Security Awareness Training

IRONSCALES Security Awareness Training: Technical Review

Expert Insights’ technical review of IRONSCALES Security Awareness Training.

Article thumbnail image

Expert Insights Verdict – 4/5

IRONSCALES Security Awareness Training (SAT) is a strong phishing simulation and testing solution. It helps businesses lower their security risk by enabling more aware users to mitigate the risk of less aware users clicking on phishing links. The platform’s simulation features are very effective, but the training features leave certain functionality to be desired. To get the most out of IRONSCALES SAT, business should implement it alongside the IRONSCALES Email Security Platform.

  • Customizable, realistic phishing simulations
  • “Report phishing” button enables users to report simulations and genuine threats
  • Easy deployment within Microsoft 365

  • Lack of interaction opportunities within training modules
  • Lack of analytics around training completion

Request A Demo


IRONSCALES is a cybersecurity provider that specializes in identifying and remediating highly targeted threats such as spear-phishing, VIP impersonation, and account compromise across email and collaboration apps. The IRONSCALES platform comprises email security at the mailbox level and security awareness training.

IRONSCALES Security Awareness Training combines phishing simulation campaigns and awareness training content delivered by IRONSCALES and third-party providers, additional modules of which can be purchased as an add-on. Together, these features enable businesses to train their users to accurately identify and report email threats to accelerate remediation and avoid data breaches.


Key Features

Phishing Simulations

IRONSCALES Security Awareness Training offers a wide variety of phishing simulation templates. Templates are based on real-world examples of phishing that IRONSCALES analyzes each day. They are also fully customizable, enabling admins to tailor simulations to reflect specific threats their organization is facing.

IRONSCALES’ templates are available in 26 languages. When configuring the platform, you tell IRONSCALES which languages your company supports. Once you have done this, you are given the option to send phishing campaigns in those languages. In addition, admins can set up support for new languages and create their own templates.

The wide variety of languages supported means that IRONSCALES is capable of supporting larger enterprises that have offices globally. This also extends to the warning banners in IRONSCALES’ email security platform—you can read our full review of that platform here.

Admins can configure simulation campaigns to be sent to individual users, user groups or departments.

Users can report simulations via the platform’s “Report phishing” button, which sits within their email client. If a user fails a phishing simulation by opening a link, admins can assign them training to explain where they went wrong and how they can identify the threat next time.

When an organization is utilizing IRONSCALES for email security, the “Report phishing” button can also be used to report genuine phishing attempts. If a real threat is reported, IRONSCALES removes it from all their customers’ inboxes.

IRONSCALES' Phishing Simulation Dashboard
IRONSCALES’ Phishing Simulation Dashboard

Training Modules

IRONSCALES offers video-based training content on top of the phishing simulations. IRONSCALES and WIZER content is free for Email Protect and Complete Protect customers; content from NINJIO, Infosequre, Habitu8 and Cyber Maniacs must be purchased as an add-on for $1/user/month.

The bite-size videos cover a wide range of topics, but don’t include any quizzes, testing, or elements of user interaction.

If a user fails a simulation, admins can manually assign them training; it isn’t administered immediately or automatically. There’s also no way for admins to monitor whether a user has actually completed their training; admins can view simulation results via the reporting dashboard, but must follow up manually to ensure users complete assigned training.

IRONSCALES' Training Dashboard
IRONSCALES’ Training Dashboard

Reporting And Analytics

IRONSCALES offers in-built reporting functionality that enables admins to monitor how users are responding to simulations. However, this doesn’t include reports on training completion.

Ease Of Use

IRONSCALES was designed first and foremost as a tool for Outlook and, as such, can be deployed easily in a Microsoft 365 environment in circa 10 minutes. Deploying in Google Workspace is more difficult; the documentation and configurations are tricky to navigate, so setup takes approximately one hour. While IRONSCALES does offer a whitelist of domains that can be used to send simulations, the list isn’t regularly updated; this means some manual work is required to ensure simulations aren’t blocked by Microsoft Defender for Office 365.

Once deployed, admins can easily create and schedule simulations using IRONSCALES’ expansive template library, and users can respond to simulations using the intuitive “Report phishing” button. However, if a user reports an email as phishing, admins aren’t alerted; you have to log into the portal regularly to check what users are reporting.

Reporting functionality isn’t very sophisticated and requires manual effort from IT admins to ensure that users are completing their training.

Pricing And Plans

IRONSCALES Security Awareness Training is available via each of IRONSCALES’ three packages:

  • Starter includes phishing simulation testing at no cost (note: this does not include training content videos)
  • Email Protect (formerly Core Plus) includes the Starter package features plus business email compromise protection, ransomware and malware protection, credential theft prevention, and crowdsourced threat intelligence for $6/mailbox/month
  • Complete Protect includes the Email Protect package features plus account takeover detection and response, Microsoft Teams protection, and added training functionality for $8.33/mailbox/month

These prices are based on businesses with under 500 mailboxes. IRONSCALES offers volume discounts for larger organizations, and special pricing for education and government institutions, which can be found on their website.

Best Suited For

IRONSCALES’ “Report phishing” button enables organizations to reduce their human security risk by training more aware users to report genuinely suspicious emails as well as simulations. Effectively, it trains these users to remediate threats that might go undetected by those who are less aware.

Because of this, we recommend IRONSCALES to organizations looking to deploy phishing simulations as part of a broader email security and threat remediation platform, with more focus on training users to respond to threats. It is not well suited to organizations that want to provide more general security awareness training content, or gain insights into the level of training across the company.

Final Verdict

IRONSCALES Security Awareness Training helps lower overall security risk by enabling more aware users to mitigate the risk of less aware users clicking on phishing links. The simulation aspect of the solution is strong and highly effective, but the training aspect needs some polishing, i.e., reporting on training completion, and some element of interaction to keep users engaged.

IRONSCALES Security Awareness Training is a strong phishing simulation and testing solution, and organizations of any size looking to set up simulated phishing campaigns should consider shortlisting IRONSCALES. However, to truly get the most out of the SAT solution—including accessing additional training modules and the remediation of reported phishing threats—business should also implement IRONSCALES’ Email Security Platform.

Request A Demo