Are you getting ready for the upcoming Black Hat USA 2023 event, an internationally recognized cybersecurity event providing the most technical and relevant information security research, now in its 26th year.  The event is quickly approaching, taking place August 5-10, 2023, returning to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day program. 

Ahead of the show, VMblog received an exclusive interview with Eyal Benishti, CEO of IRONSCALES, a leading enterprise cloud email security platform protecting more than 10,000 global organizations worldwide.  Read why you'll want to make sure they get on your MUST SEE list.

 

VMblog:  Before we get into it, can you give us a quick overview of the company?  What should folks know?

Eyal Benishti:  IRONSCALES is the leading cloud email security platform for the enterprise and the industry's only solution that uses AI and human insights (HI) to stop advanced phishing. Headquartered in Atlanta, Georgia, IRONSCALES currently serves over 10,000 enterprise customers worldwide, and has been recognized by Deloitte and Inc. as one of the fastest growing private technology companies in the world.

At the heart of our solution is Themis, the industry's first AI-powered security analyst, which uses machine learning to automatically detect and remediate phishing incidents. We then reinforce our cutting-edge AI with countless human insights collected from every mailbox user and 20,000+ security analysts across the IRONSCALES network of global admins in a continuous reinforcement learning from human feedback (RLHF) cycle. This massive dataset of human intelligence is used to stop breaches in real time. Only IRONSCALES brings this continuous feedback loop of AI and human insights together into the most powerful integrated cloud email security (ICES) solution on the market.

VMblog:  You are sponsoring the upcoming Black Hat USA event.  How can attendees find you at the show?  Does your booth have a theme?  How many folks are you sending?

Benishti:  IRONSCALES is exhibiting at Black Hat in booth #2801D, in Bayside Hall A-D. We are also sponsoring a happy hour on Tuesday, August 8 in the Skyfall Delano Hotel Lounge (on the top floor) from 5:30-8:00 pm. We will have 9 IRONSCALES representatives at the event, and we'll be giving attendees a first ever look at our all-new Themis AI co-pilot for Outlook.

VMblog:  Is this your first time sponsoring Black Hat?  If not, how many times have you sponsored before?  And, what keeps you coming back?

Benishti:  This is IRONSCALES' first time sponsoring Black Hat and we couldn't be more excited. Our decision to sponsor Black Hat stems from our commitment to fostering innovation, collaboration, and security within the wider technology community.

Black Hat has established itself as a premier event that brings together top cybersecurity professionals, researchers, and industry experts from around the world. It provides a unique opportunity to share knowledge, discuss emerging threats, and showcase cutting-edge solutions that can enhance the security landscape. By sponsoring Black Hat, we aim to demonstrate our dedication to supporting the cybersecurity community and promoting the exchange of ideas that can drive meaningful advancements in the field.

VMblog:  What is your message to Black Hat attendees coming out to the show this year?

Benishti:  The rate of business email compromise (BEC) and other advanced phishing attacks are climbing exponentially. A recent report from Osterman Research revealed that large organizations are expecting a 43% increase in BEC attacks over the next 12 months. These advanced phishing attacks, which leverage vulnerabilities in traditional defenses like Secure Email Gateways (SEGs), cost American businesses a staggering $2.7 billion in 2022 alone, according to the Federal Bureau of Investigation. And all signs suggest that this price tag is only going to climb in the months and years ahead. At the same time, the human element is still a major component of the vast majority of attacks. In fact, Verizon's latest Data Breach Investigations Report (DBIR) found that 74% of breaches involved a human element.

To effectively combat these rising threats, IRONSCALES is revolutionizing the email security industry by using adaptive AI to empower security defenses and humans to address the entirety of the phishing problem. IRONSCALES recently launched Themis Co-pilot, the first in a suite of generative AI apps, designed to empower humans to be a critical cybersecurity defense and to bolster technology defenses against the most sophisticated attacks that are bypassing SEGs. Built on top of PhishLLM, IRONSCALES proprietary large language model, these ground-breaking capabilities will allow enterprises to become more cyber resilient by enabling end-users, regardless of role, skill, or level, to detect sophisticated attacks.

VMblog:  The show is focused on cybersecurity.  What specific problems is your company and technology addressing?

Benishti:  Email is still the most common attack vector for phishing, and a single phishing attack can cost a company an average of $120,000, according to the FBI Crime Report. If a phishing attack is caught, it still takes considerable time and effort to remediate it. In a 2022 Osterman study, IT and security teams spend more than 33% of their week dealing with phishing attacks.

