IRONSCALES Reviews

My main use case for IRONSCALES is the UI and the convenience of having detailed information available to me.

A specific example of how I use the UI and detailed information in my day-to-day work is that it provides correspondence history with all the mails being sent and also the way it passes the headers. It's very easy to read and make out where exactly vulnerabilities lie.

IRONSCALES' platform makes it very easy and user-friendly. For the technical part, there's always a further drill down that can be done for information.

The best features IRONSCALES offers are the investigation tabs, headers, and correspondence history, which stand out the most for me.

The investigation tabs are valuable for my work because reporting goes a long way in terms of playbooks and having a full investigation. The investigation tab knows exactly how to put the information in a way that makes it very easy for reports to get done fast.

Security awareness training is a big part of IRONSCALES. The platform offers a broad spectrum in terms of what campaigns can be run for security awareness for users as well as reporting back on how users interact with their mails and understanding where the vulnerabilities lie.

IRONSCALES has positively impacted my organization by making email security simple in terms of controlling mails, understanding where the threats are, and protecting the organization itself.

I would really prefer to drill down more on correspondence history. It provides detailed background information to actually understand what's going on. If there were clickable drill downs on specific users or specific correspondence to relate them to certain types of mails, that would be beneficial.

I have been working in my current field for about one year and two months now.

IRONSCALES is very stable.

Customer support for IRONSCALES is outstanding. I've never had to wait more than a day for feedback from support, and they're very interactive with our users as well as our analysts.

Positive

I did not previously use a different solution.

A team investigated other platforms before choosing IRONSCALES. We settled on it because it is interactive and user-friendly for certain types of analysts. The fact that there are always ongoing updates and products being added is a bonus.

My advice to others looking into using IRONSCALES is to exercise caution as to how the platform works. Everything is not obviously as it seems. The product uses AI and the information that's provided. Looking at it at face value shouldn't be your final classification. It's a tool that we use to better our understanding of email security, and it's not a one and done situation. People starting to use IRONSCALES should really look into understanding email security and using it as a tool becomes a necessary part of proceeding with email security.

IRONSCALES is a really good platform, and it's ever-growing. This is just the start of what they are able to do with the AI, especially with Themis, and also the way it's structured, and that overall understanding of email security and how certain events should be handled.

I rate IRONSCALES 9 out of 10.

IRONSCALES provides email security for my previous customer environment, which is a big inventory customer. The entire email security is monitored by IRONSCALES. It monitors all activities including invoices, customer domain communications, phishing emails, suspicious emails, and VIP member communications. We investigate suspicious mails in IRONSCALES.

The best features of IRONSCALES are that most alerts are validated through AI, which reduces the fatigue of alerts that need to be worked on by the team handling the alerts investigation part. Only a small number of alerts require manual review.

IRONSCALES is a useful tool that detects every malicious file delivered to our customer domain emails. It safeguards against phishing emails and malicious files that are inbound to our customer services.

IRONSCALES reduces processing time significantly. There can be multiple alerts where the team handles and reviews them. The SOC team participates in bridge calls to investigate all emails delivered in the sandbox, and if required, we keep them in junk or contaminate them after analysis.

The user interface could be more attractive to users. The UI is not brightened or appealing. Having a more user-friendly UI would make it easier to identify features and options when using the tool.

I have used IRONSCALES for two years.

IRONSCALES is a stable tool.

Customer support for IRONSCALES was great.

Positive

I would advise that it is a necessary tool when comparing to other email security tools. If we are getting it for a lesser quotation, organizations should have this AI-automated email security which saves time and money.

The automated alerts generated are integrated into our SIEM solution. We can create logics according to our investigation in our SIEM solution from logs pulled from IRONSCALES to SIEM solution via API call. We monitor all triggered alerts in the same solution.

The user interface could be more user-friendly and attractive to use. I rated this solution 9 out of 10 overall.

The tool runs on an API, and it communicates with all of our users' inboxes. The tool is just for keeping spam in check and, more importantly, to deal with the dangerous phishing emails out of our users' hands. It can see if it lets something pass and it goes to the inbox, then after 20 minutes, if it gets new information that it is a potentially dangerous email, the solution will yank it right out of the user's inbox.

With the tool, users can report things that they think are phishing activities, meaning it allows IRONSCALES to take another look at it and then determine the final disposition, which is a good feature. More importantly, we just kind of let it run and do its thing, and then the tool comes up with two to three possibilities. If something is clean, we never hear from IRONSCALES. If it is spam, it will be categorized as spam. If an email is considered to be a phishing email, it'll categorize it as a phishing activity. If an email is spam or comes under the phishing category, the tool will pull the email out of the inboxes so that it is not available.

I think the tool can continue to hone the product to ensure the detections are accurate. The tool also involves some crowdsourcing. It is a pretty good product. We use IRONSCALES in conjunction with Proofpoint since the latter tool is an email gateway. Between IRONSCALES and Proofpoint, the idea of filtered security solutions, especially with emails because phishing is so dangerous, has kept us from harm for five-plus years.

I have been using IRONSCALES for three years. I am a customer of the tool.

It is a totally stable solution. The tool has never had downtime.

I can't rate the support of IRONSCALES because our support comes through the company we got the tool from, and it is called Constant Edge. Constant Edge is a reseller of the tool to SMBs because IRONSCALES doesn't want to get caught up with just 100 user licenses since it is just too small for it to worry about. Constant Edge has done an incredible job of providing support to our company. Constant Edge also provides our company with Proofpoint.

The company we get IRONSCALES from is not big enough to sell the product directly.

The solution can be deployed in a day.

