What features should an ICES solution have? Here are some tips to consider before selecting an ICES solution for your business.
Quality and Fidelity of Training Data For ML/AI
Since targeted email attacks don’t have any single “red flag” to raise suspicion, the technology to guard against them should consider as many data points as possible for maximum efficiency.
Many ICES solutions claim to be ML/AI (machine learning/artificial intelligence) based, but without a sufficient customer base their solution is largely irrelevant. Armorblox has56,000 customersand a set of models that learns from global attacks.
Our alliances with Intermediaand Fidelityalso give unique threat data encompassing small/medium businesses, financial advisors and brokerage firms.
ICES solutions can have visibility over external and internal email traffic. Therefore, they should be able to provide communication and workflow insights to your business’ security team.
Relevant insights could include:
“Did this employee reply to a suspicious email or forward it to someone else in the company?”
“Who does this vendor commonly interact with in our organization?”
“Who else in my organization got this suspicious email that one person reported to the phishing mailbox?”
Ease of Use
Apart from deploying over APIs, ICES solutions should also not require a heavy lift in day-to-day operations. Armorblox connects over APIs in minutes without any MX modification or email rerouting. Prebuilt policies eliminate the need for manual creation and maintenance or rules.
Armorblox has out-of-the-box policies, automated remediation actions, and threat insights that surface the right info at the right time for security administrators.
Integrations With Other Downstream Security Solutions
Security teams have many tools they need to monitor. ICES solutions that can integrate with other tools like Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) will save time for security professionals.
Armorblox currently has integrations with Splunk and Microsoft Sentinel, with Cortex XSOAR in the near future.
A Vision Beyond Email
While email is the bedrock of communications, employees also use messaging, collaboration, file-sharing, and video to communicate. Since an ICES solution is API-based, it should aim to go beyond email and secure communications across channels.
Check out our Definitive Guide to Cloud Office Security
Armorblox connects to email providers over APIs to understand the context of communications and protect people and data from compromise. Tens of thousands of organizations use Armorblox to stop BEC and targeted phishing attacks, protect sensitive PII and PCI, and reduce triage and response times for user-reported email threats.