Search company, investor...
Search

Founded Year

2013

Stage

Series C | Alive

Total Raised

$95M

Last Raised

$64M | 10 mos ago

Mosaic Score

+30 points in the past 30 days

What is a Mosaic Score?
The Mosaic Score is an algorithm that measures the overall financial health and market potential of private companies.

About IRONSCALES

IRONSCALES enables organizations to mitigate the risk associated with the technological, operational and human challenges inherent to phishing attacks. The company's multi-layered and automated approach to prevent, detect, and respond to phishing emails combines micro-learning phishing simulation and awareness training (IronSchool), with mailbox-level phishing detection (IronSights), automated incident response (IronTraps) and real-time automated intelligence sharing (Federation) technologies.

IRONSCALES Headquarters Location

5901 Peachtree Dunwoody Rd Building C, Suite C-480

Atlanta, Georgia, 30328,

United States

+972 737 969 728

IRONSCALES's Product Videos

ESPs containing IRONSCALES

The ESP matrix leverages data and analyst insight to identify and rank leading companies in a given technology landscape.

EXECUTION STRENGTHMARKET STRENGTHLEADERHIGHFLIEROUTPERFORMERCHALLENGER
Financial Services / Cybersecurity

In this market, companies reduce the risk associated with the cybersecurity X-factor — human behavior — by providing cyber training solutions, insider risk detection, phishing defense, and employee risk mapping.

IRONSCALES named as Leader among 8 other companies, including Proofpoint, Rangeforce, and Area 1 Security.

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

IRONSCALES's Products & Differentiation

See IRONSCALES's products and how their products differentiate from alternatives and competitors

  • Email Protect™

    Email Protect™ secures your cloud-based email environments from advanced phishing threats like BEC, ransomware, credential harvesting, and more.

    Differentiation

    Email Protect™ detects and remediates advanced phishing threats that traditional Secure Email Gateways (SEGs) can't stop. 

  • Subscribe to see more

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

    Differentiation

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

  • Subscribe to see more

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

    Differentiation

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

  • Subscribe to see more

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

    Differentiation

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

Research containing IRONSCALES

Get data-driven expert analysis from the CB Insights Intelligence Unit.

CB Insights Intelligence Analysts have mentioned IRONSCALES in 1 CB Insights research brief, most recently on Nov 8, 2021.

Expert Collections containing IRONSCALES

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

IRONSCALES is included in 2 Expert Collections, including Cyber Defenders.

C

Cyber Defenders

29 items

Our selected startups are early- to mid-stage high-momentum companies pioneering technology with the potential to transform cybersecurity. Unicorns valued at $1B+, companies that have raised funding past the Series C stage, and companies that have not raised funding since 2016 ar

C

Cybersecurity

5,100 items

IRONSCALES Patents

IRONSCALES has filed 4 patents.

The 3 most popular patent topics include:

  • Cybercrime
  • Computer network security
  • Computer security
patents chart

Application Date

Grant Date

Title

Related Topics

Status

3/12/2019

Cybercrime, Computer security, Computer network security, Spyware, Social engineering (computer security)

Application

Application Date

3/12/2019

Grant Date

Title

Related Topics

Cybercrime, Computer security, Computer network security, Spyware, Social engineering (computer security)

