Email Security

IRONSCALES: A Comprehensive Deep Dive

IRONSCALES is a market leading email phishing protection solution. Is it the right fit for your organization?

Ironscales Overview


IRONSCALES is a market-leading email security service that provides a range of different solutions for the biggest email challenges facing organizations at the moment. IRONSCALES utilizes a combination of cutting edge machine learning technology, real-time anti-virus engines and human detection to provide comprehensive protection against email threats.

IRONSCALES protects organizations from advanced email threats, such as phishing, spear-phishing and business email compromise. IRONSCALES are popular with mid-sized and enterprise customers, who need to protect their financial assets and sensitive business data, as well as their employees from threats.

The core functionality of IRONSCALES is focussed around protecting the mailbox of the end user. This involves a variety of functionality that gives admins the ability to remove threats from within end user inboxes, and train users to identify and block phishing attacks.

What does IRONSCALES do?

IRONSCALES blocks phishing, business email compromise and spear-phishing attacks. It contains multiple technologies that protect users from harmful emails, and insider email threats.

IRONSCALES sits behind a traditional secure email gateway (SEG) or the inbuilt filters in Office 365 / Google Workspace and scans emails that reach the users mailbox. As IRONSCALES is operating within the mailbox, it is able to scan emails sent within an organization as well as emails that have made it past the SEG, Office 365 or G-Suite.

The first layer of IRONSCALES’ threat protection uses multiple AV and sandboxing engines to identify emails that contain malicious links and attachments. IRONSCALES also uses machine learning to identify compromised accounts, by learning the usual habits of a user to identify anomalies that suggest an account has been compromised. If an email contains a malicious link – or if the sending account is compromised – IRONSCALES is able to automatically delete the email from the user’s inbox.

IRONSCALES also provides protection against harmful emails that have already been delivered to users. Their algorithms identify similarities across phishing emails and flag up emails with similar attributes. According to admin policies, IRONSCALES can then remove theses emails from inboxes, or display a warning to users that the email is suspected of being a phishing attack.

Banner inserted in the end users email alerting them to an unknown sender.
Banner warning the end user that the email is from a potentially spoofed email address.

IRONSCALES also gives users the ability to report phishing emails from a button directly within their email client. If an email is reported as being a phishing attack by one of your users, the email can be automatically quarantined, using IRONSCALES’ automated response technology. This takes the amount of time needed to remediate against phishing attacks from hours to seconds.

How does IRONSCALES Work?

IRONSCALES is made up of six different modules that help businesses to orchestrate, remediate and detect phishing attacks. Here is a brief rundown of this modules:


AI-Powered Incident Response

Uses AI to identify email senders in real time, preventing email spoofing, impersonation and BeC attacks. Automatically checks employee inboxes to detect anomalies with unique fingerprinting technologies. Helps employees to recognize and report phishing with unique fingerprint technology.

Threat Intelligence: Cloud-based email protection that protects organizations from zero-day malware and phishing websites by utilizing multiple anti-virus and sandboxing engines.

Themis: Prevents email spoofing and impersonation attacks by using machine learning to learn user patterns. This allows it to identify anomalies, and block emails sent by compromised accounts

Impersonation Protection: Implements a ‘report-phish’ banner on emails and allows organizations rapid remediation against business email compromise attacks by detecting anomalies in email meta-data and removing suspicious messages.

IRONSCALES Community: Combines IRONSCALES’ machine learning algorithms and threat intelligence with human reports of suspicious emails across their entire network to provide protection against threat.

Phishing Simulation and Training Premium: Security awareness training and phishing simulation to help users recognize, identify and report suspicious emails.

What are the benefits of IRONSCALES?

Report Emails From Within Your Inbox

IRONSCALES provides multiple ways to protect your users from threats. IRONSCALES places warning banners on email, which means users are far less likely to click on malicious URLs, or reply to a malicious email. IRONSCALES allows admins to respond much faster to phishing emails within their organization, as they are able to remove emails after they are delivered with just the click of a button.

Users are able to directly report potential phishing emails from their desktop or mobile email client.

IRONSCALES utilizes anti-virus, sandboxing, machine learning and AI algorithms to help block malicious email being delivered, identify when emails are malicious even when they have never been seen before. This helps to protect users from attack, and helps to stop insider threats, which can be very difficult to stop normally.

Train Users

Alongside their machine learning algorithm, IRONSCALES provides a comprehensive Security Awareness Training solution. Admins can set up simulated phishing email campaigns that test users’ ability to spot when an email doesn’t look right.

