KnowBe4 Boosts Security Awareness Training With Virtual Risk Officer

The AI-powered capability provides cyber-security risk metrics for organizations to better understand where potential issues exist.

KnowBe4 VRO

Cyber-security awareness and training vendor KnowBe4 announced on Oct. 8 that it is expanding its capabilities with the addition of Virtual Risk Officer (VRO).

The VRO feature is powered by artificial intelligence machine learning technologies and is intended to provide organizations with feedback and insight into their cyber-risk. The VRO capability is being complemented with an Advanced Reporting (AR) feature that provides additional insight into cyber-security operations at organizations. The KnowBe4 platform update also includes a group report card that provides information to managers on how a given group within an organization responds to phishing simulations and security awareness training.

"The VRO gives a single metric—risk—that encompasses several aspects of a user beyond simply their phishing and training performance," Stu Sjouwerman, CEO of KnowBe4, told eWEEK. "The user risk scores roll up to the organization, which allows an admin to monitor and manage their Security Awareness Program with a singular metric."

The KnowBe4 platform provides cyber-security training as well as simulation tools to help improve awareness at organizations. There is considerable demand for security awareness training, according to KnowBe4, with the company announcing on Oct. 4 that its year-over-year sales for the third quarter of 2018 nearly doubled. The market for phishing awareness in particular is a competitive one, with a number of other vendors besides KnowBe4 actively developing services, including Symantec, Trend Micro and Barracuda Networks. 

Sjouwerman explained that before the new VRO and AR features, an administrator could see phish-prone percentage and training data but could not correlate those two items. The phish-prone percentage helps to identify the likelihood that a given user will click on a phishing link. Sjouwerman added that the VRO risk score is also flexible enough to ingest new data to continue tuning the score over time.

"AR allows the correlation, and VRO takes that to the next level by also incorporating additional data such as user exposure and role within the organization," he said.

The VRO capability in KnowBe4 make uses of what Sjouwerman referred to as an extensive open-source AI stack. The stack includes a version of TensorFlow, a popular open-source AI framework that Google developed.

While VRO provides new forms of data correlation to help understand cyber-risk, the plan is to add even more integration in the future.

"We are working on releasing APIs that will allow us to interface with UEBA [User and Entity Behavior Analytics] platforms, but this is our first move into that direction," Sjouwerman said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.