On the Radar: IronScales offers anti-phishing defense suite

Awareness training, automated forensics, remediation, intelligence sharing, and anomaly detection

On the Radar: IronScales offers anti-phishing defense suite 3

SummaryCatalyst

IronScales offers a suite of phishing defense technologies, including an awareness training platform, forensics, remediation, intelligence sharing, and anomaly detection at the level of individual mailboxes.

Key messages

IronScales offers a quick and easy deployment for Office365 in the cloud, on premises, or hybrid, with no MX records changes required.

Unlike gateway products, IronScales monitors behavior at the mailbox level, looking for anomalies in communication habits by using machine learning coupled with user feedback.

IronScales is designed to empower employees with tools to report emails that bypass detection. It provides small or overburdened security teams with automated forensics and incident response.

It automatically shares zero-day, human-verified, phishing attacks in real time across companies.

Ovum view

Phishing continues to be the primary delivery mechanism for malware, while social engineering has made it easier to gather information on key employees and launch file-less attacks, all of which bodes well for the take-up of IronScales’ technology.

On the Radar: IronScales offers anti-phishing defense suite 4

Recommendationsfor enterprisesWhy put IronScales on your radar?Other companies that started in phishing-awareness training are also looking to expand their offerings, but none has gone as far as IronScales. The combination of a cloud-based back end and the fact that it is developing an MSSP route to market promises to expand its target audience still further.

HighlightsIronScales currently has four modules that deploy on a common underlying platform. These modules are IronSchool, IronTraps, Federation, and IronSights.

IronSchool is a training module designed to raise end users’ awareness of phishing attacks and methodologies and the need to report phishing attacks to their IT/security departments.

IronTraps, which launched in 2015, is an automated forensics and response module that streamlines processes, from user reporting to company-wide remediation, reducing response times and the manual labor involved in response. It does this by automatically analyzing, detecting, and removing malicious emails that have landed in a user’s inbox. It performs full mailbox scans and claws back the offending email within seconds of it landing in an inbox (the average time to a first user opening a phishing email is 82 seconds). If such an email has been seen before by IronScales anywhere in its customer base or has been reported by another employee on the customer’s staff, it will be automatically analyzed and remediated if found malicious. Remediation can be automated or manual in accordance with the customer’s preference, though the company is at pains to emphasize that it does not perform traditional blocking, but instead rapid automated clawback before users can click on an email.

On the Radar: IronScales offers anti-phishing defense suite 5

Federation, which launched in 2016, is an ecosystem for sharing phishing intelligence, based on a real-time database of verified phishing emails contributed by analysts of IronScales customers who sign up to the service.

IronSights, the most recent addition to the portfolio, was launched in 2017, and is a product that performs anomaly detection on the individual mailbox rather than at a gateway. It does this by profiling every mailbox it is protecting, looking at activity going back a year, and applying algorithms to benchmark what constitutes normal behavior for that user. It then provides alerts when it detects anomalies that might indicate so-called business email compromise (BEC). This can entail, for instance, flagging attempts to impersonate a company officer in an email to the finance department ordering a fund transfer.

For the malware analysis in IronTraps, the company partners with a series of security vendors, including Check Point and Opswat, to which a file can be forwarded for further investigation. IronScales also creates an intrusion signature that can be forwarded to any of the most widely used security incident and event management (SIEM) products.

IronScales stresses that its approach to phishing protection does not entail changes to MX records in the domain name system (DNS), and does not involve the rerouting of traffic. It believes that these are clear advantages over the more resource-heavy gateway products widely used today. It also sees as a differentiator for its technology its ability to detect polymorphic attacks, thanks to its smart clustering of anomalies based on its machine learning algorithms.

On the Radar: IronScales offers anti-phishing defense suite 6

BackgroundIronScales was founded in 2014 by CEO Eyal Benishti, who was previously a security researcher and malware analyst at Radware. Before that he was Java tech lead at Imperva. The company’s VP of research is Lomy Ovadia, whose previous posts include Java team lead at Nielsen company eXalate and SMP at Allot Communications.

The first product launched by the company provided phishing training, but the company saw the need to expand its offerings, and has added new modules. It now offers anomaly detection at the mailbox level, an intelligence-sharing mechanism, and a forensics and response module. Three of the modules are deployed on a common platform to ease upsell, while intelligence sharing is an information source only with no functionality required on the platform.