Even with all of this effort, it can still be challenging to get everyone in the organization on the same page when it comes to cybersecurity. Employee training programs, for example, only work about a third of the time, according to an IBM study. Phishing attacks will only intensify moving forward; the volume, velocity, and variety will be harder for traditional security solutions to catch.

Many solutions on the market are good at identifying and removing known threats and content like spam and malware. But these solutions only provide one layer of defense and cannot defend against social engineering attacks like BEC, ATO, and VIP impersonation. We believe the only way to combat advanced phishing attacks is to utilize an email security solution that combines AI with the power of human insights - PST, SAT, and community threat hunting to defend against sophisticated attacks.

VMblog:  What are some of the key takeaways of your solution that Black Hat attendees should be aware of?

Benishti:  IRONSCALES developed the industry's first AI-powered security analyst, Themis, the industry's first AI-powered security analyst, which uses machine learning to automatically detect and remediate phishing incidents. We then reinforce our cutting-edge AI with countless human insights collected from every mailbox user and 20,000+ security analysts across the IRONSCALES network of global admins in a continuous reinforcement learning from human feedback (RLHF) cycle. This massive dataset of human intelligence is used to stop breaches in real time. Only IRONSCALES brings this continuous feedback loop of AI and human insights together into the most powerful integrated cloud email security (ICES) solution on the market.

IRONSCALES has pioneered the use of artificial intelligence in email security to detect and remediate sophisticated phishing attempts. With the introduction of Themis Co-pilot, we're delivering the next innovation that will help end users, of any skill level, improve their ability to stop attacks without adding additional cost or complexity to the organization. Our unique approach of combining AI and human insights is transforming email security. We believe our continuous feedback loop between our AI, human insights, and SAT capabilities is the most comprehensive approach to email security and remains unmatched by other vendors in the industry.

VMblog:  The market is a crowded space.  What is it about your company and technology that sets you apart from the competition?  What are your differentiators?

Benishti:  IRONSCALES is the leading cloud email security platform for the enterprise and the industry's only solution that uses AI and human insights (HI) to stop advanced phishing.

Unlike static AI email security providers, the IRONSCALES platform harnesses the power of both self-learning and adaptive AI/ML to continuously improve its performance to enable you to:

• Leverage adaptive, self-learning AI language models to automatically remediate advanced and emerging email threats
• Analyze behavior to establish baselines, create social graphs, and identify anomalies and threats
• Discover and analyze identity and inbox data for informed decision-making
• Continuously analysis of email content, payloads, and intent
  

Unlike other AI-only solutions, the IRONSCALES  platform keeps you in the loop and empowers you to challenge AI outcomes, to help you:

• Close the skill gap by launching relevant phishing training and testing to users based on risk level, department, compliance needs, results of phishing simulation test and more to create a security aware culture
• Alert employees of potential threats with dynamic, straightforward email banners
• Enrich the ML model with human insights to strengthen personalized AI protection

Customers are at the heart of the IRONSCALES ethos. IRONSCALES boasts an industry-leading NPS score of 60, a ‘likelihood to recommend' score of 95% with Software Reviews, and ranks 4.9 and higher on G2 and Gartner Peer insights by our 10,000+ global customers.

VMblog:  Is your company launching anything new at the show?  Can you give us a sneak peek?

Benishti:  We recently announced the launch of generative AI capabilities for email security through our GPT-powered chat assistant, Themis for Outlook, and Black Hat attendees will be first to see it live. Additionally, we will be announcing the next development in the IRONSCALES suites of generative AI apps for email security with GenAI for end user phishing simulation training.

VMblog:  What are some of the top priorities you believe attendees at Black Hat should be considering for 2023/2024?

Benishti:  

• In today's rapidly evolving digital landscape, organizations face an increasing number of cyber threats and security challenges. One approach to bolstering overall security posture is through the consolidation of security tools. Consolidation offers organizations enhanced visibility, simplified management, improved efficiency, and resource optimization. It strengthens threat detection and response capabilities, facilitates compliance and risk management, and provides a future-proof foundation for scalability. Organizations can achieve a more efficient and effective security posture without compromising effectiveness. Consolidation enables centralized monitoring, quicker incident response, and comprehensive reporting, ultimately empowering organizations to proactively protect their digital assets while optimizing resources and staying ahead of evolving threats.