Status

Application

Latest IRONSCALES News

Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

Sep 16, 2022

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign. PDF Thousands of Microsoft 365 credentials have been discovered stored in plaintext on phishing servers, as part of an unusual, targeted credential-harvesting campaign against real estate professionals. The attacks showcase the growing, evolving risk that traditional username-password combinations present, researchers say, especially as phishing continues to grow in sophistication, evading basic email security. Researchers from Ironscales discovered the offensive, in which cyberattackers had compromised email account credentials for employees at two well-known financial-services vendors in the realty space: First American Financial Corp., and United Wholesale Mortgage. The cybercrooks are using the accounts to send out phishing emails to realtors, real estate lawyers, title agents, and buyers and sellers, analysts said, in an attempt to steer them to spoofed Microsoft 365 login pages for capturing credentials. The emails alert targets that attached documents needed to be reviewed or that they have new messages hosted on a secure server, according to a Sept. 15 posting on the campaign from Ironscales. In both cases, embedded links direct recipients to the fake login pages asking them to sign into Microsoft 365. Once on the malicious page, researchers observed an unusual twist in the proceedings: The attackers tried to make the most of their time with the victims by attempting to tease out multiple passwords from each phishing session. "Each attempt to submit these 365 credentials returned an error and prompted the user to try again," according to the researchers' writeup. "Users will usually submit the same credentials at least one more time before they try variations of other passwords they might have used in the past, providing a gold mine of credentials for criminals to sell or use in brute-force or credential-stuffing attacks to access popular financial or social-media accounts." The care taken in the targeting of victims with a well-thought-out plan is one of the most notable aspects of the campaign, Eyal Benishti, founder and CEO at Ironscales, tells Dark Reading. "This is going after people who work in real estate (real estate agents, title agents, real estate lawyers), using an email phishing template that spoofs a very familiar brand and familiar call to action ('review these secure documents' or 'read this secure message')," he says. It's unclear how far the campaign may sprawl, but the company's investigation showed that at least thousands have been phished so far. "The total number people phished is unknown, we only investigated a few instances that intersected our customers," Benishti says. "But just from the small sampling we analyzed, there more than 2,000 unique sets of credentials found in more than 10,000 submission attempts (many users supplied the same or alternate credentials multiple times)." The risk to victims is high: Real estate-related transactions are often targeted for sophisticated fraud scams, especially transactions involving real estate title companies . "Based on trends and stats, these attackers likely want to use the credentials to enable them to intercept/direct/redirect wire transfers associated with real estate transactions," according to Benishti. Microsoft Safe Links Falls Down on the Job Also notable (and unfortunate) in this particular campaign, a basic security control apparently failed. In the initial round of phishing, the URL that targets were asked to click didn't try to hide itself, researchers noted — when mousing over the link, a red-flag-waving URL was displayed: "https://phishingsite.com/folde...[dot]shtm." However, subsequent waves hid the address behind a Safe Links URL — a feature found in Microsoft Defender that's supposed to scan URLs to pick up on malicious links. Safe Link overwrites the link with a different URL using special nomenclature, once that link is scanned and deemed safe. In this case, the tool only made it harder to visually inspect the actual in-your-face "this is a phish!" link, and also allowed the messages to more easily get past email filters. Microsoft did not respond to a request for comment. "Safe Links has a several known weaknesses and generating a false sense of security is the significant weakness in this situation," Benishti says. "Safe Links didn’t detect any risks or deception associated with the original link, but rewrote the link as if it had. Users and many security professionals gain a false sense of security because a security control in place, but this control is largely ineffective." Also of note: In the United Wholesale Mortgage emails, the message was also flagged as a "Secure Email Notification," included a confidentiality disclaimer, and sported a fake "Secured by Proofpoint Encryption" banner. Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, said that his company is no stranger to being brand-hijacked, adding that fake use of its name is in fact a known cyberattack technique that the company's products scan for. It's a good reminder that users can't rely on branding to determine the veracity of a message, he notes: "Threat actors often pretend to be well-known brands to entice their targets into divulging information," he says. "They also often impersonate known security vendors to add legitimacy to their phishing emails." Even Bad Guys Make Mistakes Meanwhile, it might not be just the OG phishers that are benefiting from the stolen credentials. During the analysis of the campaign, researchers picked up on a URL in the emails that shouldn't have been there: a path that points to a computer file directory. Inside that directory were the cybercriminals' ill-gotten gains, i.e., every single email and password combo submitted to that particular phishing site, kept in a cleartext file that anyone could have accessed. "This was totally an accident," Benishti says. "The result of sloppy work, or more likely ignorance if they are using a phishing kit developed by someone else — there are tons of which available for purchase on black market." The fake webpage servers (and cleartext files) were quickly shut down or removed, but as Benishti noted, it's likely that the phishing kit the attackers are using is responsible for the cleartext glitch — which means they "will continue to make their stolen credentials available to the world." Stolen Credentials, More Sophistication Fuels Phish Frenzy The campaign more broadly puts into perspective the epidemic of phishing and credential harvesting — and what it means for authentication going forward, researchers note. Darren Guccione, CEO and co-founder at Keeper Security, says that phishing continues to evolve in terms of its sophistication level, which should act as a clarion warning to enterprises , given the elevated level of risk. "Bad actors at all levels are tailoring phishing scams using aesthetic-based tactics such as realistic-looking email templates and malicious websites to lure in their victims, then take over their account by changing the credentials, which prevents access by the valid owner," he tells Dark Reading. "In a vendor impersonation attack [like this one], when cybercriminals use stolen credentials to send phishing emails from a legitimate email address, this dangerous tactic is even more convincing because the email originates from a familiar source." Most modern phishes can also bypass secure email gateways and even spoof or subvert two-factor authentication (2FA) vendors , adds Monnia Deng, director of product marketing at Bolster, while social engineering in general is extraordinarily effective in a time of cloud, mobility, and remote work. "When everyone expects their online experience to be fast and easy, human error is inevitable, and these phishing campaigns are getting more clever," she says. She adds that three macro-trends are responsible for the record numbers of phishing-related attacks: "The pandemic-fueled move to digital platforms for business continuity, the growing army of script kiddies who can easily purchase phishing kits or even buy phishing as a subscription service, and the interdependency of technology platforms that could create a supply chain attack from a phishing email." Thus, the reality is that the Dark Web hosts large caches of stolen usernames and passwords; big data dumps are not uncommon, and are in turn spurring not only credential-stuffing and brute-force attacks, but also additional phishing efforts. For instance, it's possible that threat actors used information from a recent First American Financial breach to compromise the email account they used to send out the phishes; that incident exposed 800 million documents containing personal information. "Data breaches or leaks have a longer half-life than people think," Benishti says. "The First American Financial breach happened in May 2019, but the personal data exposed can be weaponized used years afterwards." To thwart this bustling market and the profiteers that operate within it, it's time to look beyond the password, he adds. "Passwords require ever increasing complexity and rotation frequency, leading to security burnout," Benishti says. "Many users accept the risk of being insecure over the effort to create complex passwords because doing the right thing is made so complex. Multifactor authentication helps, but it is not a bulletproof solution. Fundamental change is needed to verify you are who you say you are in a digital world and gain access to the resources you need." How to Fight the Phishing Tsunami With widespread passwordless approaches still a ways off, Proofpoint's Kalember says that the basic user-awareness tenets are the place to start when fighting phishing. "People should approach all unsolicited communications with caution, especially those that request the user to act, such as downloading or opening an attachment, clicking a link, or disclosing credentials such as personal or financial information," he says. Also, it’s critical that everyone learn and practice good password hygiene across every service they use, Benishti adds: "And if you are ever notified that your information may have been involved in a breach, go reset all of your passwords for every service you use. If not, motivated attackers have cleaver ways of correlating all sorts of data and accounts to get what they want." In addition, Ironscales recommends regular phishing simulation testing for all employees, and called out a rule-of-thumb set of red flags to look for: Users could have identified this phishing attack by closely looking at the sender Make sure the sending address matches the return address and the address is from a domain (URL) that usually matches the business they deal with. Look for bad spelling and grammar. Mouse over links and look at the full URL/address of the destination, see if it looks unusual. Always be very cautious about sites that ask you for credentials not associated with them, like Microsoft 365 or Google Workspace login.

