A sneaky security threat called email “phishing” has emerged that aims to trick people into doing things like handing over private credentials, unknowingly make improper financial transactions, or hold their machine hostage until a ransom is paid to the attackers. According to the Third Microsoft Computing Safer Index Report, released in February 2014, the annual impact of phishing could be as high as $5 billion worldwide.
An innovative Israeli startup called IRONSCALES has set out to provide corporations with several state of the art solutions to deal with this rapidly growing global epidemic. “IRONSCALES combines human intelligence with machine learning to deliver an unprecedented level of efficacy in preventing phishing attacks from ever reaching their intended target, including those in the C-suite,” said Eyal Benishti, IRONSCALES CEO & Founder.
We’ve all received emails telling us that we need to log into a popular social media site or financial institution to update our username and password. If we were lucky, we recognized the email as a fake, often due to something just not looking quite right. However, in the last year especially, many of these email attacks have become more targeted and visually refined, often personalized for specific high-ranking people in the organization, resulting in financial losses and reputation damage.
Since these emails are so hard to spot, wouldn’t it be great if employees had a personal security advisor (VIDEO) who tirelessly looked over their computer’s shoulder to make sure that received email was legitimate, safe to open and work with? One that warned of likely malicious or criminal intent keeping you and the company safe and out of trouble?
Sitting down at the recent RSA Conference with some of the IRONSCALES founders (alumni of the Israel Defense Forces’ elite Intelligence Technology unit) to discuss the problem and their unique solutions, we learned that the traditional perimeter defenses most organizations put in place are simply not adequate.
To be sure, anti-spam and anti-virus technology can help block some simple phishing attacks. Secure web gateways and URL filtering solutions can cut down on users visiting fake bank pages and login screens. And to the extent emails contain malicious payloads, malware, and the like, secure email gateways and sandboxing solutions can cut down on potential damage. But at the end of the day, phishing attempts get through, leaving your employees to fend for themselves.
“We’re looking to both protect and educate, “said Benishti. “We educate the employees and the security analysts, and then leverage the threat findings to further protect other IRONSCALES customers. It’s a bit of crowd-sourcing applied to phishing.”
IRONSCALES constantly looks under the covers at the raw email traffic, seeing and analyzing what employees cannot. It leverages machine learning to analyze the environment and employee email habits, learning to tell the difference between normal employee work activity and never-before-seen invitations to wreak havoc. By doing so, IRONSCALES is able to effectively warn employees of threats, offering a recommended course of action that allows them to become part of the solution. This contextual on-the-fly awareness allows for automated response, avoiding the need for security analysts to clean up the mess after the fact, thereby reducing the time from attack to remediation from weeks to seconds. And, as an added bonus, your employees get consistent and regular security education to make them more aware, thus reducing attack surface.
IRONSCALES multi-layered solutions give organizations the upper hand when it comes to email phishing:
- To help evaluate and train your employees, IRONSCALES offers a series of staged, real-world phishing attacks to judge their individual level of awareness towards malware, ransomware, social engineering, spear phishing, spoofing, smishing and more.
- IronShield is the first and only anti-impersonation email security tool to proactively combat CEO fraud and spoofing. It validates sender reputation and authenticity, while also assessing behavioral patterns to identify anomalies in communications.
- IronTraps™ is an automatic phishing email incident response module that empowers employees to seamlessly report attacks in real-time with the click of a button, triggering an immediate enterprise-wide remediation response that significantly reduces the time malicious emails lie idle in employee's inboxes.
- Last, the Federation module allows email phishing cyber attack event information to be automatically and anonymously shared, creating a secure umbrella for the companies under IRONSCALES’ protection.
This year’s RSA Conference showcased numerous vendors focused on the phishing problem. The shear number of them only serves to illustrate what a pressing problem this has become. IRONSCALES has boldly undertaken not only the task of protecting organizations from phishing but also dramatically reducing the time needed to remediate such issues, and educating end users to boot. Maybe there really are security angels.
About Eyal Benishti
Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises. Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the information security domain.