• Organizations should consider replacing or augmenting their secure email gateways (SEGs) to strengthen their defense against advanced email threats like phishing, spear-phishing, and business email compromise (BEC) attacks. While SEGs offer basic protection against spam and malware, they often fail to address evolving cybercriminal tactics that bypass traditional methods. To effectively combat these threats, organizations should adopt a multi-layered security approach. This approach enables real-time threat detection to mitigate the risks of targeted email attacks. Moving beyond SEGs enhances email security posture, proactive defense, and protection of sensitive information and digital assets.

• It is high time for organizations to recognize the value of leveraging humans as a security asset rather than perceiving them solely as a security vulnerability. Traditionally, humans have been regarded as the weakest link in the cybersecurity chain due to the potential for human error, susceptibility to social engineering, and lack of awareness. However, this perspective overlooks the inherent strengths humans possess, such as intuition, critical thinking, and adaptability. By empowering individuals through comprehensive security awareness training, organizations can transform them into an active line of defense against cyber threats. Cultivating a culture of security, where employees are encouraged to be vigilant, report suspicious activities, and follow best practices, can significantly bolster an organization's security posture.

VMblog:  What are some of the security best practices you would deem critical?

Benishti:  

1. Implement a Layered Defense System: A layered approach to email security is considered the best protection for organizations due to its effectiveness in addressing multiple attack vectors and providing comprehensive defense against email-based threats. By combining multiple security layers and integrating end-user awareness training, organizations can significantly enhance their protection, reduce the risk of successful attacks, and safeguard sensitive information and systems.
2. Enforce Strong Password Policies: Enforce the use of strong, unique passwords and consider implementing multi-factor authentication (MFA) to prevent unauthorized access.
3. Conduct Regular Employee Education and Awareness: Educate employees about security best practices, such as recognizing phishing attempts and avoiding suspicious email attachments or links.
4. Create Data Backup and Recovery Policy: Regularly back up critical data and ensure backups are stored securely to protect against data loss due to ransomware attacks or hardware failures.

Implementing these practices as part of a comprehensive security strategy can significantly enhance an organization's security posture and protect against a wide range of cyber threats.

VMblog:  If you were presenting on the keynote stage, what trends do you see that companies should be paying special attention to in 2023 and beyond?

Benishti:  I think it would be hard to focus on anything other than generative AI, which is changing the technological landscape in countless ways, both good and bad. Among the bad are the ways in which generative AI is putting the phishing landscape into overdrive. By allowing for the faster creation of more sophisticated and varied attacks, consumer-facing generative AI is making it increasingly difficult for organizations to stay safe. Companies should be looking for technologies and solutions that are leveraging the power of generative AI to stop the attacks and stay a step ahead of the bad actors. Companies who aren't using AI will quickly fall behind.

VMblog:  Is your company giving away any interesting tchotchke at your booth?  What is it?

Benishti:  IRONSCALES will be featuring a big giveaway in the booth, as well as a reusable bag to house all of the great show tchotchkes provided by the show exhibitors.

VMblog:  Is your company involved in any parties during the event?

Benishti:  IRONSCALES is sponsoring a happy hour on Tuesday, August 8 in the Skyfall Delano Hotel Lounge (on the top floor) from 5:30-8:00 pm. We invite you to stop by and enjoy!

VMblog:  As a show sponsor, do you have any tips for attendees to better prepare for the conference?

Benishti:  Here IRONSCALES' recommendations for making the most of your Black Hat experience:

1. Strategize for Success: Set specific objectives for what you want to learn, achieve, or network during the conference.
2. Maximize Learning Opportunities: Actively participate in sessions by listening attentively, taking notes, and engaging in Q&A sessions, and network with fellow attendees to exchange ideas and broaden your professional network.
3. Engage with Industry Leaders: Explore the sponsor and vendor exhibition areas to discover new products, services, and industry innovations.
4. Amplify Insights: Prepare a summary or report highlighting the most valuable insights, new knowledge, and actionable ideas acquired during the conference, and discuss ways to implement the learnings within your organization, potentially initiating new projects or strategies based on the conference insights.

Remember, the key to making the most of a conference is being proactive, engaged, and open to new opportunities. Enjoy the experience, network with peers, and leverage the knowledge gained to enhance your professional growth.

##