IRONSCALES Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

IRONSCALES Rank

  • When was IRONSCALES founded?

    IRONSCALES was founded in 2013.

  • Where is IRONSCALES's headquarters?

    IRONSCALES's headquarters is located at 5901 Peachtree Dunwoody Rd, Atlanta.

  • What is IRONSCALES's latest funding round?

    IRONSCALES's latest funding round is Series C.

  • How much did IRONSCALES raise?

    IRONSCALES raised a total of $95M.

  • Who are the investors of IRONSCALES?

    Investors of IRONSCALES include K1 Capital, Jump Capital, PSG, RDSeed and 8200 EISP.

  • Who are IRONSCALES's competitors?

    Competitors of IRONSCALES include Armorblox, KnowBe4, ZeroFox, Morpheus Data, Vade, Mimecast, Material Security, Abnormal Security, Area 1 Security, SlashNext and 19 more.

  • What products does IRONSCALES offer?

    IRONSCALES's products include Email Protect™ and 3 more.

  • Who are IRONSCALES's customers?

    Customers of IRONSCALES include Webhelp.

You May Also Like

Valimail Logo
Valimail

Valimail delivers fully automated email authentication as a cloud service, bringing easy, accessible, and trusted messaging to all organizations. Valimail, using its patented technology, delivers it in fast time. Additionally, email authentication strengthens existing SEGs, adding a highly effective layer of protection, reducing the overall threat surface.

Tessian Logo
Tessian

Tessian is an email security platform that uses machine learning to make sure sensitive or confidential data cannot be sent to the wrong individual. The solution scans historical email data to understand conventional usage patterns and behaviors in companies' email systems. By leveraging machine learning, the platform spots anomalies and give users a chance to correct problems before sending without requiring administration or end user behavior change.

Cofense Logo
Cofense

Cofense provides threat management for organizations concerned about human susceptibility to advanced targeted attacks. Cofense's intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. The company's open approach ensures that Cofense integrates easily into the security technology stack, demonstrating measurable results to help inform an organization's security decision making process.

INKY Logo
INKY

INKY is a cloud-based email security platform designed to be far more than just artificially intelligent. INKY recognizes logos, brand colors, and email signatures. It understands email, searches for signs of fraud, and can spot impostors by a pixel.

Abnormal Security Logo
Abnormal Security

Abnormal Security provides a cloud email security platform that protects enterprises from targeted email attacks. Powered by Abnormal Behavior Technology (ABX), the platform combines the Abnormal Identity Model, the Abnormal Relationship Graph, and Abnormal Content Analysis to stop attacks that lead to account takeover, financial damage, and organizational mistrust. It was founded in 2018 and is based in San Francisco, California.

Proofpoint Logo
Proofpoint

Proofpoint offers an integrated suite of on-demand data protection solutions, including threat protection, regulatory compliance, archiving and governance, and secure communication. Proofpoint's solutions are built on a flexible, cloud-based platform and leverage a number of technologies, including big data analytics, machine learning, deep content inspection, secure storage, and advanced encryption, to address today's threat landscape.On August 31st, 2021, Proofpoint was acquired by Thoma Bravo at a valuation of $12.3B.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.