Thought Leaders in Cyber Security: IRONSCALES CEO Eyal Benishti (Part 1)

We all understand Phishing. Eyal has built a fast-growth company addressing this ubiquitous nuisance.

Sramana Mitra: Tell us about yourself and IRONSCALES.

Eyal Benishti: I’m the Founder and CEO of IRONSCALES. We mitigate the risk of email phishing that businesses face today. We offer simplicity and speed for accelerated visibility for all types of phishing attacks especially those that get past traditional security. We are the fastest-growing email security today. We know how to harness the power of the cloud.

Sramana Mitra: Is it focused on enterprises or mid-market?

Eyal Benishti: We’re serving both mid-market and large enterprises. Phishing, in the last few years, has become everyone’s problem.

Sramana Mitra: No kidding.

Eyal Benishti: Traditionally, it was just enterprises dealing with this. Now, everyone is a target. The companies that are being targeted don’t necessarily have the means to operate what we consider to be the legacy kind of tools to filter and protect against phishing.

Sramana Mitra: Let’s double-click down to the how. Tell us about how you tackle a problem like this. How do you even think about figuring out which is a phishing email and which is a regular email?

Eyal Benishti: The landscape is changing rapidly. We believe that the way to solve it is, first of all, to look at it differently. Traditionally, we looked at email phishing as emails that had bad attachments. That’s not necessarily the case anymore. We see the emails come in with bad intent. They’re trying to hack the business process to make you do something you’re not supposed to do like pay a fake invoice or wire money.

Chasing the trap will not work anymore. It doesn’t work anymore because you will always be one step behind. We went back and said, “In order to protect the organization, we need to know the organization. In order to protect the individual, we need to understand communication patterns.” Really learn these communication habits and then look for anomalies.

Instead of chasing threats and things that are not, necessarily, known to us, we are looking for what trusted communication looks like. The sending IP is one of them for sure, but we can’t solely rely on that.

Sramana Mitra: Can you do a few use cases of these anomalies in an enterprise?

Eyal Benishti: Let’s say we email each other on a regular basis. At some point, the system will understand that there is a trusted relationship between you and I. There is a specific style and time of the day that we normally communicate. Someone can try and create an account under your name.

The system will be able to say, “We trust this person by name, but we don’t trust the other information.” We know what good looks like. It’s much easier for us to detect what bad looks like. In the old way of solving phishing, the solution will not spend too much time on who is sending the message but on what’s in the message. In the new way of thinking, the whole thing is getting a much bigger focus.

Sramana Mitra: I observe all the phishing attempts that I see coming through all the time. They use the names of people who are in my social network.

Eyal Benishti: The more sophisticated one comes from someone or something that you already know. We put ourselves out there with social media. It’s very easy to gather information.

Sramana Mitra: I find it quite interesting how they are able to find whom they can fake. For instance, I don’t think there is any place on the internet where I have a list of all my colleagues.

Eyal Benishti: LinkedIn. I can scrape LinkedIn. I can find an example of a few email addresses from your company. I can easily understand the pattern. It’s very easy.

This segment is part 1 in the series : Thought Leaders in Cyber Security: IRONSCALES CEO Eyal Benishti
1 2