The mainstream security awareness training market — KnowBe4, Proofpoint Security Awareness, Mimecast Awareness Training, Cofense — sells you a large library of generic content with a phishing simulation engine attached. The content is predominantly US-centric. Canadian-specific law (PIPEDA, Quebec Law 25, PHIPA, YCJA, CYFSA, Alberta PIPA, BC PIPA) and UK-specific law (UK GDPR, DPA 2018, RIPA, the Children Act, the Care Act) require custom configuration, extra modules at extra cost, or custom content creation. The platform operates as a separate tool in your stack, with separate billing and a separate admin interface.
Lavawall® takes a different approach. Training is built into the same platform your MSP already uses for patch management, GRC compliance, M365/Entra configuration monitoring, and breach detection. Canada, US, and UK-specific courses are included out of the box. The Phishing Reporter Outlook add-in gives every user near-instant, plain-English feedback on every email they report. Phishing simulations are included. Policy acknowledgement — requiring users to sign off on your specific GRC policy document as part of course completion — is included. None of this costs extra per seat.
Feature comparison
| Feature | Lavawall® | KnowBe4 | Proofpoint SA | Mimecast SA |
|---|---|---|---|---|
| Canada-specific courses (PIPEDA, Law 25, PHIPA, YCJA) | ✓ Included | Partial / extra cost | Not included | Not included |
| US-specific courses (HIPAA, FERPA, COPPA) | ✓ Included | ✓ Included | ✓ Included | Partial |
| UK-specific courses (UK GDPR, DPA 2018, RIPA, safeguarding) | ✓ Included | Partial | Partial | Partial |
| Vulnerable sector courses (children, abuse survivors) | ✓ CA / US / UK variants | Not included | Not included | Not included |
| Phishing simulation | ✓ Included | ✓ Core feature | ✓ Included | ✓ Included |
| Phishing Reporter explains email to users in plain English | ✓ Real-time, in Outlook | Admin-only analysis | Admin-only analysis | Admin-only analysis |
| Detects KnowBe4 simulation emails | ✓ Automatic | N/A | No | No |
| Policy acknowledgement linked to GRC documents | ✓ Included | Separate | Separate | Separate |
| Integrated with patch management and GRC | ✓ Same platform | Separate tool | Separate tool | Separate tool |
| Multi-tenant MSP management | ✓ Included | Extra cost / tier | MSSP tier | Partner tier |
| Pricing model | Included with subscription | Per user / year | Per user / year | Per user / year |
Where KnowBe4 genuinely wins
This comparison is evenhanded. KnowBe4 has a content library of thousands of short training modules, videos, games, and assessments. Its phishing simulation engine is mature and highly configurable, with thousands of phishing templates and deep reporting. Its training platform is its core product — Lavawall's training is one component of a broader platform. Organizations that need a large library of bite-sized, regularly updated modules across many topics, or who want advanced simulation configuration, may prefer KnowBe4's depth.
Lavawall® is the right choice for MSPs and organizations that want jurisdiction-specific Canadian, US, and UK content, integrated GRC policy acknowledgement, and training included in their security platform budget rather than a separate per-seat line item.
Phishing Reporter: the key difference
KnowBe4 PhishAlert, Proofpoint's report button, and Mimecast's equivalent all do the same thing: collect the reported email and send it to an admin queue. The user gets a generic confirmation. The analysis happens behind the scenes.
Lavawall® shows the user — in the Outlook taskpane, in under three seconds — the specific reasons this email should or should not be trusted: the sender domain age, whether the sending server was authorized by the domain's SPF record, DKIM signature validity, DMARC policy, attachment type and risk, link destinations, and whether the sender domain is a typosquat. Users learn from every report. Admins get the same structured data plus richer analysis.
This difference matters for training outcomes. Understanding why an email is suspicious reinforces the habit. Clicking a report button and receiving a "thanks for reporting" message reinforces only that the button exists.
Frequently asked questions
- Is Lavawall training as comprehensive as KnowBe4's library?
- No — KnowBe4 has thousands of modules. Lavawall's training library focuses on jurisdiction-specific courses covering AI risk, phishing, privacy law, sector-specific obligations, and GRC. If you need a large generic content library, KnowBe4 has more breadth. If you need Canadian-specific or UK-specific content with integrated GRC and no additional per-seat cost, Lavawall® is the better fit.
- Does Lavawall work alongside KnowBe4?
- Yes. The Lavawall® Phishing Reporter detects KnowBe4 simulation emails automatically and gives users positive reinforcement. You can run Lavawall training and KnowBe4 simulations in parallel.
- What does the policy acknowledgement feature do?
- When creating a training assignment, you can require users to acknowledge a specific policy document from your GRC library. The acknowledgement is timestamped, stored against the enrollment record, and visible in the admin dashboard with the date and the user's typed signature when required.
- How do I deploy the Phishing Reporter?
- Through Microsoft 365 Centralized Deployment. Deployment takes under 10 minutes and works on Windows, Mac, web, iOS, and Android. No per-device configuration needed.