One person can deploy the solution.

My organization got the tool from Constant Edge out of the UK, and they came in and set it all up for us.

The email security management costs take up a large portion of our IT security budget because everybody needs security in our company. We really have to watch out for trying to keep our users in a safe zone.

The tool is affordable. Our company has a pretty tight IT budget. We had to make room for IRONSCALES in our budget, and we have kept it since, after three years, we plan to renew it. The tool is not very cheap, but it is affordable. It is much cheaper to have the tool than to have a phishing email get clicked and see your whole network being brought down. On a scale of one to ten, if ten means it is an expensive tool, I rate the product's price as six or seven.

The AI engine is, like anything else that is similar to machine learning, so it is going to get smarter as time goes on. In our company, we put a lot of time into the tool to see if it detects something that is clean, making sure that it understands that it was not a malicious email. The tool has become pretty darn smart at this point.

If there is a situation where I need to manage the tool, I would say that there is an AI engine for the product, Themis Copilot, for Microsoft Outlook. When the tool pulls an email, it says that even though it pulled it out, it cannot give it a final disposition, so I won't know if it is spam or phishing activity. In that case, you need to go in and manually let the tool know that a particular email is spam, is associated with some phishing activity, or is clean. The tool tries to improve the accuracy of the machine learning and AI aspects. Occasionally, the tool requires some manual intervention.

IRONSCALES has gotten smarter as our company has trained the machine learning and improved the AI engine, and it has reached to the point now that it is set and forgotten. We visit the tool maybe once a week just to make sure that there are no emails that haven't given a final disposition.

I recommend the tool to others, along with Proofpoint.

I rate the tool a nine out of ten.

The main use cases for IRONSCALES demonstrate its artificial intelligence capabilities because it utilizes AI to detect phishing and has specialized engines for detecting both phishing and spam, making it very efficient at these tasks.

The automated incident response helps my security team by automating many tasks that only require console review to check incidents. If they notice something suspicious or potential AI false positives, these cases are minimal.

For example, if people in the organization receive 50 suspicious emails in a day that are detected by IRONSCALES, maybe one or two might be false positives. The interesting aspect is that with the intervention of the security analyst's human knowledge, they can contribute to this intelligence. It creates a merger of AI intelligence and human intelligence where the model is continuously learning.

What I appreciate most about IRONSCALES is that it detects not only actual phishing attempts but also potential preliminary phases of phishing. Some attackers plan their strategy by sending non-offensive emails designed to capture users' attention. IRONSCALES excels at analyzing the intention, not just the content itself, but the sender's attempt to gain user attention. When attackers employ social engineering and prepare their real attack, IRONSCALES effectively detects these intentions. This is a particularly valuable feature.

There are areas that could be improved with this product. Regarding the Spanish language awareness training, while they are producing good content, it appears to be initially produced in English and then translated to Spanish. Though this isn't problematic for our users, the content could be updated more frequently.

I have ongoing experience using IRONSCALES.

I would rate their technical support as very good, as they respond promptly when my team opens a ticket.

Positive

While I don't specifically oversee the pricing details, I understand that IRONSCALES is in the range of similar solutions while offering better results.

The company name is Silicon Valley Technology, Inc. My review rating for IRONSCALES is 10 out of 10.

We needed it for mail relay and phishing awareness training.

We use the IRONSCALE solution on all our email platforms, including mobile apps, web access, and Outlook on computers.

Our deployment model is hybrid. Our private environment is in Microsoft 365 and we also have SaaS through BDO.

Since we are using Microsoft 365 and everybody is basically connected to that infrastructure for their emails, all we had to do was implement IRONSCALES into 365 and that covered my whole organization. There are about 175 email boxes. We expect that to at least double that amount in the next couple of years

There is buzz around phishing awareness training. When I make a campaign, all of a sudden people in our organization are talking, thinking, and wondering about it. Therefore, it keeps people on their toes. That is perfect because it does exactly what we want it to do. 

Everything seems fine with the mail relay. I can't complain.

Monthly, we have been using the campaigns. Besides that, the actual work that it does as a mail relay, protecting our email infrastructure, is valuable. Also, the ease of integration into Microsoft 365.

The artificial intelligence and machine learning capabilities of the solution are very important because we don't know what we don't know. The fact that I can use the community for artificial intelligence based on other case studies is perfect. Why not learn from other people's experience?

We use the AI to determine if an email is phishing or dangerous.

For email security effectiveness, I would give it 8 out of 10. As far as the mail relay is concerned, we haven't had major attacks, concerns, or phishing emails. So, we can't complain. Thank God everything has been working fine, but we never really tested IRONSCALES to its fullest. We have been using its automatic features where it gives me advice that some email might be phishing and so on. As for that, it does work really well. However, I can't tell you that it is battle-tested. That is why I am not giving it more than 8.

As far as training awareness, I would give it 6.5 to 7 out of 10. In regards to phishing awareness training, I have been having some issues with the Hebrew aspects of IRONSCALES since most of our company's employees need the Hebrew language, and the phishing awareness in Hebrew is so-so. In addition, the biggest problem that I have is with people who fail since most of them just don't do the training, and IRONSCALES doesn't have some sort of reminder feature.

When someone fails, if they open up the email and push on the link, then they get to a dedicated website which is supposed to give them basic information, e.g., what they could have noticed, then some sort of link to an instructional video, and in the end, training. I just noticed that 95% of the people who click on the email are flunking. For the awareness training, they don't continue to watch the video or do the training. Instead, they just exit the screen and move on.

