Comprehensive Software Reviews to make better IT decisions
KnowBe4 Expands Into Brazil With the Purchase of El Pescador From Tempest
KnowBe4, a leader in end-user security training, has acquired El Pescador, a Brazilian security awareness and training company. This could be a good fit if you are looking for a vendor who can provide a wide variety of topics and training formats.
KnowBe4 acquired El Pescador from Tempest, a national security intelligence agency. This new relationship will see KnowBe4’s current library grow and become more diversified, and will give El Pescador the ability to further grow and expand its services, products, and functionalities.
As with some of the other security awareness vendors purchased by KnowBe4, El Pescador will be an independent subsidiary of KnowBe4, and thus will maintain its current brand. After El Pescador was acquired by Tempest in 2015, it has “been growing more than 100 percent a year” according to Rafael Silva, founder and CEO of El Pescador. He expects this growth to continue under KnowBe4.
The impacts to each of the three organizations involved in this deal are as follows:
- KnowBe4: The vendor has expanded its library to include the content offered by El Pescador. This content will likely be made available to members of KnowBe4’s diamond-tier subscription.
- El Pescador: According to Rafael Silva, the acquisition “will provide the Brazilian company with more investments and the expansion of services, products and functionalities, as well as an accelerated growth in the sales of licenses and programs.”
- Tempest: This vendor will remain a strategic business partner of KnowBe4.
KnowBe4 acquiring smaller security awareness and training organizations has been a frequent headline over the last few years. While it is known for having the largest library of security awareness and training content, each acquisition adds more topic breadth, content variety, language translations, and geographical coverage.
If you are looking for a vendor who can provide a wide variety of topics and training formats, KnowBe4 may be a good fit. If you are looking for training that has continuity across all content, remember that KnowBe4’s acquisitions will result in a content library that is highly diversified.
Want to Know More?
Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.
Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.
Microsoft has added its Windows 10 Tamper Protection controls to the public version of Microsoft Defender. Previously available only to enterprise users, Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.
Qualys Research Labs, a vulnerability management provider, discovered a vulnerability in the OpenSMTPD Mail server used in conjunction with the OpenBSD operating system. This flaw allows for an attacker to execute arbitrary code with command privileges.
A leaked UN report showed that servers were compromised during a cyberattack that exploited an older version of Microsoft SharePoint. This breach is a case study in the importance of both patch management and transparency.
Reported by Microsoft on January 17, the company admitted to another vulnerability in the older versions of its Windows products. A vulnerability in the remote code execution (RCE) was found in the scripting engine of Internet Explorer (IE).
Last fall, Microsoft announced that it would be ending support for Windows 7 on January 14, 2020.
A Citrix vulnerability first discovered on December 17, 2019 is being continually exploited by ransomware attackers despite patching attempts by Citrix.
Project Zero is changing its vulnerability disclosure policy to give software developers more time to patch vulnerabilities. The policy is now shifted to a stringent 90-day policy.