Orvis

IRONSCALES provides automatic email security technology to replace this retail company's legacy solution and put a stop to advanced phishing attacks.

Orvis logo
head

Challenges

  1. Orvis was using a legacy email security solution that was unable to spot sophisticated threats

  2. IT Teams were not staffed at individual stores, but rather relied on service providers to augment IT & security on the ground
head

Solution

  1. Orvis needed a more agile, intelligent email security solution that could put a stop to sophisticated threats in real-time

  2. This solution needed to offer automated capabilities to improve end-user security awareness
head

Results

  1. IRONSCALES automatically scanned 277,000 emails. 4,000 suspicious emails were identified and tied to 351 active phishing incidents.

  2. 92.3% of these emails were automatically remediated by IRONSCALES and the remaining were reviewed by SOC for remediation.

  3. IRONSCALES simulation and testing reduced phishing click-rate for Orvis significantly. They now outperform the industry average of 11% with 1.5% 

    (In a one-week period)

Company Intro

Orvis is a family-owned retailer, specializing in fly fishing gear, hunting equipment, sporting goods, and men’s and women’s clothing. Founded in 1856, the Vermont-headquartered business now has around a hundred stores across the US and UK, along with a major e-commerce presence. Joe Minieri is the Chief Information Security Officer (CISO) at Orvis and is responsible for cybersecurity as well as fraud and loss prevention.

The Problem

Phishing is still the number one threat vector for cyber-attacks and is present in 90% of breaches. In retail, the median click rate for malicious emails is said to be nearly 11%, giving attackers plenty of opportunities to hijack employees’ inboxes, steal corporate and customer data, and deploy ransomware. The challenge was amplified by the large number of new and temporary Orvis store employees that may not be on staff long enough to receive security awareness training. If just one of these workers falls for just one malicious email it could have serious repercussions for their employer. Orvis doesn’t deploy IT to individual stores and relies on service providers to augment IT & security on the ground. The key for the company was to reduce cyber risk by enhancing its email security capabilities. Prior to deploying IRONSCALES, Orvis used a legacy signature detection technology. The former solution did an adequate job of catching common threats but could not identify or stop advanced phishing attacks. 

The original solution also relied heavily on whitelist functionality to filter emails—a setup that meant many messages weren’t scanned at all before being allowed through. On the user awareness side, the original solution could only produce a generic warning banner indicating the email originated from outside the company. The early warning banners were ineffective, as employees simply started ignoring them over time. Orvis was therefore looking for a more agile, intelligent email security solution capable of detecting and stopping sophisticated threats in real-time while offering greater capabilities to improve end-user awareness of potential email threats.

As a retailer, we have a large number of locations far from the corporate HQ. The farther you are from the headquarters, the looser things can become from a cybersecurity perspective. Around October, these ‘looser’ environments double in size as we hire new people for the holiday season. I was looking to enhance our email threat detection capabilities while driving an improved user experience for staff.
Joe Minieri, CISO, The Orvis Company

Solution

Orvis began working with IRONSCALES at the start of 2021 following a proof-of-value test in November 2020. IRONSCALES’ AI-powered technology is designed to detect and remediate in real-time advanced email threats like BEC, credential harvesting, and account takeover. Also featured are dynamic warning banners which only notify users when there’s a potential threat—overcoming the challenge of banner fatigue. Deployment couldn’t have been simpler: the solution was put in place alongside the company’s previous email security product with no impact on IT or end users. After fine-tuning IRONSCALES to minimize spam without blocking legitimate mail, Minieri was delighted with the end result.

Alongside email protection comes IRONSCALES phishing simulation and training capabilities. Orvis has already begun testing staff with several simulation exercises, and couples this with awareness bulletins to reinforce lessons learned.

Get started with IRONSCALES

Connect with an IRONSCALES expert to learn how we can help protect and train your organization from cyber threats.

Outcomes

Since deploying IRONSCALES, Orvis has experienced improved ease of management, stronger threat protection (with extremely low false positive rates), and enhanced user awareness. Minieri can access notifications and manage email incidents with ease via an iPhone app while IRONSCALES automatically blocks and resolves over 90% of issues, providing simple-to-view threat data via an intuitive UI. Similar email threats, common with polymorphic phishing email attacks, are grouped together into an incident, making it easier for Orvis to clean up and manage them afterward.

Most importantly, IRONSCALES is blocking more malicious and spam emails than the previous solution, and Orvis has had no infected PCs in the past year. On the training side, users are responding positively to Minieri’s phishing simulations and follow-up emails. The click rate for phishing is now down to an impressive 1.5%.

We got to the end of deployment and were successfully detecting and quarantining malicious emails, I realized that we’d never even put any whitelisting in place. We don’t have any email that comes into the environment that hasn’t at least been inspected by IRONSCALES, which was one of the biggest things I wanted to do here. I’m very happy with it.
Joe Minieri, CISO, The Orvis Company

In One Week

277k

Inspected emails

4000

of those identified as suspicious

351

Active phishing incidents identified

Looking Ahead

Going forward, Orvis continues to tweak the IRONSCALES platform to further reduce the number of suspicious emails that must be manually checked by IT. The firm is also keen to plan more regular simulation exercises—to keep the threat of phishing at the forefront of employees’ minds.

IRONSCALES has definitely increased productivity and saved us time and money. Our end users are exposed to fewer malicious emails, so it is less likely that they will make a mistake. The phishing simulation and security awareness training equip that user to make the right decision if they do encounter a malicious email.

Joe Minieri, CISO, The Orvis Company

About IRONSCALES

Every day criminals launch billions of new phishing attacks. No company is immune. Legacy solutions can’t keep up & cloud providers struggle to stop advanced attacks with native controls. IRONSCALES’ powerfully simple email security solution helps you fight back fast and keeps your company safe in today’s cloud-first world. Incubated inside the world’s top venture program for cybersecurity and founded by alumni of the Israeli Defense Forces’ elite Intelligence Technology unit, we offer security professionals an AI-driven, self-learning email security platform that provides a comprehensive solution to proactively fight phishing attacks.

To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today.

Try Our Anti-Phishing Platform

Request a demo and a 14-day free trial to see the power of the IRONSCALES platform at work in your environment.