Humans, Not Technology, are the Answer to a Safe Email Experience

Play episode


Or listen in your favorite podcast app

Apple Podcasts  /  Google Podcasts Spotify

For years, cybersecurity teams have worked at length to solve one common problem: email attacks. But how do you prevent bad actors from infiltrating an employee’s inbox? And how do you prevent that same employee from opening a malicious email that doesn’t look or feel suspicious? Eyal Benishti is the CEO of Ironscales, a self-learning email security platform that is attempting to answer those simple questions.

On this episode of IT Visionaries, Eyal discusses how the Ironscales platform uses self-learning technology to help provide a safe email experience for all, and why the pathway to this safer internet is through a decentralized solution.

Main Takeaways

  • Bad Actors: Phishing attacks are becoming much more sophisticated. One way you can help prevent malicious emails entering an employees inbox, is to have a better understanding of the types of emails that person receives on a day-to-day basis. If your platform is personalizing your security based on the individual, you have a better chance of noticing which emails are not supposed to be there.
  • Humans are the Solution, Not the Problem: For years there was an idea that humans could not detect bad actors, or prevent phishing attacks. Instead, there was an overreliance on technology. If you simply rely on technology, your system will fall behind very quickly. Instead, deploy an active and passive platform that is continually learning while also gaining insights from its user.
  • Decentralized: Centralized solutions are dependent on data points and research from one specific source. In order to have a system that can detect and prevent multiple types of bad actors, you need a decentralized approach that can gather research from multiple sources.


For a more in-depth look at this episode, check out the article below.

For years, cybersecurity teams have worked at length to solve one common problem: email attacks. But how do you prevent bad attackers from infiltrating an employees inbox? And how do you prevent that employee from opening a malicious email that doesn’t look or feel suspicious? Eyal Benishti is the CEO of Ironscales, a self-learning email security platform that is attempting to answer those simple questions.

“In messaging security, we’re trying to solve a pretty simple question, and the question is who is sending what?” Benishti said. “For many years, messaging security was focused on work. Making sure that the domain is not spoofed, or that attachment is not containing the malware, or the link is not taking me to a fishing or a bad website. But the threat landscape has changed, things have changed. Now the techs are more sophisticated.”  

As email attackers become faster, smarter and obtain a broader understanding of the vulnerabilities of a company’s security system, the need for a platform that is constantly evolving and learning has never been greater. 

Ironscales hopes to be that solution. Incubated inside one of the world’s top venture programs for cyber security, and founded by alumni of the Israel Defense Forces’ elite intelligence technology unit, Ironscales offers an A.I.-driven, self-learning email security platform that provides a comprehensive solution to stopping phishing attacks at scale.

“Email threats are morphing at scale, which means millions of new email phishing is being crafted and sent every day,” Benishti said. “How can we stay ahead of the curve? How can we be in denial regarding what is currently out there and what is not but will be out there tomorrow?”

The solution was to build a platform that could not only learn fast enough to teach itself what should be classified as a typical email and what should be registered as malicious, but wasn’t reliant on updates that needed to be pushed out. 

According to Benishti, what makes Ironscales unique from other email blockers is its decentralized approach.

“If you look at learning technologies and cybersecurity in general, you will find that most of the technologies are very centralized, which means they’re very bound to what the vendors research can do,” he said. “The goal was to create a platform that security teams could use on a daily basis, that they could gain value from at the same time.”

Ironscales uses real-time human vetted intelligence, which means their program is not just reliant on machine learning techniques, but at the same time actual humans are helping to gather intelligence in order to increase the program’s effectiveness. It’s something Benishti said is uncommon in the world of cybersecurity. While most teams will have a few hundred researchers working on a model, because of the scale that his platform operates, they are able to deploy thousands.

“We have thousands of people feeding our platform in real-time regarding what they think that shouldn’t have landed in the employee mailboxes,”  Benishti said. “This is a super powerful and exponential solution that empowers our customer base.”

But that wasn’t always a welcomed method. In fact, when Benishti was working to launch the company, one of the early detractors from his model was that actual humans would be involved in the process and he remembers having to convince numerous people that utilizing humans, in concert with technology, was the solution and not the problem.

“[When we were] giving them the full vision, which is we need people involved to act as an active defense layer in email security, the response is that it’s not a good idea,” Benishti recalled. “If you look back seven years ago, when you talk about people in cybersecurity and you talk to the average CISO or security professional, they will tell you one clear thing — that people were the problem.”

But Benishti struggled with that notion and firmly believed that if you simply rely on technology, your platform would fall behind. Instead, he subscribed to the idea that a program that was not only passively and actively learning could succeed.

“We’ve proved them wrong pretty quickly,” he said. “We’ve shown how people can be trained and used against cyber threats.”

One of the quickest ways that Ironscales has been able to prove their doubters wrong, Benishti said, is by shifting the focus from understanding who is sending the emails, to gaining a better understanding of what makes sense for the users inbox.

“We need to know you as a person like, who are you receiving emails from?” he said. “What makes sense in the context of your specific mailbox.Because what makes sense in your mailbox doesn’t make sense in my mailbox and the other way around.” 

Ironscales process has become so efficient that they can pinpoint malicious emails in as little as five seconds from the server detecting the inbound messages. However, while Benishti and his team work to provide a better and safer email experience for all, there still remain cracks in the system and bad actors that pass through their security. To hear more about how Ironscales is providing a safe email experience through machine learning and other types of phishing attacks, checkout the full episode of IT Visionaries.

To hear the entire discussion, tune into IT Visionaries here

Episode 222