I would like it if IRONSCALES had some sort of reminder mechanism, meaning IRONSCALES knows if a user completed the training or not. As long as it hasn't been completed, it keeps reminding every so often, alerts the manager, etc. Right now, it is all in the hands of the employee, and not all of them continue the process, which is a shame.

I would like to have more of an ability to intervene in the landing page for phishing awareness, e.g., more design options, change logos, color, and fonts. Right now, it is a template.

We have been using IRONSCALES since February 2022.

I would rate the stability as 10 out of 10. It is always up and running. I have never seen downtime.

It requires someone from my help desk team to keep watch on the logs and see if there are any alerts or events. Besides that, there isn't much maintenance.

It seems to me that it is really easy to scale up or down, meaning I just need to add licenses. 365 is already implemented. So, as long as I just add email boxes, they are automatically within the system. Therefore, I just need to be up to par as far as licenses are concerned. It scales within seconds.

Since I have it as a SaaS, I never really need to talk to IRONSCALES. I just talk to BDO who just does whatever needs to be done. I would rate the support from BDO as nine out of 10.

Positive

My organization didn't use another solution before IRONSCALES.

The initial setup was straightforward. It took 10 minutes and then the product was up and running.

It provides an easy installation. It is a matter of minutes, which makes a big difference. Imagine the difference if you had to install a server or physical product. This solution is all software.

We started as a PoC. We implemented IRONSCALES as a trial version into our 365. From that point, we purchased it, then it became a non-evaluation version.

The deployment took one person and someone from IRONSCALES.

We realized the solution's benefits within the PoC.

IRONSCALES has enabled us to spend more time on other activities because it is just install and forget. Our main goal was not to deal with it, meaning I can implement it and it does what it's supposed to do without a lot of intervention on our side unless some sort of case or event happens. That is exactly what it did. I have a fully functioning mail relay that basically takes care of itself. Obviously, we have to view all the logs and everything, and that is something our SOC also does. It just takes a burden off my shoulders. I can let it run.

If we can prevent a phishing attack or ransomware attack, then the ROI will be immense. At this point in the game, when everything is okay, I can't really see an ROI. However, when time comes, it will be there.

They are pretty much the same as all the other competitors in the market.

There is an installation cost. Since we have this as a managed service, we pay for licensing and the managed service itself. Other than that, there are no additional costs.

We were looking for some sort of platform that we could use to do phishing awareness training. We were looking into Cisco and different solutions. Eventually, we came upon IRONSCALES because we also needed a mail relay. This actually gave us both solutions in the same spot.

We evaluated Cisco's trainee portal and Fortinet FortiMail. In the end, we went with IRONSCALES because it was both products in one solution. Another reason being that we wanted a managed solution. Our provider in Israel, BDO, is an official retailer of IRONSCALES. They work with IRONSCALES and offer this service as a service. Therefore, we got a managed IRONSCALES solution.

Microsoft 365 offers standard anti-phishing functionality, but nothing beyond that.

Try it. It takes seconds.

I would rate the product as nine out of 10.

We mainly use the solution for email security and threat mitigation through that vector, which could be phishing, malware, and malicious attacks. It allows us to inspect emails and enables end-users to report and quarantine potential threats in a sandbox, which is very valuable. The response time is imperative for us, a notification gets to me as the tech very quickly, and I can mitigate any issues we may have.

We have IRONSCALES deployed over two companies. The leading company owns the account, and we have two companies under that: Mason Law and Planning Company and Warrior Insurance. They're in the same building on different floors, but both companies are situated with IRONSCALES at all endpoints for all users. We don't have any off site users, with the occasional exception. The vast majority of our staff work on-site. We don't have anyone working from outside the office. 

We spend significantly less time dealing with email issues. For example, the routine process of determining if an email is a threat or not is now taken care of in a minute or less, instead of up to five or ten minutes. This adds up and results in a lot of time saved. This product also makes our end-users feel comfortable. Our employees are more confident in their email abilities because of the training and their months of experience using this program. 

The report function through Gmail is probably the most valuable feature. The next most valuable features are simulation and training.

I would say IRONSCALES is probably one of the best products of its class that I've seen. I've seen some other companies that offer similar technology and a similar product, where the training is an afterthought or add-on. IRONSCALES do offer premium training, but the regular training is very well-rounded. The integration of excellent reporting, single sign-on, and freedom from logins and passwords for end-users makes this a fantastic product. 

The AI and machine learning capabilities of the solution are significant. I have a small background in AI and machine learning, and we discussed how those functions would operate in our system with IRONSCALES. I've never seen a machine learning program work as effectively and often as this one. There aren't as many hitches as I would expect to find in a solution of this kind.

If I had to put a number on it, I would say 95% of the time, it works flawlessly. The remaining 5% of the time, a tech like myself would have to intervene, but in my opinion, that's an excellent standard to have. 

The automated detection and response capabilities have reduced the time we have spent manually reviewing emails and events a hundredfold.

I think the ability to customize offered by the solution works well. 

The solution has allowed me to spend more time on other activities. It's sped up our business process, and our response time has gone from five to ten minutes to less than a minute. Sometimes even more time is saved, especially in the last couple of months. The first week we implemented the solution, the saved time wasn't as noticeable. Three or four months down the road, I can see we have saved many hours, if not more. 

I would love to see the indication of compromise and how the solution utilizes open source resources. It would be good to see that included in the paid versions. It would be a small addition but add a lot of value for clients. 

We have been using the solution for nine days.

I'd say 98 to 99% time, the product is up and running. It has minimal downtime, if at all.

The solution is entirely scalable. We have up to 50 licenses at the moment. It wouldn't be difficult if we needed more than that. I would say it's perfect as far as scalability. 

