MSSP, MSP, Email security, Generative AI, Endpoint/Device Security

Malwarebytes Adds Email Security With IRONSCALES’ AI-Based Tools

Cybersecurity firm Malwarebytes is expanding its ThreatDown endpoint protection portfolio by adding email security capabilities from IRONSCALES, which SMBs and MSPs use to protect against threats such as phishing and business email compromise (BEC).

IRONSCALES’ AI-powered capabilities – which include adaptive AI that combines technology with human intelligence and agentic AI for security operations centers (SOCs) – form the basis for Malwarebytes' new ThreatDown Email Security module, which is available now to all customers and will be released to MSPs and MSSPs in early August.

Adding email security to the lineup was an easy decision, according to Malwarebytes founder and CEO Marcin Kleczynski.

“Defending against phishing and other modern email threats is a huge pain point for IT resource-constrained organizations,” Kleczynski told MSSP Alert. “It was the number-one request from our customers and a natural fit for our platforms.”

Phishing and other email-based threats, which also include account takeover attacks, are growing in size, cost, and sophistication, he said. However, addressing the problem doesn’t mean piling on more security tools or adding more complexity to security management.

“Instead, organizations and the managed service providers that support them need streamlined solutions that expand attack surface protection while automating configuration, detection, and remediation, leveraging the tools they already own,” Kleczynski said. “That’s exactly what we’ve delivered.”

Email Security Still Top of Mind for Vendors

Email security continues to be a priority for established security vendors and startups alike. Most recently, Bitdefender said in June it is acquiring buying Mesh Security to bolster the email security capabilities in its managed detection and response (MDR) and extended detection and response (XDR) offerings.

Earlier last month, startup Trustifi announced a $25 million funding round to scale its email security portfolio.

Malwarebytes’ new module is integrated with its cloud-based security operations platform, Nebula, and OneView, its multi-tenant console for MSPs. Such integrations minimize the complexity of management for businesses, according to the Santa Clara, California-based company.

Phishing on the Rise

Such protections are needed. According to Hoxhunt, which offers a cybersecurity training platform, businesses are under siege from email threats. The vendor said that 64% of businesses faced BEC attacks last year, with financial losses averaging $150,000 for each incident.

About 80% of phishing campaigns try to steal credentials, with cloud-based services like Microsoft 365 and Google Workspace often targeted through realistic – but fake – login pages. In addition, about 80% of phishing websites include HTTPS to make them appear legitimate and to evade detection. There also are phishing campaigns using voice technology, QR codes, and multiple channels like Slack, Teams, and social media.

“Around 40% of phishing campaigns now extend beyond email, reflecting a shift to these channels,” Hoxhunt officials wrote.

The average cost of a phishing breach was $4.88 million last year, an all-time high, according to IBM.

Agentic AI Brings a New Layer to SOCs

According to IRONSCALES, a key to combating the rising phishing threat is agentic AI in SOCs. In a blog post earlier this year, Audian Paxson, principal technical strategist at the Atlanta, Georgia, company, wrote that while AI is improving SOC automation, most AI in cybersecurity is about assisting security teams rather than helping to drive decision-making, and bad actors are getting better at using ambiguity, social engineering, and AI-generated phishing emails to get past both humans and systems.

“A traditional AI model might flag the easy stuff, but what about a highly crafted and targeted CEO impersonation email?” Paxson wrote “What about a never-seen-before attack that doesn’t fit into some weighted scoring model? That’s where agentic AI changes everything. Instead of treating security as black and white, it brings nuance to decision-making. It assesses, prioritizes, and takes action without waiting for human intervention.”

Leveraging AI for Security

The AI-based threat detection, which uses machine learning, natural language processing, computer vision, and behavioral analysis, is one of the key benefits of Malwarebytes’ new email security module, according to the vendor.

The IRONSCALES-based capabilities also include instantly removing or quarantining malicious emails across all inboxes, even after they have been delivered, native API integration with Microsoft 365 and Google Workspace with agentless, four-click deployment, and streamlining operations by managing both email and endpoint protection in the ThreatDown console.

There is also a crowdsourced element to it, with the module improving detection by using data from more than 16,000 security teams around the world and human-in-the-loop feedback.

MSSPs, MSPs will Benefit

All of this will help the MSPs and MSSPs Malwarebytes works with, according to Kleczynski.

“In today’s fast-changing threat landscape, these partners are the frontline defenders, delivering essential security services to organizations with limited IT resources,” he said. “One of the most requested capabilities from this community has been email security, and it’s easy to see why. Their role in safeguarding vulnerable organizations makes this a top priority.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds