REVIEW

IRONSCALES Security Awareness Training

Expert Insights’ review of the IRONSCALES Security Awareness Training and simulation platform.

Editor's Score
4/5

By Craig MacAlpine
Updated May 1, 2024

IRONSCALES Logo

Expert Insights Verdict

4/5

IRONSCALES Security Awareness Training (SAT) is a strong phishing simulation and testing solution. It helps businesses lower their security risk by enabling more aware users to mitigate the risk of less aware users clicking on phishing links. The platform’s simulation features are very effective, but the training features leave certain functionality to be desired. To get the most out of IRONSCALES SAT, business should implement it alongside the IRONSCALES Email Security Platform.


Pros
  • Customizable, realistic phishing simulations
  • “Report phishing” button enables users to report simulations and genuine threats
  • Easy deployment within Microsoft 365

Cons
  • Lack of interaction opportunities within training modules
  • Lack of analytics around training completion

Overview

IRONSCALES is a cybersecurity provider that specializes in identifying and remediating highly targeted threats such as spear-phishing, VIP impersonation, and account compromise across email and collaboration apps. The IRONSCALES platform comprises email security at the mailbox level and security awareness training.

IRONSCALES Security Awareness Training combines phishing simulation campaigns and awareness training content delivered by IRONSCALES and third-party providers, additional modules of which can be purchased as an add-on. Together, these features enable businesses to train their users to accurately identify and report email threats to accelerate remediation and avoid data breaches.

IRONSCALES Dashboard

IRONSCALES Dashboard

Key Features

Phishing Simulations

IRONSCALES Security Awareness Training offers a wide variety of phishing simulation templates. Templates are based on real-world examples of phishing that IRONSCALES analyzes each day. They are also fully customizable, enabling admins to tailor simulations to reflect specific threats their organization is facing.

IRONSCALES’ templates are available in 26 languages. When configuring the platform, you tell IRONSCALES which languages your company supports. Once you have done this, you are given the option to send phishing campaigns in those languages. In addition, admins can set up support for new languages and create their own templates.

The wide variety of languages supported means that IRONSCALES is capable of supporting larger enterprises that have offices globally. This also extends to the warning banners in IRONSCALES’ email security platform—you can read our full review of that platform here.

Admins can configure simulation campaigns to be sent to individual users, user groups or departments.

Users can report simulations via the platform’s “Report phishing” button, which sits within their email client. If a user fails a phishing simulation by opening a link, admins can assign them training to explain where they went wrong and how they can identify the threat next time.

When an organization is utilizing IRONSCALES for email security, the “Report phishing” button can also be used to report genuine phishing attempts. If a real threat is reported, IRONSCALES removes it from all their customers’ inboxes.

IRONSCALES' Phishing Simulation Dashboard

IRONSCALES' Phishing Simulation Dashboard

Training Modules

IRONSCALES offers video-based training content on top of the phishing simulations. IRONSCALES and WIZER content is free for Email Protect and Complete Protect customers; content from NINJIO, Infosequre, Habitu8 and Cyber Maniacs must be purchased as an add-on for $1/user/month.

The bite-size videos cover a wide range of topics, but don’t include any quizzes, testing, or elements of user interaction.

If a user fails a simulation, admins can manually assign them training; it isn’t administered immediately or automatically. There’s also no way for admins to monitor whether a user has actually completed their training; admins can view simulation results via the reporting dashboard, but must follow up manually to ensure users complete assigned training.

IRONSCALES' Training Dashboard

IRONSCALES' Training Dashboard

Reporting And Analytics

IRONSCALES offers in-built reporting functionality that enables admins to monitor how users are responding to simulations. However, this doesn’t include reports on training completion.

Ease Of Use

IRONSCALES was designed first and foremost as a tool for Outlook and, as such, can be deployed easily in a Microsoft 365 environment in circa 10 minutes. Deploying in Google Workspace is more difficult; the documentation and configurations are tricky to navigate, so setup takes approximately one hour. While IRONSCALES does offer a whitelist of domains that can be used to send simulations, the list isn’t regularly updated; this means some manual work is required to ensure simulations aren’t blocked by Microsoft Defender for Office 365.

Once deployed, admins can easily create and schedule simulations using IRONSCALES’ expansive template library, and users can respond to simulations using the intuitive “Report phishing” button. However, if a user reports an email as phishing, admins aren’t alerted; you have to log into the portal regularly to check what users are reporting.

Reporting functionality isn’t very sophisticated and requires manual effort from IT admins to ensure that users are completing their training.

Pricing And Plans

IRONSCALES Security Awareness Training is available via each of IRONSCALES’ three packages:

  • Starter includes phishing simulation testing at no cost (note: this does not include training content videos)
  • Email Protect (formerly Core Plus) includes the Starter package features plus business email compromise protection, ransomware and malware protection, credential theft prevention, and crowdsourced threat intelligence for $6/mailbox/month
  • Complete Protect includes the Email Protect package features plus account takeover detection and response, Microsoft Teams protection, and added training functionality for $8.33/mailbox/month

These prices are based on businesses with under 500 mailboxes. IRONSCALES offers volume discounts for larger organizations, and special pricing for education and government institutions, which can be found on their website.

Best Suited For

IRONSCALES’ “Report phishing” button enables organizations to reduce their human security risk by training more aware users to report genuinely suspicious emails as well as simulations. Effectively, it trains these users to remediate threats that might go undetected by those who are less aware.

Because of this, we recommend IRONSCALES to organizations looking to deploy phishing simulations as part of a broader email security and threat remediation platform, with more focus on training users to respond to threats. It is not well suited to organizations that want to provide more general security awareness training content, or gain insights into the level of training across the company.

Final Verdict

IRONSCALES Security Awareness Training helps lower overall security risk by enabling more aware users to mitigate the risk of less aware users clicking on phishing links. The simulation aspect of the solution is strong and highly effective, but the training aspect needs some polishing, i.e., reporting on training completion, and some element of interaction to keep users engaged.

IRONSCALES Security Awareness Training is a strong phishing simulation and testing solution, and organizations of any size looking to set up simulated phishing campaigns should consider shortlisting IRONSCALES. However, to truly get the most out of the SAT solution—including accessing additional training modules and the remediation of reported phishing threats—business should also implement IRONSCALES’ Email Security Platform.


CEO and Founder, Expert Insights

Craig MacAlpine is CEO and founder of Expert Insights. Before founding Expert Insights in August 2018, Craig spent 10 years as CEO of EPA cloud, an email security provider acquired by Ziff Davies, formerly J2Global (NASQAQ: ZD) in 2013, which has now been rebranded as VIPRE Email Security. Craig has extensive experience in the email security industry, with 20+ years of experience helping organizations to stay secure with innovative information security and cyber security solutions. Craig delivers these insights to readers with detailed product reviews, comparisons and buyers’ guides.

Company Information
Category Icon
Category

Security Awareness Training

Website Icon
Website

ironscales.com

Founded Icon
Founded

2013

Headquartered Icon
Headquartered

Tel Aviv, Hasharon

Deployment Icon
Deployment

Cloud

Suitable Icon
Suitable

SMBs, MSPs

IRONSCALES Security Awareness Training Awards
Product Award Product Award Product Award
IRONSCALES Security Awareness Training Interviews
Eyal Benishti
CEO And Founder, IRONSCALES
Read Here
Adam Hofeler
VP, Sales, IRONSCALES
Read Here