I would give the technical support a nine out of ten only because when we did contact support for the unprotected mailboxes, my contact was out on vacation. That happens, but the backup solution was another customer service rep who said we should re-do the whole integration process. I wasn't satisfied with that, as I didn't want to restart the program, break it, and make more work for myself. That was my one issue with the customer service. 

Positive

We tried other solutions. We've had a secure gateway, and tested traditional VPNs and a few other options. The good customer service is the main reason we moved to IRONSCALES. They are excellent at ensuring everything is up to date and working, and the follow-ups are phenomenal. Next, I would say the technology integrates well with our office setup. Because it's a SaaS product and lives in the cloud, it doesn't affect other things like a gateway. Gateways can influence IP addresses, and printers don't like change. We previously had a lot of compatibility issues with other products because they would affect the network, whereas IRONSCALES sits on top of it, in a sense, which fits in well with our use case.

It was more straightforward than the other Google Workspace app installations I've carried out. I also received advice from our other company. I would say that IRONSCALES goes above and beyond to make sure everything is connected correctly. When we first implemented the solution, it showed our emails as unprotected for a while, but the program was functioning correctly and checking emails. That was resolved within a couple of weeks and probably would've been much faster, but my customer support contact was out on vacation for about seven days, which is fine. Everything got taken care of, which was to my liking. 

I wouldn't necessarily say the system requires maintenance. I check that everything is working correctly on a daily basis, and that improves with time. As the ML algorithm understands the company functions better, the automation improves significantly. Initially, more manual labor was involved, but still less than if you didn't have IRONSCALES. After a month or so, the automation was functioning well and required less involvement from me. Now it requires at most a few minutes of my time every day.  

I implemented the solution with the help of an IRONSCALES rep. 

When it comes to cybersecurity it's hard to pinpoint an ROI, but I would say that, based on what this product has done for our company, there's no way it hasn't saved us money.

We pay $3000 plus a little more a year for the number of employees we have, and we're not even that big. The solution is at the higher end in terms of cost. It's not the most expensive product, but I would say it's worth the price if you have a high volume of email traffic. In our case, the solution has inspected over 162,000 emails between three and four months. It saved us a lot of time and money. It's a worthwhile investment because a bad actor only has to succeed once; we must defend against everything in our business. IRONSCALES offers a sense of security and confidence from being well protected. 

We looked at other gateways like Perimeter 81, and other antivirus software, but IRONSCALES is more of a dedicated email security tool we use in conjunction with our antivirus. 

The AI/ML program that IRONSCALES has is much more efficient and effective than any other ML program I've seen or experienced. The UI is very user-friendly and looks good, which aids in quicker information access. I would say a lot of the alternatives are very clunky; I wouldn't quite say MS-DOS, but Windows 98 style, old and blocky.

I would rate this solution a ten out of ten. I feel like nobody ever gets perfect scores, but the downsides are minimal and quickly resolved, so the product is quite remarkable.

The solution is only situated for employees with specific email addresses. Apart from that, it's a private cloud deployment. 

The biggest lesson I've learned is that even with my level of expertise, there are still emails that I probably wouldn't have noticed checking them manually.

We are using it for email security. Microsoft's built-in spam and phishing filter was completely inadequate. We were looking at tackling spear phishing and phishing in general for the organization, as well as educating our staff through targeted phishing campaigns and training.

Our email provider Microsoft doesn't supply anti-phishing functionality as part of our licensing with them. They provide antivirus and anti-spam. We don't pay for their advanced protection features.

In terms of deployment, it is a SaaS platform. It connects to the Office 365 API.

It has helped immensely because it has gotten rid of malicious links and malicious attachments that have been targeted at our different staff members. It has definitely protected us on more than one occasion.

Their integrated approach of combining email security and employee awareness training is excellent because the training is a reminder for staff to continually be on their feet and look out for the ever-changing landscape. It also lets us know who has been trained, who hasn't been trained, and what they're like. It integrates a risk ratio for all our employees.

Its artificial intelligence and machine learning capabilities are very important because I don't want to have to manage 24/7. Having the AI to do a lot of the work for me is invaluable.

Its automated detection and response capabilities are excellent. It does a wonderful job. They provide all the stats on what it has done. It gives you information about how much time is saved and all that kind of good information.

Its automated detection and response capabilities have massively decreased the time we spend manually reviewing email events. Since May, it has taken care of 170 hours. So, it has saved 88 hours per analyst.

It is very good in terms of the customization of the automated detection and response capabilities. It is granular, and you can adjust it however you want. If it is too high, you can turn it down. If it is too low, you can turn it up.

Their anti-phishing platform is absolutely fantastic. The automated AI piece is amazing, and their technical support is fantastic. 

The simulation and training piece could be improved by having more granularity in terms of scheduling how campaigns are run and allowing people to directly take the training rather than having to go through an official campaign. That's not available yet.

I have been using this solution for about two years.

It is rock solid on any issues with stability. It just works great.

It is deployed for all active mailboxes. It is deployed across our entire organization. We use Office 365 for our email, and it is deployed to that.

As far as I know, it wouldn't have any problems with scalability. You pay for however many accounts you want it to monitor. I'm sure they would know better than me if there is a top end, but I doubt it.

Their support is excellent and super responsive. You get a real person right away. I would rate them a nine out of ten.

Positive

We did not use any other solution previously.

It was straightforward and easy. You just use an account with the proper information in Office 365, and all the rest is done on the back end.

We might have bought it through Logicalis. They're good. We've used them for many projects from hardware and software and everything in between.

