Employee Simulation & Training:


With phishing being the number one deliverable for ransomware and malware, it’s more important than ever for enterprises to prioritize email security. Many organizations have turned to employee training and awareness programs to bolster their defense-in-depth strategy, recognizing humans as the first line of defense, but also the most vulnerable to deception.


According to the 2014 Verizon Data Breach Report: “…over the years we’ve done this research, users have discovered more breaches than any other internal process or technology.” Another survey of CISOs by CEB, now part of Gartner, found that two-thirds agreed with this observation


“Information security now requires more than protection against breaches. A robust ability to detect and respond to breaches is critical, and key element of breach detection is rank-and-file employees. To meaningfully improve detection and response to breaches, companies need to move beyond traditional “awareness” efforts, and build a program that teaches employees to be breach detectors. 

 Jeremy Bergsman Managing Director, IT Practice, CEB. 17 MAY 2017


IronSchool empowers employees to become proactive – thinking and acting as security team members using our industry-proven experiential learning methods to better prepare employees to recognize and report malicious email phishing attacks, turning awareness into mitigation and preventing millions of dollars of loss and damages.

Based on a gamified simulated training program and a unique crowd-wisdom approach, we train employees to detect and report phishing emails by providing them with a report button inside the most popular email solutions such as Office 365 / Exchange & Gsuite.

While it is important to detect messages, it is as important to ensure that employees report potential phishing messages…– SONY


What is IronSchool and what makes it unique?


IronSchools’ training programs are tailored to employee’s individual awareness levels because we don’t believe in a one size fits all approach.

The training in itself is gamified and interactive therefore making it more engaging and memorable.

IRONSCALES also uses training as a catalyst that fuels and trains our machine learning technologies, creating a continuous feedback loop inside our multi-layered ecosystem.


What does it do?


We know that some attacks will bypass traditional defense layers, so IronSchool builds employee awareness to reduce risk and click rates and train our machine learning technologies.

Using IRONSCALES systems and methodologies we are able to bring organizations phishing attack response times down to under 1 minute for top performing companies.


How does it work?


IronSchool challenges your employees with a series of staged, real-world phishing attacks in order to evaluate their individual level of awareness.  Based on performance levels, a training campaign is then tailored to each employee.

Our gamified, interactive method trains each employee individually to think and act as a security team member, becoming proactive against a multitude of attack types.

The CIO/CISO dashboard performs ongoing real-time analyses of the campaign and training results, generating KPIs for routine or on-demand review. Enterprise-wide and employee-specific reports provide insights into the effectiveness of each campaign.




  • Reduce click rates – by more than 89%
  • Increase detection rates – Attacks are being detected 9x faster
  • Decreased detection times – First reports of threats occur in under 90 seconds
  • Measurable Security Awareness – see results after just a few simulated campaigns




Intuitive Dashboard & Management – A user-friendly GUI provides easy access to in-depth analytics about employee/company vulnerability and improvement in awareness at any given moment and over time

A Fully Automated Program– Automatic execution of training and mitigation rules pre-configured by the CISO or security team

Extensive and Robust Reporting  – Dissect and analyze campaigns without limits and as detailed as you need

SaaS / On-Prem or Hybrid Solutions – Based on the security requirements of the organization

Managed Services – No time to deploy your awareness training program? Our partners will work with you to create a project that meets your needs

On Mail Training – on mail training for when someone performs an unsafe action as part of a mock phishing campaign



IRONSCALES challenges your employees with a series of staged, real-world phishing attacks in order to evaluate their individual level of awareness towards, malware, ransomware, social engineering, spear phishing, spoofing, smishing and more.


Our gamified, interactive method trains each employee individually to think and act as a virtual SOC response team member, which in turn fuels our  machine learning mitigation solution (IronTraps)


To effectively mitigate the risks of phishing attacks, companies must combine employee training efforts with machine learning that is smart enough to immediately respond to attacks and share attack intelligence, empowering them to proactively defend their network gateways and endpoints from increasingly frequent and complex email phishing attacks.


Learn More about how IronTraps and the human layer can automatically prevent, detect and respond to email phishing attacks in real-time.