Demand for computer-based security awareness training software tools continues to grow rapidly. Spending on such services grew about 40 percent to $490 million in 2018, Gartner estimates.
Comply with regulations, procedures and policies;
Support disciplinary actions;
increasing employees’ knowledge and competency concerning threats, risks and security options; and
change and maintain employees’ security behavior and building a more security-aware culture.
A prime example of computer-based security awareness training involves simulated Phishing emails, which are designed to trick employees into clicking on non-approved email and web links.
So, which companies are the top performers in the computer-based security awareness training market? We promised to reveal 10 company names in the headline above. But we've actually listed 14 companies below. One name is based on our SMB coverage; the other 13 names are based on Gartner's Magic Quadrant for Security Awareness Computer-Based Training from November 2018. For the sake of simplicity, we've sorted the companies alphabetically. The content includes some of Gartner's perspectives, along with MSSP Alert's own views where indicated.
Top 10 (Make that 13) Security Awareness Training Companies
1. Barracuda PhishLine: In early 2018 Barracuda acquired PhishLine. Together, Barracuda and PhishLine are helping organizations to combat email-borne and social engineering attacks, the companies say. MSSP Alert says: Barracuda has a strong technology portfolio in the MSP and MSSP markets. Most of the company's security, data protection and backup services are now available as multi-tenant services for MSPs. PhishLine is a natural addition to that partner portfolio.
2. Cofense: The offering was previously called PhishMe. But the brand was overhauled during a private equity buyout in early 2018. MSSP Alert says: The company relaunched a global reseller program and committed to an all-channel sales model in mid-2018. The company said it is focusing on partnerships with leading distributors, resellers, and value-added resellers that sell a variety of cybersecurity solutions. Cofense claims it works with about 300 such partners worldwide.
3. Global Learning Systems: We've got a confession. MSSP Alert has not covered Global Learning Systems before this article. But they're on our radar now. MSSP Alert says: The company has a handful of partner relationships with familiar channel names like CDW and Tech Data, and Top 100 MSSPs such as SecureWorks.
4. InfoSec Institute: The organization's flagship SecurityIQ product offers precise, targeted training to specific employees, Gartner says. It combines anti-phishing simulation, general security awareness CBT and role- based training into a 12-month best-practices program with a default curriculum, the researcher adds. MSSP Alert says:ISI today offers enterprise security awareness and phishing training and IT and security bootcamps. It also provides online and in-person security training options, including more 100 IT security courses, and has trained over 50,000 individuals to date. The company launched a channel partner program for MSSPs, managed service providers (MSPs), value-added resellers (VARs) and original equipment manufacturers (OEMs) in late 2018.
5. Inspired eLearning: This is another company, quite frankly, that MSSP Alert has not previously covered. The company had an executive-level change in 2018, and the business is transitioning its strategy, design, people and culture, Gartner notes. MSSP Alert says: The company has a growing partner program and key members include Dimension Data. However, the partner program is not on the company's website menu system atop the home page -- a missed opportunity for the channel push...
6. Junglemap: The company offers separate programs for general learners, managers and executive/board members, Gartner notes. MSSP Alert says: The company's portfolio of education tools focuses on information security, GDPR compliance and digital transformation. However, there's no mention of a partner program on the company's website.
7. KnowBe4: This is the fastest-growing company in the market, Gartner reports. The company has an aggressive pricing strategy and an M&A strategy, Gartner adds. MSSP Alert says: KnowBe4 is especially serious about its partner program. The company in June 2018 has also launched the Breached Password Test (BPT) tool to help IT administrators isolate password security vulnerabilities and identify high-risk passwords.
8. MediaPRO: The company provides all the components needed to run a complete security awareness program, Gartner asserts. Key areas of focus include reducing human risk, phishing prevention, achieving and measuring compliance, and measuring results. MSSP Alert says: The company's partner program link is buried at the bottom of its homepage...
9. Proofpoint Wombat Security: Proofpoint acquired Wombat Security in March 2018. Wombat's portfolio is innovative and extends into anti-phishing areas, but the solution is priced relatively high compared to rivals, Gartner indicated. MSSP Alert says: Proofpoint is serious about channel partners. The company has had formal MSP-oriented partnerships since around 2013.
10. SANS Institute: The organization remains a major force in the training market for IT security professionals, offering well-regarded certification and degree programs, such as the Global Information Assurance Certification (GIAC), Gartner says. MSSP Alert says: The company is best-known for training true security professionals. We're curious to see if the company's training delivers results for the more general line-of-business employee.
11. Security Innovation: The company provides a diverse set of application security and IT security training content, including traditional CBT and videos, Gartner notes. MSSP Alert says: The company claims to be particularly strong in application security. Moreover, a partner program is prominently featured on its website.
12. Sophos: The company offers Phish Threat, an “advanced phishing attack simulator and training solution.” Armed with the simulator, MSPs can launch fake attacks against their customers — and ultimately train those customers to avoid real attacks. MSSP Alert says: Sophos has one of the most MSP-friendly partner programs in the security market. The company's multi-tenant dashboard offers more and more security services for MSPs to monetize and manage for customers. Phish Threat is a natural extension to that effort.
13. Terranova: The company has completed 1000+ phishing, GDPR and security awareness programs spanning over six million users, Terranova claims. MSSP Alert says: On the one hand, Terranova has a partner program. But on the other, the company is an MSSP in its own right.
14. Bonus - Webroot: On the one hand. Gartner's Magic Quadrant for computer-based security awareness training generally focuses on enterprise-type customer deployments. But on the other hand, there are some security awareness training solutions that are purpose-built for MSPs in the SMB sector. One such example is Webroot Security Awareness Training. MSSP Alert says: Webroot is well-known and well-established in the MSP and SMB sectors. Among the key stats that Webroot mentions:
- Those who only ran phishing simulations (without accompanying security training) saw users clicking through to malicious sites an average of 26.47%.
- However, those who coupled training with phishing simulations saw the click rate drop to 12.32% - less than half.