On the Radar: IronScales offers anti-phishing defense suite

Transcription

1 On the Radar: IronScales offers anti-phishing defense suite Awareness training, automated forensics, remediation, intelligence sharing, and anomaly detection

2 Summary Catalyst IronScales offers a suite of phishing defense technologies, including an awareness training platform, forensics, remediation, intelligence sharing, and anomaly detection at the level of individual mailboxes. Key messages IronScales offers a quick and easy deployment for Office365 in the cloud, on premises, or hybrid, with no MX records changes required. Unlike gateway products, IronScales monitors behavior at the mailbox level, looking for anomalies in communication habits by using machine learning coupled with user feedback. IronScales is designed to empower employees with tools to report s that bypass detection. It provides small or overburdened security teams with automated forensics and incident response. It automatically shares zero-day, human-verified, phishing attacks in real time across companies. Ovum view Phishing continues to be the primary delivery mechanism for malware, while social engineering has made it easier to gather information on key employees and launch file-less attacks, all of which bodes well for the take-up of IronScales technology. On the Radar: IronScales offers anti-phishing defense suite 3

3 Recommendations for enterprises Why put IronScales on your radar? Other companies that started in phishing-awareness training are also looking to expand their offerings, but none has gone as far as IronScales. The combination of a cloud-based back end and the fact that it is developing an MSSP route to market promises to expand its target audience still further. Highlights IronScales currently has four modules that deploy on a common underlying platform. These modules are IronSchool, IronTraps, Federation, and IronSights. IronSchool is a training module designed to raise end users awareness of phishing attacks and methodologies and the need to report phishing attacks to their IT/security departments. IronTraps, which launched in 2015, is an automated forensics and response module that streamlines processes, from user reporting to company-wide remediation, reducing response times and the manual labor involved in response. It does this by automatically analyzing, detecting, and removing malicious s that have landed in a user s inbox. It performs full mailbox scans and claws back the offending within seconds of it landing in an inbox (the average time to a first user opening a phishing is 82 seconds). If such an has been seen before by IronScales anywhere in its customer base or has been reported by another employee on the customer s staff, it will be automatically analyzed and remediated if found malicious. Remediation can be automated or manual in accordance with the customer s preference, though the company is at pains to emphasize that it does not perform traditional blocking, but instead rapid automated clawback before users can click on an . On the Radar: IronScales offers anti-phishing defense suite 4

4 Federation, which launched in 2016, is an ecosystem for sharing phishing intelligence, based on a real-time database of verified phishing s contributed by analysts of IronScales customers who sign up to the service. IronSights, the most recent addition to the portfolio, was launched in 2017, and is a product that performs anomaly detection on the individual mailbox rather than at a gateway. It does this by profiling every mailbox it is protecting, looking at activity going back a year, and applying algorithms to benchmark what constitutes normal behavior for that user. It then provides alerts when it detects anomalies that might indicate so-called business compromise (BEC). This can entail, for instance, flagging attempts to impersonate a company officer in an to the finance department ordering a fund transfer. For the malware analysis in IronTraps, the company partners with a series of security vendors, including Check Point and Opswat, to which a file can be forwarded for further investigation. IronScales also creates an intrusion signature that can be forwarded to any of the most widely used security incident and event management (SIEM) products. IronScales stresses that its approach to phishing protection does not entail changes to MX records in the domain name system (DNS), and does not involve the rerouting of traffic. It believes that these are clear advantages over the more resource-heavy gateway products widely used today. It also sees as a differentiator for its technology its ability to detect polymorphic attacks, thanks to its smart clustering of anomalies based on its machine learning algorithms. On the Radar: IronScales offers anti-phishing defense suite 5

5 Background IronScales was founded in 2014 by CEO Eyal Benishti, who was previously a security researcher and malware analyst at Radware. Before that he was Java tech lead at Imperva. The company s VP of research is Lomy Ovadia, whose previous posts include Java team lead at Nielsen company exalate and SMP at Allot Communications. The first product launched by the company provided phishing training, but the company saw the need to expand its offerings, and has added new modules. It now offers anomaly detection at the mailbox level, an intelligence-sharing mechanism, and a forensics and response module. Three of the modules are deployed on a common platform to ease upsell, while intelligence sharing is an information source only with no functionality required on the platform. IronScales has raised $8m in two funding rounds, most recently announcing a Series A worth $6.5m in December 2017, led by Los Angeles-based VC K1 Capital. On the Radar: IronScales offers anti-phishing defense suite 6