For deployment, it was just me. I'm the administrator. It is really simple. We had to just count the proper permissions and select the accounts we wanted to monitor, and that's it. It does all the rest in the background.

It requires very low maintenance. Every now and then, I adjust the automated AI score. Usually, I adjust it down as the system learns or gets better. I adjust it as I get more confident that it is not going to catch anything that it shouldn't. They did change something recently around how it integrates with Office 365. So, I just had to redo that integration. It was the same process as the setup. It was super simple. That's all in the last two years.

We have absolutely seen a return on investment. It has automatically caught malicious links and emails sent directly to our fiscal department, which has theoretically saved us a big deal.

As compared to everything else we looked at, it was good. It was the best value for the dollars.

We've looked at a few. We looked at Agari, and we looked at Darktrace. Darktrace's sales team was pretty scammy. It was incredibly expensive. It was way out of our price range. Agari seemed fine, but it wasn't quite as polished. It didn't seem as polished and didn't fit our needs as well.

My advice would be to go for it. Its value is pretty clear right away. Its value becomes immediately clear as soon as it catches the first thing that is malicious and that would've gone through Microsoft's default filter.

I would rate it a ten out of ten.

It is a glorified email spam filter. IRONSCALES catches whatever the built-in Microsoft spam filter doesn't catch. Its intelligence is different. Microsoft spam filters are only strong to a certain extent, and IRONSCALES catches what falls through the cracks, which is super important. It checks the links and other things, and our mailboxes are much cleaner.

Every company is different. In our company, it is helpful because it lets people know what to look out for. The reason we got IRONSCALES was that you can train all day long, but not everyone is going to get it. That's just the nature of working in the industry. It helps to remind people from time to time, but the scams evolve, and IRONSCALES has also evolved. So, the training is much less important than it used to be in terms of how to determine what's what in the malicious message, whether it is phishing, etc.

Its artificial intelligence and machine learning capabilities are the most important pieces. It is just good to know that it is watching when we don't have to watch. I can go to sleep, and it is still working. The AI knows what to pick up on. It learns from other companies. The key is that it is not just our tenants that it is examining; it is examining all the tenants. So, it can take what it learns from a different company that has nothing to do with us and apply it to our mailbox. So, the whole system gets smarter overall.

It provides the ability to customize the automated detection capabilities. The system is set up for that when you start, and there is not a whole lot of going back in and reteaching it after the fact. Only when we're doing the training, to teach people what to look out for, we intentionally do white list certain messages that are designed to be spammed. This way we can go back, look and find out which employees need a refresher on how to find a malicious email because they opened the wrong email or clicked the wrong link. That's the only time that we would go and update anything. Most of the time you leave it alone.

It enabled us to spend more time on other activities. Previously, when we had very strong spam filters, a lot of things were positive. It took a lot of digging. Every time somebody would send an email saying that they are missing something, we'd have to go back and release it. IRONSCALES doesn't do that. The messages that are legit go through because the false positive rate is very low. It seems to catch real problems, and it lets the clean ones through, which is what it is supposed to do. The only time we have an issue is when people word an email poorly, it might be considered a SPAM message, whereas it is not. It is legit. In such a case, I just have to release it, and it is fine. 

The fact that it is set-and-forget is valuable. Once you turn it on, you very rarely have to micromanage it, whereas, with a lot of spam filters, you have to go in very often. 

Its nicest feature is that other users in our company can flag something as spam, and it'll automatically flag it for everybody else in the company. It'll pull that out of your mailbox before it becomes an issue. This way 50 people don't get the same notice. One person clicks it, and it automatically goes away. 

Its UI could be improved. My pet peeve with a lot of these cloud-based systems is that a lot of times, the interface for the management is a little clunky. If you live and breathe IRONSCALES all day long, you'll obviously know where everything is just from muscle memory, but the system is not designed for people to be in it all day long. You're only supposed to occasionally look at it. When things get moved around, it is not necessarily that intuitive. I'm an IT guy, and I can pretty much take the worst UI and figure it out, but the menus and the options in the interface could be a little cleaner graphically. If you have a quick problem that you want to resolve, it takes a little bit of digging in the admin console, whereas it should take a few clicks up front. That's about it, and that's a superficial issue. I understand that it is difficult to refine when you have a lot of information to deliver. It is not an easy job. Microsoft gets it wrong too.

We went live at the very beginning of this year, but we started using it before that. We had a tenant change in our Microsoft system. So, we waited, and then at the very beginning of this year, we cut over to a new hosted email platform.

It just works. We haven't had any outages. 

We have a Microsoft Office 365 tenant. In that tenant, there are multiple domains or multiple companies with multiple employees. We don't discriminate or distinguish between the two. We simply apply IRONSCALES to the tenant, and it grabs all the accounts regardless of the domain they are associated with. We don't have anybody who is not being protected. We did not granularly decide who gets what. It was a very simple, shotgun approach. We have one tenant, and we have one IRONSCALES that fits in the tenant, and that was it. We did not decide to tailor it in any particular way.

It is easy to scale. When we grow, it grows with us, and if we run out of seats, I just call our customer service rep and say that we added 10 more people, and we need 10 licenses. It is that simple.

Their service is great. We have a customer service representative. I know they have a tech team, but we haven't really had any tech questions for them since we did the deployment. 

For any random question that comes up, I'll just fire off an email to our rep who can decide whether to open up a ticket with their tech team or not. Usually, it is very quickly resolvable just with our customer service representative before it requires opening a ticket. I don't have to open tickets or get a call, which is super helpful for me. I can just shoot a quick email, and they take care of it, and it is done. They can almost be my IT department. 

