Ironscales, a startup developing an AI phishing prevention and detection platform, today closed an $8 million extension to its series B round led by Jump Capital, bringing the total to $23 million. A spokesperson says Ironscales plans to use the funding to further accelerate growth through market expansion and ongoing R&D of its email security platform.
Nearly one-third of all data breaches involved phishing in one way or another, according to a 2019 Verizon report. That’s likely because users have a tendency to fall for such attacks; KnowBe4 reports that 38% of employees who don’t undergo cyber awareness training fail phishing tests. Problematically, the pandemic appears to have worsened the onslaught, with companies like Google suggesting millions of COVID-19-related phishing scams are being perpetrated daily.
Ironscales, a graduate of Israel-based incubator 8200 EISP whose founding team includes alumni of the Israel Defense Forces’ Intelligence Technology unit, employs what it calls hybrid human intelligence — a combination of machine learning and intelligence tools designed for security professionals — to nip phishing attempts in the bud. The company’s platform integrates with Office 365, Exchange, and G Suite and benefits from insights derived from spoofing attempts, breaches, and security incidents shared anonymously by certified analysts.
Ironscales’ IronShield is a cloud-based protection module that helps defend against real-time malware, credential threats, account takeovers, and phishing websites using AI, sandboxing techniques, and malicious URL and link detection. Suspicious emails are routed to third parties for analysis and trigger responses if they’re deemed to be malicious, while computer vision algorithms ingest login pages to determine whether they’re legitimate.
IronSights complements IronShield with fingerprinting tech that flags anomalies by taking into account factors like IP addresses, communication contexts, and other metadata. It plays nicely with Ironscales’ Federation module, which logs phishing attack details and cross-references users across Ironscales’ customer base for emails containing a similar pattern. If it finds a match, Federation communicates with IronTraps, Ironsights’ automatic forensics and incident response service, which blocks or remediates the attack from inboxes across all endpoints.
Ironscales’ IronSchool provides security awareness training to employees, beginning with an assessment that grades their ability to recognize phishing attempts. Based on their results, they’re guided through short courses made up of staged and real-world phishing attacks to help improve their awareness of malicious email messages. Meanwhile, security teams can tap the wisdom of Themis, Ironscales’ AI-driven virtual assistant that learns continuously from tens of millions of emails weekly. Themis considers “dozens” of different phishing protection decisions and criteria in deciding on a response plan to incidents, and it can automatically make and implement its decisions adherent to built-in confidence levels and company policy.
Over the past year, Ironscales added natural language processing algorithms to detect business email compromise attacks like requests for unspecific tasks, employee availability checks, and solicitations for gift cards. It also launched Phishing Emulator, an automated solution for Office 365 designed to let users evaluate an organization’s email defenses by orchestrating real-world, unmodified attacks built to bypass secure gateways and authentication protocols.
Ironscales, which has raised nearly $30 million to date, employs people in Tel Aviv, across Europe, and at its North American headquarters in Atlanta. It claims that more than 1,000 security professionals around the world use its tools, and it plans to more than double its headcount in the coming months.
