Following the outbreak of COVID-19, cyber criminals’ efforts to penetrate security defenses have only become more pronounced and aggressive, such as targeting remote voicemails and weak internet connections. Even before COVID however, the phishing threat was enormous, with an estimated 90% of cyberattacks initiated with a malicious email. That’s why, in the face of the global pandemic, it’s perhaps more important than ever for companies to have a robust email security infrastructure in place.
But how can CISOs and IT leaders really know they’re getting the best bang for their buck in email security?
Today, many companies' email security relies heavily on secure email gateways (SEG) and authentication protocols such as DMARC, yet these safeguards leave a gap in security inside the mailbox. This makes it difficult - if not impossible - to detect modern payload-less attacks, such as business email compromise (BEC), that lack the malicious links or attachments that legacy tools cannot detect.
That’s where IRONSCALES fits in.
The IRONSCALES team recently caught up with cloud security channel provider EveryCloud co-founder and CEO Paul Richards and director Keith Purves. One of the UK’s fastest growing cloud security and communications providers, EveryCloud works with the world’s leading technology providers to help its customers thrive in the digital age, while having the full protection and control they need to keep their business safe and productive.
The Q&A below dives into EveryCloud’s approach to email security, the threat landscape and how IRONSCALES helps their team mitigate email risk for the company’s customers.
Keith: We’ve been working with IRONSCALES for nearly three years now. Recently, we’ve seen a steady increase in customer interest in the platform, with an acceleration in adoption the past year as so many emails are getting past Microsoft Advanced Threat Protection and other security tools. IRONSCALES provides that additional layer of defense, with all users joining the first line of defense against phishing and an impressive speed of remediation. Across all of the companies that are using the IRONSCALES platform through our partnership, EveryCloud is protecting many thousands of end-user mailboxes.
Paul: What’s most interesting is that most customers often don’t realize the problems they’re having and how pervasive they are. They think they’re already doing a good enough job at email security, but our role is to provide that extra education of where malicious emails are penetrating mailboxes.
Further, we often find that our customers are not always aware of the changing and increasingly sophisticated nature of threats. While there may be some commonalities, email phishing has become much more targeted at the individual level. We’ve seen the rise of social engineering attacks which impersonate managers and superiors catching employees off guard. There’s simply no amount of training that will completely absolve that threat, so the additional security layer from the IRONSCALES platform is essential.
Fake login pages are also on the rise. We’ve heard horror stories of company employees entering credentials on these pages where it’s often very hard to spot the differences or signs that they’re fraudulent.
Paul: Our customers are global, with 90%+ being based in or having a large presence in the UK. Typically, they’ll already have a security person on the team being mid-market companies. And some of our larger customers have CISOs or 10+ security teams giving them that enterprise-level security in place. All that said, IRONSCALES is still offering a powerful benefit to them by automating and outsourcing these tasks that are quite time-consuming.
With all of us working remotely right now, we’re seeing even more awareness of the dangers of email phishing and logging onto critical applications (and knowing when you’re on a legitimate login page). Phishing is a threat all of our customers can see clearly and the improvements IRONSCALES makes are palatable and measurable, which is always a strong selling point.
Keith: Themis has been a great addition and really adds into the “wow factor” of remediation. We can talk about IRONSCALES self-learning platform in the abstract all day, but they can really see it in action with Themis, which uses the power of AI to predict the legitimacy of any suspicious emails with high confidence. The way that it integrates and becomes bespoke for each organization is also impressive as it continually learns from tens of millions of emails that run through our platform to give your security teams real-time recommendations on detected or reported incidents.
Given the rise and effectiveness of fake login pages, IRONSCALES’ visual similarity detection is also an essential component to stop those URLs from reaching inboxes. Most other traditional SEGs don’t have this capability and we know this is top of mind for our customers as an emerging threat.
Keith: The biggest benefit of IRONSCALES is its seamless integration and the power of the POC. During that period, our customers can very quickly see the power of the platform and the tangible benefits of its remediation capabilities. It does exactly what it says it’s going to do, and companies don’t want to turn it off after it’s plugged in.
Today’s evolving threat landscape can feel very precarious and we’ve seen time and again IRONSCALES staying ahead of the curve, identifying and fending off new attacks just as they’re emerging. We’ve been really impressed with the team’s engineers and leadership.
Paul: IRONSCALES provides our customers with a unique multi-modular platform, integrating sophisticated technologies including computer vision and AI with Themis, which acts at the mailbox level as opposed to gateway level, with an easy-to-use API plug-in that can be pushed out to employees very quickly.
Thank you, Paul and Keith, for sharing your experience with IRONSCALES.
To learn more about EveryCloud’s email security offerings by reading more on their protection solutions. And if you’re interested in learning more or becoming an IRONSCALES partner, check out our Partnership Program to learn more and get your customers onto our advanced self-learning email security platform today.