The mainstream security awareness training market — KnowBe4, Proofpoint Security Awareness, Mimecast Awareness Training — sells large libraries of generic content with a phishing simulation engine attached. The content is predominantly US-centric. Canadian-specific law (PIPEDA, Quebec Law 25, PHIPA, YCJA, Alberta PIPA, BC PIPA), UK law (UK GDPR, DPA 2018, RIPA, safeguarding obligations), Australian law (Privacy Act 1988, Essential Eight, Notifiable Data Breaches scheme), and EU law (GDPR, NIS2, DORA) require custom configuration, extra modules, or custom content. The platform operates separately from your security stack with separate billing.
Lavawall® takes a different approach. Training is built into the same platform your MSP already uses for patch management, GRC compliance, M365/Entra configuration monitoring, and breach detection. Courses are jurisdiction-specific for five regions — Canada, US, UK, Australia, and EU — across 25 vertical industries, 33 compliance frameworks, and standalone working-from-home and business travel courses. The Phishing Reporter Outlook add-in gives every user near-instant, plain-English feedback on every email they report. Phishing simulations, policy acknowledgement with timestamped records, and a multi-tenant admin dashboard are all included at no additional per-seat cost.
Feature comparison
| Feature | Lavawall® | KnowBe4 | Proofpoint SA | Mimecast SA |
|---|---|---|---|---|
| Canada-specific courses (PIPEDA, Law 25, PHIPA, YCJA) | ✓ Included | Partial / extra cost | Not included | Not included |
| US-specific courses (HIPAA, FERPA, COPPA, CCPA) | ✓ Included | ✓ Included | ✓ Included | Partial |
| UK-specific courses (UK GDPR, DPA 2018, RIPA, safeguarding) | ✓ Included | Partial | Partial | Partial |
| Australian courses (Privacy Act, Essential Eight, NDB scheme) | ✓ Included | Not included | Not included | Not included |
| EU GDPR courses (NIS2, DORA, CRA) | ✓ Included | Partial | Partial | Not included |
| Vertical industry courses (25 industries, 5 jurisdictions) | ✓ 250+ courses | Some verticals | Some verticals | Limited |
| Compliance framework courses (33 frameworks) | ✓ Included | Some | Some | Limited |
| Vulnerable sector courses (children, abuse survivors) | ✓ CA / US / UK variants | Not included | Not included | Not included |
| Phishing simulation | ✓ Included | ✓ Core feature | ✓ Included | ✓ Included |
| Phishing Reporter explains email to users in plain English | ✓ Real-time, in Outlook | Admin-only analysis | Admin-only analysis | Admin-only analysis |
| Detects KnowBe4 simulation emails automatically | ✓ Automatic | N/A | No | No |
| Policy acknowledgement linked to GRC documents | ✓ Included | Separate | Separate | Separate |
| Working from home and travel security courses | ✓ 5 jurisdictions | Generic modules | Generic modules | Generic modules |
| Integrated with patch management and GRC | ✓ Same platform | Separate tool | Separate tool | Separate tool |
| Multi-tenant MSP management | ✓ Included | Extra cost / tier | MSSP tier | Partner tier |
| Pricing model | Included with subscription | Per user / year | Per user / year | Per user / year |
Where KnowBe4 genuinely wins
This comparison is evenhanded. KnowBe4 has a content library of thousands of short modules, videos, games, and assessments updated regularly. Its phishing simulation engine is mature and highly configurable, with thousands of simulation templates, deep reporting, and targeting by department or risk group. Its training platform is its core product and has had years of investment in content breadth. Organizations that need a very large library of bite-sized, regularly updated modules across many topics — or who want advanced simulation configurability with deep analytics — may prefer KnowBe4's depth of content.
Lavawall® is the right choice for MSPs and organizations that need jurisdiction-specific Canadian, US, UK, Australian, or EU content out of the box; compliance framework training included; integrated GRC policy acknowledgement; and training bundled into their security platform budget rather than as a separate per-seat line item.
Phishing Reporter: the key difference
KnowBe4 PhishAlert, Proofpoint's report button, and Mimecast's equivalent all do the same thing: collect the reported email and send it to an admin queue. The user gets a generic "thanks for reporting" confirmation. Analysis happens behind the scenes, visible only to administrators.
Lavawall® shows the user — in the Outlook taskpane, in under three seconds — the specific reasons the email should or should not be trusted: the sender domain age, whether the sending server was authorized by the domain's SPF record, DKIM signature validity, DMARC policy, attachment type and risk, link destinations, and whether the sender domain is a typosquat. Users learn from every report. Admins get the same structured data plus richer analysis.
This matters for training outcomes. Understanding why an email is suspicious reinforces the habit of checking. Clicking a report button and receiving a "thanks" message reinforces only that the button exists.
Frequently asked questions
- Is Lavawall training as comprehensive as KnowBe4's content library?
- No — KnowBe4 has thousands of short-form modules and videos. Lavawall's training focuses on jurisdiction-specific depth: real Canadian, US, UK, Australian, and EU law; 25 vertical industry courses in each jurisdiction; 33 compliance framework courses; and working-from-home and travel security. If you need a very large general content library, KnowBe4 has more breadth. If you need jurisdiction-specific content with integrated GRC and no additional per-seat cost, Lavawall® is the better fit.
- Does Lavawall work alongside KnowBe4?
- Yes. The Lavawall® Phishing Reporter detects KnowBe4 simulation emails automatically and gives users positive reinforcement feedback. You can run Lavawall training alongside KnowBe4 simulations.
- Does Lavawall include Australian Essential Eight training?
- Yes. A dedicated Australian Essential Eight course covers all eight controls and three maturity levels. Australian jurisdiction-specific variants of the 25 vertical industry courses reference the Privacy Act 1988, the Australian Privacy Principles, and the Notifiable Data Breaches scheme — not HIPAA or PIPEDA.
- Does Lavawall include EU GDPR training?
- Yes. Lavawall includes EU GDPR training for EU organisations, plus separate courses for Canadian businesses with EU customers and US businesses with EU customers. EU NIS2, DORA, and the Cyber Resilience Act are also covered in the GRC framework course library.
- What does policy acknowledgement do?
- When creating a training assignment, you can require users to acknowledge a specific policy document from your GRC library as part of completing the course. The acknowledgement is timestamped, stored against the enrollment record, and visible in the admin dashboard. It can optionally require the user to type their full name as a signature.