I would rate their service a 10 out of 10. They are friendly and responsive.

Positive

We had Cyren previously. Cyren is great. We routed all of our messages through Cyren first, and it would flag everything, and then it would release whatever we wanted into the mailboxes. The problem was that if we found something that was spam, it was too late to release. IRONSCALES sits in the tenant. It'll pull messages out of the inbox. So, even if something made it through the first time, we can recall it. Instead of tightening up the filter and hoping nothing gets through, with this solution, even if something gets through, after we determine that something is bad, we can remove that. If somebody didn't check their messages today, and we had a spam message, by the time they get to the office, it is gone. It is not sitting in their inbox waiting. That was the major reason. It can pull out even old messages that are in their box, which is very good. It is like a housekeeping service.

Our email provider supplies anti-phishing functionality, but we went with IRONSCALES because Microsoft's spam filtering isn't as sophisticated. It is very clunky to use, and it wasn't available at the time when we signed up with IRONSCALES. Because of the AI of IRONSCALES, it is much easier to look through it, whereas Microsoft's anti-spam Defender filter is a work in progress, and they change its branding all the time. It was easier for us to stick to one that we knew would double-check and catch whatever slips through the cracks of Microsoft. Microsoft doesn't have AI, and they're not necessarily using group analysis. It is only based on whatever its filters think is good or bad. So, I just didn't trust it. I trusted IRONSCALES a little more.

It was very simple. There were a few basic steps, and that was it. When you log into the IRONSCALES site, you set up your tenant, and you set up your domain. After that, you just have to authorize the bot in your mail tenant. Once that's done, it automatically scans your tenant for applicable mailboxes, and you tell it what you want it to do. That's it.

There are five steps to the whole process. The trickiest one is making sure that it has grabbed all mailboxes when it did its pass to make sure it has all the right accounts. As we add employee accounts to our system, it automatically grabs them and sets them up dynamically. So, there are no extra steps that we have to do. After a mailbox is removed from our tenant, it'll automatically get purged from IRONSCALES by itself. It doesn't require a lot of hand-holding.

I was the one who did the work with the IRONSCALES team, but technically from an invoicing perspective, IRONSCALES doesn't bill us. IRONSCALES bills our security company, and we pay the security company. I'm assuming there is some kind of revenue share.

I don't remember what they were at the time. Another security company that we work with also recommended IRONSCALES. So, with various vettings and the blessing from our third-party security consultant, it was an easy decision.

I would advise taking the time to learn about it during the installation. You shouldn't just rely on the IRONSCALES team to do it because they can do it in their sleep. The best way to learn how it works is to do the work. It is good to figure out what the menus do, what it means, and what the interface does. I know a lot of IT departments like to farm it out, but don't farm it out. Take the time to see how it is working and how you can best integrate with it. Some people just don't pay attention, but it is something to which you should pay attention.

I would rate it a 10 out of 10.

The main challenge that we wanted to solve with this solution was the email-based attacks. They are a major threat for our staff and customers. So, we are using this solution for protection from threats and remediation of phishing emails. We also use it for simulation to train our staff to recognize a phishing email. For those users who click on the phishing email, we provide the training content to improve their awareness.

Its artificial intelligence and machine learning capabilities are really important and helpful in saving time. It saves a lot of hours, and we don't have to do a manual review of each incident or email. Without IRONSCALES, we will have to rely on our staff to report emails that might be malicious, but you can't always depend on the staff to do that.

It is an important part of our security infrastructure. It gives us confidence that we are protected from email threats.

It allows us to report an email as spam. If our staff suspects an email to be malicious, they can report it as spam.

It is helpful in assessing the awareness level of our staff. We compare the metrics of every new phishing campaign with the metrics of previous campaigns. We also determine if the awareness training we are conducting for our staff is effective. We can see all the data. If a lot of people have clicked on the phishing email, we get to know that we need to step up our efforts on phishing awareness.

Its automated detection and response capabilities save a lot of time. We are a financial institution, and we get quite a lot of emails. If someone has to manually review and investigate each alert or email event, it would be a full-time job. On a daily basis, it would take more than three hours of analysis work. A financial institution like ours receives quite a lot of emails from customers and internal staff, and IRONSCALES saves a lot of our time. We don't have to dedicate someone to manually review alerts or emails.

The time that we have saved by not having to manually review each incident can now be used to focus on other tasks. 

It has also helped reduce the number of people or analysts needed to deal with and respond to email incidents.

It allows us to customize the automated detection and response capabilities. Each email that IRONSCALES detects has a confidence level rating. For example, it has 90% or 70% confidence in a phishing email. We have the ability to configure the threshold for automatic remediation. For example, we can say that for emails with a 70% or higher confidence level, it can automatically remediate, but for emails with a 69% confidence level, it should raise an alert, and we'll manually investigate. It gives us the ability to raise or reduce the threshold.

AI-driven phishing detection and incident remediation are valuable. It saves time from having to do manual analysis and investigation, and we also get alerts for phishing emails.

Even though they have been continuously improving it, it is not 100% there. We have had a few incidents where legitimate emails were getting blocked, and we had to manually remove those emails from quarantine. It is 90% effective or accurate because, on rare occasions, some emails from customers were not getting delivered. In one or two instances, their emails got blocked by IRONSCALES, and we had to manually remove the emails from quarantine. I would like them to improve their algorithm to avoid flagging genuine emails as malicious. I would also like to be able to whitelist certain email addresses. I'd love to be able to whitelist a particular customer.

