• Platform
    Spring '24 Software Release! Check out our new deep image-based detection, GWS capabilities, and more. Explore the new additions
  • Solutions
    Introducing Weekly Demos! Join us for a live walkthrough of our platform and see the difference firsthand. Register Now
  • Learn
    New Report! Osterman Research releases their 2024 findings on Image-based/QR Code Attacks. Read the report
  • Partner
  • Pricing

Consider this scenario

An attacker sends a phishing email to lure an end user within an organization into clicking a malicious link, opening an attachment, or providing login credentials. Once the attacker lands on the victim's machine, what's their first move? They'll likely figure out their position within the organization, scraping the memory for cached information. This can include temporarily stored admin credentials, connected file shares, domain controllers, browsing history of SharePoint resources, and virtually any means to become a local or domain admin.

For the attacker, moving laterally and building a foothold is key at this stage to stay persistent. Gaining privileged access allows them to access infrastructure, on-prem networks, cloud, and SaaS applications. It's also a prime location to launch phishing or social engineering scams, enabling access to other employees or partners.

Once the foothold is established and expansion achieved, executing objectives becomes the focus. This might involve stealing intellectual property, sensitive data, transferring funds, or causing business disruption through ransomware. Skilled attackers will do what they can to cover their tracks, often using ransomware as an effective diversion to encrypt evidence.

Most companies lack the skills to keep up with emerging threats. For example, you wouldn't hire a plumber or electrician full-time just because there might be a pipe blockage or power outage, right? Managed Detection & Response (MDR) services are designed to stop attackers by covering multiple attack surfaces and phases in the cyber kill chain. These technologies often include EDR, XDR, NDR, CDR, SIEM, and SOAR. But one component often overlooked is Email security.

Email security is often the unsung hero in the fight against cyber threats. While technologies like EDR, XDR, NDR, CDR, SIEM, and SOAR are commonly associated with MDR services, Email security is frequently left on the sidelines. Yet, it's a vital piece of the puzzle.

Email is the starting point for around 90% of cyber-attacks, and a single phishing email can lead to significant data breaches. Ensuring that your MDR service focuses on identifying and mitigating phishing attempts is key to reducing risks like data loss, unauthorized access, and other security incidents.

Successful phishing attacks can wreak havoc on business operations, leading to compromised user accounts, network infiltration, malware infections, or ransomware incidents. MDR services must leverage advanced techniques to identify and block phishing emails promptly, minimizing potential impacts on business continuity.


Next-generation email security acts as an early detection system (shown above in a simplified MITRE attack framework visualization), ideally working in cross-correlation with tools like EDR/XDR or SIEM/SOAR. It can also be used in incident response, scanning previous inbox activity to accelerate the detection of patient zero.

Phishing attacks often impersonate users or trusted brands, causing financial damage and eroding customer trust. Including email security measures in MDR services helps protect brand image and maintain customer confidence.

MDR services should also offer phishing simulation testing and security awareness training (SAT) to educate users about best practices and risks, especially hard-to-detect BEC and socially engineered attacks. By empowering employees, organizations can significantly reduce the likelihood of successful phishing attempts and strengthen overall security.

click rates before and after trainingData from the customer's IRONSCALES Simulation & Training Summary Dashboard

Email security and phishing protection should be key components of any MDR services. By addressing these aspects comprehensively, organizations can enhance overall security, protect sensitive data, and mitigate financial loss and reputational damage. Remember, email is still the primary attack vector, with 90% of attacks originating here. The right email security helps organizations as an early detection system, further augmenting detection capabilities.

Interested in adding IRONSCALES to your MDR service?

Check out eBook, "10 Things MSSPs Need in an Email Security Solution." Learn how to enhance your client relationships, improve customer loyalty, and strengthen your services portfolio with this critical offering. Download the eBook now and take the next step in your email security journey.


To learn more about how IRONSCALES can complement your Managed Detection & Response strategy, contact us.

Henrik Davidsson
Post by Henrik Davidsson
August 18, 2023