IRONSCALES offers an advanced phishing threat protection platform broken into three sections. It seamlessly integrates with G-Suite and Microsoft Office 365 environments for organizations looking to bolster anti-phishing and email security as well as protect on-premises environments. It can cluster polymorphic attacks and remediate them based on the attack itself, not just the sender.

IronShield automates malicious URL and attachment detection and remediation on all inbound emails using external trusted sources with various sandboxing capabilities. If a suspicious email is identified, it is sent to a third-party. If it comes back as malicious, it is blocked, and the response is automated. Phishing Mitigation displays a high-level breakdown of how many incidents were discovered, how many of those were marked as phishing, and how many emails have been remediated. It also shows a breakdown of impersonation attempts, phishing attacks, false positives and spam.

IronSights is the business email compromise protection component against new unknowns, impersonation attempts and more. If there are no signatures to match, it looks for imitation attempts and domain look-a-likes. If the scanner detects an email as suspicious but is not certain, it flags it. This helps mitigate false positives. To that end, it uses metadata and user’s habits to build a behavioral profile for baseline reference to flag anomalous behaviors. Sender fingerprinting technology considers implementation level of DMARC/SPF/DKIM, sending IPs, normal communication context, and other metadata to build a unique fingerprint for each sender. Any deviation from the norm will be detected immediately and flagged inside the mailbox through InMail banner alerts. 

Instead of having to forward an email to a security team or open a help ticket, users can consistently report emails with the click of a button. No installation is required. It is pushed from Office 365 to all versions of Outlook. Mobile compatible, it has the same banner features and reporting button. This is currently available for native applications with Android.At the time this review was written, iOS was in development.

IronTraps initiates a workflow of events that essentially does auto-triage with Themis, an AI-driven, virtual security analyst. Machine learning algorithms learned how analysts react to different types of threats, and Themis gives a confidence level to the incident level classification and prioritizes any reported incidents. This prioritization is based on things like how many people reported an incident, number of mailboxes affected, and if it included links and attachments. The goal is to automate and offload as many tasks as possible from the security team’s workload. This allows them to free up time to work on tasks that can’t be automated, so bubbling up highest risk incidents allows security teams to respond as quickly as possible. Users can set a confidence threshold to automate remediation when an attack is identified, or is above a certain confidence level.

Federation is a global, real-time threat intelligence surface shared among organizations that closes on campaigns faster than scanners by sharing of verdicts in realtime.

Multilingual banners are supported and fully customizable. Pricing starts at $3 per month, per mailbox for the full suite.

Tested by Matthew McMurrayk