It is good for user awareness, but I would love to have more content for our staff that is related to not only phishing but also general awareness. I don't know whether it is a functionality that is already available and we have not subscribed to it, but I would love to be able to send awareness emails to staff on different topics related to email security. They should provide us with more security awareness content. Based on the current trends in the security landscape, they can give us security content in emails that I can easily share with my staff to keep them aware.

I use IRONSCALES' mobile app. The mobile app doesn't notify me about the incidents, but I get email alerts instantly, which are helpful when I'm on the move. I get them a lot on my mobile. I get notifications in the email that an incident has been automatically remediated. If an email doesn't have the specified threshold level, I can quickly log in to the IRONSCALES app and do a manual authentication. It helps a lot when I'm on the go, or I don't have my PC with me. Email alerts are fine with me, but it probably would be good to have push notifications from the mobile app. If someone doesn't have an email client on their mobile, they can get notifications through the app.

I have been using this solution for just under a year. I joined the department in September, and I started using the product in September last year.

It is a cloud-based solution. So, I expect it to scale well regardless of the number of users we have. We don't expect to experience a drop in performance. Cloud-based solutions generally scale well.

We use it for every email account we have. We currently have between 700 to 800 users, and it is being used for all our departments, users, and group mailboxes.

We definitely have plans to increase its usage. We are currently growing, and we are expecting a significant addition to the number of users in Q3 and Q4.

We haven't had an issue so far. So, we haven't contacted their support. During implementation, we got full support from them, and we loved the support we got. We have no issues with their support. I would rate them a nine out of ten.

Positive

I am not aware of any other solution being used previously. IRONSCALES was already in the company when I joined.

It was already in place when I joined. In terms of maintenance, it doesn't require any maintenance from our end. All we have to do is integrate our Outlook email server with IRONSCALES, and that's it. 

We have definitely seen an ROI. The amount that we pay for licenses is definitely way less than what we would pay if we are hit by a ransomware attack. So, it definitely provides a return on investment.

We were able to realize its benefits immediately after the deployment. We started analyzing emails and getting alerts right from the time it was activated. You have to do a bit of tuning for the threshold, but the effect was immediate. We didn't have to wait even a bit for it to be effective.

Considering the value it provides, it is definitely worth the cost. We don't have to do manual analysis and remediation of phishing emails, which saves us a lot of hours.

Its licensing is based on the number of users being supported and the number of email addresses being protected. I'm not aware of any additional costs.

I would definitely recommend the product. It is definitely worth the investment.

I would rate it an eight out of ten because I would like to have some of the features. We don't have them currently, and I'm not sure whether these features are available with an additional license.

I've used IRONSCALES in multiple scenarios. I first used the solution in the Asia-Pacific region to review suspicious phishing emails in the mailbox instead of reviewing them manually. The primary goal was to have an automated solution for suspicious or weird emails. It automatically reviews them and maybe provides some kind of response. That was our first goal with the product. It reviews the emails, attachments, and links at the same time.

There is an automated piece where people can send an email or forward the email to a review team. It adds an additional mailbox layer on top of our spam quarantine. IRONSCALES captures everything our existing spam quarantine couldn't capture. It also helps us with additional phishing campaigns. 

IRONSCALES has what they call a "911 mailbox" that lets your organization share information about threats. It sets up an address like phish@whateverorganization.com where everyone in the company can forward suspicious emails. IRONSCALES has access to that account to review the emails. All of the phishing emails or anything suspicious goes in that queue.

IRONSCALES will automatically categorize mail if something looks legitimate based on what the admins have already reviewed. It saves us a lot of time. We previously had a regular mailbox to accept suspicious mail from members of organizations. It was tough because everything was all manual, and we had to review a ton of emails some days. Now, people just send everything to the 911 mailbox or click on the "report phishing" button.

If employees have any other questions, they can message or call me. IRONSCALES saved me tremendously because I don't have to worry about manually reviewing that mailbox anymore. Sometimes, the email doesn't reach the queue, and I wonder what's going on. It's probably due to multiple forwards. The phishing campaign assimilation also helps.

We like IRONSCALES because it's easy to use and saves us some time. The reporting is good because it has all these tracking features and metrics. It's still evolving, but it's great to have information about automated detection and response, phishing campaigns, simulations, etc. 

I would say the most valuable feature is what they call Themis. It's like a virtual analyst that uses the decisions that system admins make to generate a score for whether an email is legitimate, spam, or phishing. It gets better based on the decisions that we make over time. The automation piece is great as well. The integrated approach of email security combined with employee awareness training is excellent. 

The AI and machine learning capabilities have come a long way since I first started using the solution. At the same time, any technology is only as good as the team's ability to use it. It's still evolving, and I think machine learning will become increasingly helpful because the more it does, the more accurate it'll be. In the beginning, there will be a lot of false positives, but it will become better as you provide more feedback and I think a lot of security teams are trying to do more of that too.

Integration is also crucial because there isn't a one-size-fits-all solution. Right now, I need to go to 10 different portals to check something, like a security incident. Integration with everything is always useful.

IRONSCALES has made improvements to its automated detection and response. If your company gets a targeted phishing email, there are two options. You have the option to leave comments and feedback in a form, and that's only limited to the people in the company. There's also a secondary form that's can be externally shared with existing customers or anyone with access to the IRONSCALES API.

Automated detection and response are good, but it depends on the specific email that comes in. I can only speak for my company. which is in the field of life sciences and healthcare, but we get all the typical phishing emails.

Microsoft has many domains, like outlook.com, live.com, microsoft.com, and 365 office support. A lot of phishing campaigns use these domains. They know nobody can block these domains as most people use Microsoft, UEX, or Mac shop. Phishers disguise themselves using a compromised legitimate business email account and start sending emails that say: "Please log in here." It looks like it's going to the organization's Office 365 website, but it's going to the other compromised organization. People are more likely to trust that. 