Admins can fully customize simulated phishing emails and set each individual user a score for security awareness training which determines the difficulty level of the simulated phishing emails they receive. This score can also be applied to phishing detection so that when a highly trained user reports an email as malicious, it is automatically removed from user inboxes.

IRONSCALES also provide engaging training materials which help users to learn more about cyber threats, and help them to take better steps to protect their data online. This includes videos, quizzes and presentations that provide users with an easy way to learn about security risks and how to solve them.

Easy to use service, that works on all devices

IRONSCALES provides admins with a single, easy to manage dashboard, from where they can view all users, see reports on email threats, remove phishing messages and begin security awareness training.

From this dashboard, users can be individually managed and granular policies can be set. It even allows you to see IRONSCALES’ different anti-virus engines work in real-time, to provide you with strong threat analysis.

It’s easy to onboard users to IRONSCALES, with Office 365, G-Suite, or Exchange integration which means that all your users are automatically integrated and added to the platform.

For end-users, warning banners appear on every email that may be suspicious, regardless of the device or email client they use. Users can easily report emails as phishing attacks with a simple button displayed in their email application, which allows them to help protect themselves and the wider organization.


IRONSCALES “Complete Package” is a bundle of its six modules which creates a comprehensive security package for organizations.

Their platform is competitively priced, with per user, per month pricing ranging from $4.50 to $7.00 depending on the organization size and which modules are selected. Discounts are available for not-for-profit and educational organizations. We can provide bespoke pricing for IRONSCALES.


Stopping Phishing Attacks

Phishing attacks can be very damaging for businesses, and they are extremely hard for security technologies to stop. IRONSCALES uses multiple anti-virus and URL sandboxing technologies to block emails containing malicious links to malicious webpages, or containing malicious attachments.

However, many phishing emails don’t contain any malicious links or attachments. Instead, they attempt to trick users to giving up passwords or account information. These emails are often successful, but can be completely missed by email security systems because they don’t actually contain any tangible malware or viruses.

IRONSCALES tackles these emails by using a mixture of machine learning and artificial intelligence algorithms and human detection of threats. Using these technologies, IRONSCALES can look at factors such as the time an email was sent, email contents, location of the sender and more, to make a determination as to whether the email is genuine, or a phishing attempt. If they suspect the email is phishing, a warning is displayed to users, or according to admin policy, the email can be removed entirely.

Users themselves also have the ability to report phishing emails from directly within their inbox, which then puts a warning on the email for anyone else who has received it. Admins can also choose to automatically quarantine any emails reported by users. This helps to remediate against phishing attacks in seconds, rather than admins needing to investigate emails and remove them manually from email inbox.

Security Awareness Training

Testing and training employees on their ability to spot phishing attack is an important step for businesses to improve their overall security posture. Phishing attacks target the human weaknesses within organizations, so businesses need to make sure that they’re employees know about the threats, how to stop them, and what steps to take to report them. In addition, many businesses are required by legal and industry regulations to train employees on security issues.

IRONSCALES provides a full security awareness training platform. Admins can set up simulated phishing emails from a library of templates, with the ability to fully customize them if needed. Admins can select which users, groups or departments will receive the different simulated phishing emails, and how often they will receive them. This can be set on the users’ level of training, which is unique to every user on the platform.

If a user fails the test and clicks the link in a simulated phishing emails, this is displayed in the analytics suite, which gives admins full visibility into the performance of each user and group. Admins can customize the message given when a user passes or fails the simulating phishing tests, so users know how they are doing in terms of security awareness.

End users can also access engaging training material like videos, quizzes and documents that help to train them on how to better spot attacks.

IRONSCALES offer 3rd party training content from Ninjio, Habitu8, CyberManiacs and Infosequre.

Expert Insights on IRONSCALES

IRONSCALES’ advanced email protection service IronSights is a strong solution for email security within the email inbox. The powerful machine learning algorithms accurately detect and contain phishing attempts. This is a powerful platform for blocking business email compromise attacks. The platform works on Gmail and O365, with easy cloud based or on-premise deployment. This is an ideal platform for automating phishing protection, with machine learning quarantining emails without any IT management necessary.

IRONSCALES also offers a range of reports and analytics into email flow and security threats. They generate advanced mapping of trusted external and internal senders to help improve the overall security of an organisation. IRONSCALES is a market leading solution for customers looking for powerful phishing protection.