It seems like there are two or three posts every day on social media where cyber security companies are basically saying, “Don’t trust humans to keep your company secure because they’ll always fail. Instead, trust our [insert whizbang product name] that uses the latest in AI/ML to keep your company safe.”
We are proud of what our AI/ML can do when it comes to detecting and remediating advanced phishing attacks - and doing so in just milliseconds. We can show that our AI/ML is stopping around 99% of advanced phishing attacks, but we acknowledge that some of our fellow ICES-type email security companies are probably catching about the same amount with their AI/ML. The question then becomes: what happens with the other 1%? That’s where we have taken a different path than the competition.
One of the core tenets at IRONSCALES is that phishing is a human + machine problem that can only be solved with a human + machine solution. 99% of protection comes from AI/ML, but it’s that last 1% that can make all the difference between an organization getting breached or not. And that 1% is where we put a heavy focus. Some of our competitors truly believe that their AI/ML is all that is needed to protect their customers and that the other 1% is an acceptable risk for your organization. Other competitors believe that making employees take training and subjecting them to a barrage of simulated phishing exercises is enough to quash the phishing problem. We believe that this isn’t an either/or situation, but one where the technology and the end-users work together is the optimal solution to defending against phishing attacks.
To address the other 1%, we have incorporated the human element into our solution in many ways:
- Every one of our thousands of customers becomes part of what we call our “Community” on day one. The Community acts as a crowdsourced early warning detection network of sorts, as any Community member who spots an email, they believe to be a phish can report it to IRONSCALES. We then consider that input as a data point used by our AI/ML in deciding on whether we believe the email in question is in fact a phish.
- We believe that Security & Awareness training and simulated phishing exercises are an important part of helping end-users to understand what to look out for and to report suspicious emails to their IRONSCALES admin with a single click of a button. That said, it is important to have a solution that integrates the training with the anti-phishing platform so that end users are being tested on real-world threats, not just some canned set of training modules each quarter.
- When our AI/ML can’t make a final determination as to whether or not a specific email is a phish, we will insert an awareness banner into the email to provide the end-user with an alert that there may be an issue and to give them the power to decide if they want to move forward with taking an action contained in the email or not.
In summary, there’s more than one ICES-type of email security provider that can leverage AI/ML to catch the first 99% of advanced phishing emails. But we’re the only one who incorporates humans into the solution. This is how we live up to our own belief that phishing is a human + machine problem that can only be solved with a human + machine solution.
“Even if our AI/ML can stop 99.999% of advanced phishing attacks, we will ALWAYS incorporate the human element into our solution. That’s the only way an organization will ever have a chance at completely protecting against these kinds of attacks.” – Eyal Benishti, CEO, IRONSCALES
To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at ironscales.com/get-a-demo.