IRONSCALES also has a mobile app on Android and iOS. We mostly used it when we had a bigger team. I've been using it since the earliest version when they only had a web interface but not the official Apple or Android or mobile version. It's great for following up when you may not have access to a desktop computer or laptop. 

It's great for getting a sense of what specific phishing or incidents or events are coming into the IRONSCALES dashboard portal. When you need to do more digging, you probably don't want to look at the application on the phone because it's too small, and you have to dive in to see the email headers. I use it for limited purposes, like quickly checking an email to see if it looks legitimate, so I can re-categorize it. I need to go into the computer if it's anything more.

In addition to integrated training, they should also have personalized training that you don't have to do as part of a phishing campaign or a simulation. It could be launched separately as a learning management system, a squirm file, or something like that. IRONSCALES is working on that, so hopefully, we'll have that soon.

In the last four or five months, we started a new security operation center. We had to train and onboard the employees. We tried to get IRONSCALES audit logs into our SIM, rather than it going from cloud to cloud, but it does not work right now. I would like to see this as a new feature.

I've been using IRONSCALES for more than five years. I was one of the first 100 IRONSCALES customers, and they've added a lot of the features that I requested.

IRONSCALES is highly stable. It's a growing ecosystem for this company. IRONSCALES plans to introduce integrations with learning management systems and various malware companies, like CrowdStrike and Carbon Black. Now, they also use their own algorithm to determine malicious payloads. That will be a useful feature. 

I rate IRONSCALES support nine out of ten. I think they've improved greatly. I've been with them since the beginning and worked with all the founding members of the company. There's one person I still work with who is pretty high up in the company now. She created most of the documentation. I work with many of the same salespeople and support. 

Many years ago, they had no U.S. office, so we had to contact them in Israel, and there was a significant time difference. They opened an office in Atlanta, and they've developed an official knowledge base. They also have a customer portal and designated customer success managers. 

Positive

I used a few solutions and did some PoCs back in the day. Most of the solutions I've used were basic spam filters. I was the one who introduced IRONSCALES to our company. We used Mimecast for spam quarantine and our primary and secondary MX records. It does its job. 

We used Mimecast for spam filtering and email archives. It's tough if you need to troubleshoot across different infrastructures or technology. That's the advantage of IRONSCALES. In the past, I had to go through every system and check the Microsoft Outlook program to see if it was 32-bit or 64-bit and install it one by one. It's straightforward just like any other company that uses Office 365 extensions. You only need a standard account that can install additional applications on Office 365, and you can define users. After that, you can do that to all global users.

I was involved in the deployment from the beginning, from the architecture design and gathering requirements to the final setup. When I first deployed it, I was working in China, so anything that relies on Google wasn't going to work. It works in Hong Kong, but it doesn't work in mainland China because of the Great Firewall. This was eight years ago when IRONSCALES was extremely new. When I originally deployed it, we wanted to get this to every user.

At the time, we didn't have the option to deploy this through Microsoft Office 365. We had to go to every machine or a software installer to deploy it. That took a little more time. It didn't prevent the project plan, but it was an issue because installing the wrong extensions in Outlook can crash the program. This was back in the day, but now it's easy. 

When we didn't have the Microsoft Office 365 plugin capability or an API mailbox layer, it probably took us about a week to test it because we had to install it on all the computers. With the Office 365 capabilities, we could probably do it in a day or two because it's all tied to Office 365, and we can define it according to the group.

IRONSCALES doesn't require us to touch the client assets anymore. We had to install it one by one in the past, but now we only need to have administrative rights on Office 365 and we can just deploy it as a new application. We can select a few users or deploy it to all users.

A few years ago, I looked at two other alternatives, but the market has probably changed since then. I checked out other Mimecast solutions because we had Mimecast deployed. They didn't have some features that IRONSCALES has. They might have similar features now, but I don't trust them until I actually try them myself. Mimecast has many of the features that IRONSCALES offers, like automated detection and response as well as the phishing campaign, but I don't know if it works as well as IRONSCALES. 

Even though Mimecast is based closer to home in Lexington, Massachusetts, it was tough to get tasks done in terms of feature requests. When I first evaluated it about four years ago, Mimecast didn't have as much functionality. Mimecast works by scrambling every link. That's how they do their threat response. It's encrypted, so you need to decrypt or read anything Mimecast sends. I was the one who worked with IRONSCALES and Mimecast to unencrypt everything.

The email comes into Mimecast and goes to IRONSCALES because IRONSCALES is on the API. We started to get emails from Mimecast that were encrypted and couldn't read the link. We could do it when working with both IRONSCALES and Mimecast and now they do that for all the customers.

I rate IRONSCALES nine and a half out of ten. Before deploying any solution, we always research user feedback, check Gartner, etc. Ultimately, it all depends on how much you can afford, but Gartner's gives you a good list to choose from. 

You can also ask IRONSCALES directly for some customer references. Of course, you don't want to only talk to customers who have positive feedback on IRONSCALES. Ask other users in your own network: "Hey, why did you stop using IRONSCALES?" That's what I like to do, but I often ask the vendor to arrange that. 

I worked with IRONSCALES for about eight years and they've grown in size. There were only around 25 to 50 people at the company when I started working with them. After more than doubling in size, they're still highly responsive to feature requests. I also occasionally speak with their product development teams. If you ask for a feature based on your needs or environment, they'll usually add it fairly quickly— sometimes within three to six months depending on the feature request.