Ironscales – Phishing (Podcast)
Phishing emails are the worst! And they’re an ongoing threat to your business. In this podcast, our experts discuss how to minimize these threats with additional phishing protection, whether it be standard or app-based.
Our favorite part of this one? The analogies! Read on to hear the comparison of an outside bouncer at the club to the inside security bouncing team…
Dave: Welcome to PCG Tech Tuesday. My name is Dave Hodgdon. I’m here today with our security expert, Steve Ripper. Steve, how you doing today?
Steve: I’m good, Dave, how are you?
Dave: Fantastic. So today’s podcast is on how phishing is a constant threat to companies and what you need to do to minimize these threats by adding additional phishing protection. So Steve, can you describe what an app-based phishing product is and how it is different from a standard spam protection?
Steve: Sure, Dave. So I think the easiest way to describe what an app-based product is, is to describe what standard spam protection is: standard spam protection redirects the mail to that portal. Usually we’re changing the MX record, which is a record that decides where the mail goes, and we’re redirecting the mail to a Mimecast or Proofpoint, whoever we’re using, and then that service takes the spam out, and sends it on to wherever your email is, usually office 365. But it could also be Gmail, could be POP accounts, could be anything. So that’s how a standard one works.
Where an app-based spam protection works differently is that we’re using an app-based process to actually connect directly to the mail system. In other words, we’re looking at the mail AFTER it has arrived as opposed to before, and determining whether we need to do something about that: remove it, quarantine it, leave it alone, learn from it, and so on.
Dave: That’s important, Steve. So I know our security team at PCG evaluated many products to help with this. Why did we choose IRONSCALES, Steve?
Steve: Two main reasons. So we looked at several products. IRONSCALES is a big player in the industry, so that was important to us. The second thing is that a lot of times the interface and how you work with it is critically important. You’re doing investigations, right? Especially for a product like this – you’re trying to determine how did the phish get there, how did it get to where it’s going, what did it do? So the interface and how easy it is to work with is important. You don’t want to be looking and digging around and wondering why you can’t find the reasons or where the app is. So IRONSCALES has a really fantastic interface. It’s easy to use, and it was easy to train everybody at PCG and the customers who use it on how to use it.
Dave: I know when we first met, you spoke to me about this product, you had an analogy about the nightclub. And I love that analogy about the bouncer inside. Can you give us a little insight on that?
Steve: Yeah. So like I described earlier, when you have a standard spam protection where the mail is being redirected to that service, that’s the bouncer OUTSIDE the club. So that type of spam protection, and by the way, we recommend that you run both. You can run both and you should run both. So the standard spam protection – your Proofpoints, your Mimecasts, several others – that’s the bouncer outside the club checking the IDs. Are you old enough, are you sober enough to come in? Are you handsome or pretty enough to go into the nightclub? Checking everybody at the door. Right?
So an app-based phishing product is the bouncer that’s INSIDE the club, right. You’re already in the club. Are you behaving yourself? Are you doing what you’re supposed to be doing? Are you not doing things you shouldn’t be doing? So where an app-based product comes in, it rolls up. It says, “listen, this message is causing problems. We’re going to yank it out, we’re going to drag it.” And it really kind of gives you both ends of the spectrum: both the messages before they get to your mailbox, and then what do we do about them after they’re in your mailbox?
Dave: Steve, so be honest. Have you had trouble getting into a club or, once you’re in the club, get kicked out?
Steve: So I’m usually well behaved, but sometimes I’m not handsome enough. I’m just not handsome enough to get in.
Dave: I thought you’d be a dancing machine out there like John Travolta. So next question: is there a quarantine of messages and how does it impact individual user mailboxes?
Steve: Yeah. So all the messages are in people’s mailboxes. Really the quarantine is determining what to do about them. And app-based phishing products, particularly IRONSCALES, works on a percentage scale.
So you’re basically setting it at 80%. If the chances of it being a phish are less than 80%, it’s going to just arrive in the inbox, it’s just going to let it through. At PCG, we can still review it and go, that doesn’t look right. But if the AI part of IRONSCALES sees it as greater than 80%, it is going to prevent it from being in the person’s mailbox. It’s going to quarantine it.
So that kind of automated process (not that different than a standard spam protection) allows us to say, listen, this is very common to a lot of what we’re seeing phishing-wise, and we’re going to prevent it. And then if we have to allow them to see it, we can.
Dave: I know we’re dealing a lot with co-managed where there’s IT in-house, but what are the advantages of a system like this to the IT people supporting the company?
Steve: The single biggest thing that we get, that maybe you caught as you’re listening to this…you’re saying, “well, Steve, what good is it if the message is already in our mailbox? If it’s already here, maybe my users can click on it. And that’s true. But what a product like IRONSCALES allows us to do is we can do something about the large-scale phishing when it arrives.
So before we had IRONSCALES, if we determined that something was a phish, but it actually arrived in seven pieces, seven persons’ mailboxes, then we have to go try and find what those mailboxes are, where they are, and get them before those people also click on it with something like IRONSCALES.
One of the biggest advantages is the minute we determine or decide that it’s a phishing, we can yank it back and it yanks it back EVERYWHERE. If it’s in 150 mailboxes, because they delivered it to everybody at the company, the minute we say, this is bad, we’re pulling it out. It’s pulling out of everybody’s mailbox. No matter what state they’re in. If it’s in the inbox, whether they moved it to deleted items, whether it’s in another folder, it’s coming right back out again. So it really gives the remediation part of what we’re trying to do, really a leg up.
Dave: That’s a huge value. It’s a huge business benefit. My last question is what other benefits or value do you see (IRONSCALES) adding to the business?
Steve: Yeah, it gives you another level of insight into what’s going on in people’s mailboxes. Standard spam protection gives you that gateway kind of a thing…this is all the mail that went through. And for typically standard spam protection, we’re using the logs of what’s being delivered and it’s really useful to us.
But the app-based phishing protections are really giving us insight into what’s happening when they land in people’s mailboxes. Are they clicking on them? Does it make them want to click on it? And how do we get it out of there if we don’t like it?
Dave: That might trigger more training based upon those results, Steve, and I’m assuming, like anything, it’s going to help minimize your risk.
Steve: Sure.
Dave: So great topic today about adding additional phishing protection. Again, this is Dave and Steve at PCG. Have a great day.