6 Current position IronScales has more than 100 customers in the midsize and large enterprise categories. It also works through MSSPs to reach SMEs, as well as using a mixed one- and two-tier channel model, depending on the geography. It groups its four modules into four distinct sales packages. Reporter, which consists of the Ironschool product with a phishing reporting button on the end user s device. Remediator, consisting of IronSchool and IronTraps. Collaborator, which includes IronSchool, IronTraps, and Federation. Disruptor, which comprises the entire suite of IronScales products. Charging is a license per mailbox protected by the technology, with volume discounts as the number of mailboxes increases. IronScales says it typically targets companies with more than 1,000 mailboxes, but it has already gone up to enterprises with tens of thousands and down to companies below the 1,000 threshold. Since early 2017 the company has also been developing relationships with MSSPs to reach a larger target market. The IronScales technology is essentially cloud-based, whether it be monitoring Office 365, the G Suite, or an on-premises device such as an Exchange server. There is no software deployed to endpoints beyond the reporting button for IronTraps and IronSights customers. This button will also be offered in a cloud version later this year. In terms of its competitive environment, IronScales says platforms that provide phishing awareness training such as PhishMe, Wombat, and KnowBe4, and Security providers such as ProofPoint and Mimecast are competitors but argues that they only address part of the issue. On the Radar: IronScales offers anti-phishing defense suite 7

7 Data sheet Key facts Product name Ironscales Product classification Anti-phishing threat protection Version number n/a Release date 2014 Industries covered Healthcare, government, utilities, banking/finance, retail, manufacturing. Fortune 500. Geographies covered Americas, EMEA, Asia, Asia-Pacific Relevant company sizes Midsize and enterprise Licensing options Packages; volume-based pricing URL Routes to market Channel 80%, direct 20% Company headquarters Tel Aviv, Israel Number of employees 30 Source: Ovum On the Radar: IronScales offers anti-phishing defense suite 8

8 Appendix On the Radar On the Radar is a series of research notes about vendors bringing innovative ideas, products, or business models to their markets. Although On the Radar vendors may not be ready for prime time, they bear watching for their potential impact on markets and could be suitable for certain enterprise and public sector IT organizations. Further reading On the Radar: Wombat provides security awareness and training, INT (November 2017) On the Radar: PhishMe offers phishing defense technology, INT (November 2017) Author Rik Turner, Principal Analyst, Infrastructure Solutions rik.turner@ovum.com Ovum Consulting We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovum s consulting team may be able to help you. For more information about Ovum s consulting capabilities, please contact us directly at consulting@ovum.com. On the Radar: IronScales offers anti-phishing defense suite 9

9 Copyright notice and disclaimer The contents of this product are protected by international copyright laws, database rights and other intellectual property rights. The owner of these rights is Informa Telecoms and Media Limited, our affiliates or other third party licensors. All product and company names and logos contained within or appearing on this product are the trademarks, service marks or trading names of their respective owners, including Informa Telecoms and Media Limited. This product may not be copied, reproduced, distributed or transmitted in any form or by any means without the prior permission of Informa Telecoms and Media Limited. Whilst reasonable efforts have been made to ensure that the information and content of this product was correct as at the date of first publication, neither Informa Telecoms and Media Limited nor any person engaged or employed by Informa Telecoms and Media Limited accepts any liability for any errors, omissions or other inaccuracies. Readers should independently verify any facts and figures as no liability can be accepted in this regard readers assume full responsibility and risk accordingly for their use of such information and content. Any views and/or opinions expressed in this product by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Informa Telecoms and Media Limited. On the Radar: IronScales offers anti-phishing defense suite 10

10 Contact Us ovum.informa.com International Offices Beijing Dubai Hong Kong Hyderabad Johannesburg London Melbourne New York San Francisco Sao Paulo Tokyo