Email Security

How Security Inside The Inbox Can Stop Business Email Compromise

Expert Insights speaks to Adam Hofeler, from IRONSCALES, about how their powerful post-delivery protection can stop email threats.

Interview With Adam Hofeler Of Ironscales - Expert Insights

The number one threat coming from email communications today is phishing attacks. Sophisticated phishing attacks are difficult to spot and can cause big ramifications to businesses.

An emerging new email security system that aims to stop these advanced phishing attempts is post-delivery protection. One of the key vendors leading in this space is IRONSCALES.

They offer powerful AI powered systems that can understand email communications within the inbox. This allows them to spot phishing attacks based on contextual data, greatly improving the security of an organisation.

Expert Insights spoke to Adam Hofeler, Senior Vice President for World Wide Sales and Brian Cesca, Director of Sales in the mid-Atlantic, to talk about how the IRONSCALES platform can stop damaging email threats such as business email compromise.

What is the IRONSCALES platform and how does it help customers to secure their emails?

 IRONSCALES is a unique platform in which you get some unique differentiators as we’re implemented at the mailbox level. So that just allows us to see and do more than others in the email security industry  today.

One of our main goals and objectives is to notify our end users what a bad or malicious email looks like. You need more than just training and awareness to do that so we give them some help with the augmented machine intelligence in the form of banner alerts.

Then, maybe more importantly than that, our true value is helping the security teams to remediate and make quick decisions on emails that get inside the inbox that might be malicious. We give them tools and assets and information that’s taking place in the globe today to help them make a quick resolution and protect their environments.

What type of customers are using this type of email security? Is it fair to say it’s a bit more advanced than the traditional gateway approach to email security?

Our customers range from relatively small hundred user organizations up to over 100,000 users. We focus on Office 365, G-suite and on-premise Exchange. We map very, very easily to those.

Unfortunately, email security is a necessary evil in all markets, so from a verticalization perspective we can kind of cover the gamut. But, you see a lot in the healthcare and financial services and governments. In those areas email threats are very prevalent.

Our platform is inherently more advanced as it was born out of the need that the gateway approach would solve around 95% of all phishing attacks but the more advanced and devastating attacks were being missed and this is where we come into play, once they email has already landed on the inbox.

What are the most common email threats organizations are coming to IRONSCALES for help with?

Today it really helps with Business Email Compromise (BEC). We see a lot of impersonation attempts, which why try to give some understanding of to the end users. This means that when an email comes in, and we don’t think it’s from who it says it is, we give them the awareness to make sure that they recognize it as such.

Today the bad guys are getting really, really good at what they do, with social engineering. They send emails that might not be malicious at first. But we notify our end users that something might be off. That’s the first line of defence that we give to end users. That’s what makes us different or unique. If we see the email is malicious, we give users the ability to remove those email with one click, regardless of who else may have received it.

Are businesses of all sizes experiencing Business Email Compromise as their biggest issue?

Yeah at the moment that really is the biggest issue. We see it a lot, more and more. In almost all of our accounts it’s a topic or conversation that they need help with. You can train people so well, and that’s part of our platform. We believe wholeheartedly in Security Awareness Training.

Hackers understand that there’s a security layer stopping them getting into an email mailbox. They know that and they’re getting very smart about how they get in, and then what they do once they are in. What we see is email being weaponized at a later time, because hackers don’t think anyone is monitoring internal emails. But we have the ability to see that and remove it and help those organisations. That’s another one of our key differentiators.

Are those issues the same all over the world?

Yes absolutely. Whether I’m having conversations with Asian customers, UK customers, USA customers, it’s the same. I’d love to say the challenges are different all over, but they’re not. We see it on a global scale.

Now, there are some industries that have deeper issues, based on the data that they carry, or their customer base, or their attack surface being a little bit larger. But from an issue perspective, globally it’s the same.

So, I’m an end user and I’ve received a malicious phishing email, how does the platform help me?

Right away, if it’s bad or malicious it would be removed, automatically. You probably wouldn’t even see it, but it’s all customizable in that regard. But as I’ve mentioned, the social engineering aspect means that hackers are being smart, and there’s nothing technically malicious about the emails coming in. So, we insert a customisable banner that tells the end user, look, this might not be who you think it is, please proceed with caution. But, yes, if we have seen a bad email before we give security teams the tools that they need so they can remove it automatically.

If a customer is using Office 365 and the are having a problem with Business Email Compromise, should they just be using IRONSCALES, or do they need multiple layers of security?

We don’t classify ourselves as a spam filter first and formost so we do tell the end user to leverage the inbuilt filter on the O365 product. It does a pretty good job at spam filtering, but then businesses needs us for end to end security for advanced threats.

We’ve been used in the past as a replacement for Microsoft’s Advanced Threat Protection, and sometimes we’ve complimented it. It really depends on the account and the level of security needed.

What kind of reports and visibility do businesses get over this process?

Admins can set up and craft reports, whether it’s a 24 hour report or a different time frame, to see what’s happening in their environment right now. They can easily assess to see the top targets, which departments are seeing the most attacks and maybe more importantly what types of attacks that they are getting.

What’s the learning period from implementation to the platform being up and running with full effectiveness?

It’s very easy to implement. It takes literally thirty minutes and while it deploys, we show customers how to use the dashboard and set up customisation. Within just a week or two it’s fully understanding and is learning user behaviour.

Looking towards the future, what do you see as the next line of threats that businesses will need IRONSCALES to solve?

We’re always building features and functionality to help prevent what we believe will be there, the next piece. I can’t say too much, but we’re always innovating and looking to the customers to see what challenges they’re facing. We’re nimble enough to make adjustments and enhancements to what we already have today to get ahead of things that might happen, that we might start to see more of. Every day we see something new and if they have success it’s going to continue down that path.

We’ve spoken to a few other vendors offering similar features. How is the IRONSCALES platform better than platforms like Avanan, Agari and Vade Secure?

Our systems are always learning. That’s the beauty and the power of our systems. That puts us ahead with what we’re doing on behavioural analysis and AI and machine learning.  That’s the beauty of IRONSCALES. We’re always learning and crowdsourcing from other areas and other people to make the system that much bigger, stronger, faster.

Our behaviour analysis is also one of our key differentiators. We sit at the mailbox, we learn and understand each other’s behaviours and how it fits. So when an email comes into the mailbox, we can tell if it’s suspicious and remove it, or let the end user know that they should proceed with caution.

What do customers like best about the IRONSCALES platform?

The first thing we hear feedback from is how easy it is to implement. It’s very, very easy to install, with a two click implementation, no MX record changes, there’s no downtime.

The other thing is that customers love the clean look of the dashboard. We have reporting that shows them what’s taking place in their environment with live data. That’s super important to customer.

So those are probably the two things, the implementation and then our dashboard and the ease of use.

Do you see these new AI powered technologies as representing the future of the email security market?

 Absolutely yeah. The gateway level used to be where we’d start our perimeter, we’d have the network and gateway controls, a lot of them signature based. Now it comes into the inbox, so you need to be protected at the inbox level. I think that trend will definitely continue, so more and more security players will probably get into it.

We’re well positioned to stop these inbox level threats because we’re about six years ahead of anyone else and we have more data and information than anyone today. And the platform is constantly learning.