IronScales has raised $8m in two funding rounds, most recently announcing a Series A worth $6.5m in December 2017, led by Los Angeles-based VC K1 Capital.

On the Radar: IronScales offers anti-phishing defense suite 7

Current positionIronScales has more than 100 customers in the midsize and large enterprise categories. It also works through MSSPs to reach SMEs, as well as using a mixed one- and two-tier channel model, depending on the geography.

It groups its four modules into four distinct sales packages.

Reporter, which consists of the Ironschool product with a phishing reporting button on the end user’s device.

Remediator, consisting of IronSchool and IronTraps.

Collaborator, which includes IronSchool, IronTraps, and Federation.

Disruptor, which comprises the entire suite of IronScales products.

Charging is a license per mailbox protected by the technology, with volume discounts as the number of mailboxes increases. IronScales says it typically targets companies with more than 1,000 mailboxes, but it has already gone up to enterprises with tens of thousands and down to companies below the 1,000 threshold. Since early 2017 the company has also been developing relationships with MSSPs to reach a larger target market.

The IronScales technology is essentially cloud-based, whether it be monitoring Office 365, the G Suite, or an on-premises device such as an Exchange server. There is no software deployed to endpoints beyond the reporting button for IronTraps and IronSights customers. This button will also be offered in a cloud version later this year.

In terms of its competitive environment, IronScales says platforms that provide phishing awareness training such as PhishMe, Wombat, and KnowBe4, and Email Security providers such as ProofPoint and Mimecast are competitors but argues that they only address part of the issue.

On the Radar: IronScales offers anti-phishing defense suite 8

Data sheetKey facts

Product name

Version number

Industries covered

Relevant company sizes

URL

Company headquarters

Product classification

Release date

Geographies covered

Licensing options

Routes to market

Number of employees

Ironscales

n/a

Healthcare, government, utilities, banking/finance, retail, manufacturing. Fortune 500.

Midsize and enterprise

www.ironscales.com

Tel Aviv, Israel

Anti-phishing threat protection

2014

Americas, EMEA, Asia, Asia-Pacific

Packages; volume-based pricing

Channel 80%, direct 20%

30

Source: Ovum

On the Radar: IronScales offers anti-phishing defense suite 9

AppendixOn the RadarOn the Radar is a series of research notes about vendors bringing innovative ideas, products, or business models to their markets. Although On the Radar vendors may not be ready for prime time, they bear watching for their potential impact on markets and could be suitable for certain enterprise and public sector IT organizations.

Further readingOn the Radar: Wombat provides security awareness and training, INT003-000012 (November 2017)On the Radar: PhishMe offers phishing defense technology, INT003-000013 (November 2017)

AuthorRik Turner, Principal Analyst, Infrastructure Solutionsrik.turner@ovum.com

Ovum ConsultingWe hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovum’s consulting team may be able to help you. For more information about Ovum’s consulting capabilities, please contact us directly at consulting@ovum.com.

On the Radar: IronScales offers anti-phishing defense suite 10

Copyright notice and disclaimer

The contents of this product are protected by international copyright laws, database rights and other intellectual property rights. The owner of these rights is Informa Telecoms and Media Limited, our affiliates or other third party licensors. All product and company names and logos contained within or appearing on this product are the trademarks, service marks or trading names of their respective owners, including Informa Telecoms and Media Limited. This product may not be copied, reproduced, distributed or transmitted in any form or by any means without the prior permission of Informa Telecoms and Media Limited.

Whilst reasonable efforts have been made to ensure that the information and content of this product was correct as at the date of first publication, neither Informa Telecoms and Media Limited nor any person engaged or employed by Informa Telecoms and Media Limited accepts any liability for any errors, omissions or other inaccuracies. Readers should independently verify any facts and figures as no liability can be accepted in this regard – readers assume full responsibility and risk accordingly for their use of such information and content.

Any views and/or opinions expressed in this product by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Informa Telecoms and Media Limited.

Contact Usovum.informa.comaskananalyst@ovum.com

International OfficesBeijingDubaiHong KongHyderabadJohannesburgLondonMelbourneNew YorkSan FranciscoSao PauloTokyo