if required.
Scaling
- Independence of resources
- We use auto scaling which monitors our application and automatically adjusts capacity to maintain steady, predictable performance.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Reporting on phishing and training as well as a real time view through the administration dashboard. Enterprise level reporting is available to report on all aspects of a simulated phishing campaign and training campaign.
- Reporting types
- API access
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- KnowBe4
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Other
- Other data at rest protection approach
- KnowBe4 leverages AWS for data encryption at rest (AES-GCM 256)
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Exporting data from KnowBe4 by the customer is done in the form of reports on user activity.
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
-
- CSV
- Other
- Other data import formats
- Though Active Directory
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- Other
- Other protection within supplier network
- Production environment leverages Amazon AWS, WAF, Guard Duty, Shield, VPCs, IAM, security groups and other controls. Changes to environment or logged and monitored. All changes require going through the change management process. Production environment leverages Amazon AWS, WAF, Guard Duty, Shield, VPCs, IAM, security groups and other controls. Changes to environment or logged and monitored. All changes require going through the change management process
Availability and resilience
- Guaranteed availability
- 99.9% to be measured annually.
- Approach to resilience
- KnowBe4 engineers have designed a cloud first highly scalable and resilient product architecture within AWS. Performance of systems within our product architecture are monitored for key metrics to ensure that the load on any one system is within an acceptable range. Should any components become overloaded or experience a fault, automated processes will execute to bring online additional temporary systems or to cycle out existing systems for new ones. Automation is built into the KnowBe4 architecture so system monitoring, updates, and corrective actions can take place as needed with no downtime.
- Outage reporting
- Outages reported by email and on status webpage.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Single Sign on SAML with access based on Role.
Administrators of the console can have privileges set according to function. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ANAB
- ISO/IEC 27001 accreditation date
- Feb 2022
- What the ISO/IEC 27001 doesn’t cover
- Not Known
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 01/12/2023
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- Not Known
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- All certs linked here - https://www.knowbe4.com/security
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- All KnowBe4 Products are SOC 2 type 2 compliant. KMSAT is also FedRamp Compliant. Please reference: https://marketplace.fedramp.gov/#/product/knowbe4-security-awareness-training?sort=productName&productNameSearch=knowbe
- Information security policies and processes
- KnowBe4 has established and maintained various Information Security and Privacy Policies. These are inspected and reviewed for completeness as part of our multiple annual external audits. These include but are not limited to Change Management, BCP/DR, Information Security, Third Party Security Guidelines, Data classification, etc.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- The KnowBe4 R&D department leverages a Continuous Integration / Continuous Delivery (CI/CD) pipeline for managing code deployments. Code changes are peer reviewed, approved by separate QA staff, and tested in a staging environment before they are pushed into production. The staging and production environments are logically separated and no data is shared between them.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- The KnowBe4 information security team performs web application vulnerability scans monthly. These scans are configured to run as authenticated scans. Any vulnerabilities found during these scans or any other vulnerability discovery activities are added to a vulnerability tracking system. There the vulnerabilities are verified, categorised, and evaluated for actual risk. Vulnerabilities are remediated in accordance with a defined schedule.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- All KMSAT processes have audit logging enabled as part of the default configurations. Additional logging for Infrastructure, system and networking are managed leveraging various tools. These are monitored by a dedicated team.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
KB4 has a formal incident response plan, of which the key elements include: Preparation, Identification, Containment, Remediation, Investigation, Follow-up/ Lessons Learned, and Notifications.
In the event of an incident involving your data you will be informed via email within 72 hours.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
As an organisation, COOLSPIRiT is wholly committed to improving our social & sustainability record and drive real change through to delivery of our contracts. We take great pride working with our supply chain and customers to understand how our services can be provided with reduced emissions seeking a net zero impact on our environment. We employ a number of activities / initiatives to help accelerate us towards our global population becoming carbon neutral, including, Partnering with World Land Trust to plant trees in Borneo, SME Climate Commitment, Working from solar-powered offices, Availability of electric car charge points, Electric-powered company vehicles, Upgrading to LED lighting throughout our offices, Eradicating the use of single-use plastic, Achieving ISO 14001 Certification, Supporting the 721 Challenge. We understand that our business has a direct impact on the environment, so we're actively working towards best practices in the technology sector. In regard to our Social Responsibility, we also thrive on making differences wherever possible, be it big or small, to help support the overall impact that organisations can have on our local communities. Initiatives we have in place include, Apprenticeships for local people, Employment skills structure, Supporting the community, Donations of technology equipment, Local collaboration, Sustainability and environmental focus, Supporting Charity. We're excited to have now partnered with the World Land Trust (Registered Charity No. 1001291) as a corporate supporter. The World Land Trust carries out essential reforestation projects, supporting conservation and creation of wildlife-rich habitats benefitting local communities, reconnecting forest areas, and storing carbon. In addition to the measures noted above we will automatically plant a tree for every contract placed with us. More information can be found on our website https://www.coolspirit.co.uk/
Pricing
- Price
- £2.40 a unit
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- After a demonstration, KnowBe4 allow access to the ModStore for content preview and test what is included.
- Link to free trial
- Please contact us