Cybersecurity firm
Malwarebytes is expanding its
ThreatDown endpoint protection portfolio by adding email security capabilities from IRONSCALES, which SMBs and MSPs use to protect against threats such as phishing and
business email compromise (BEC).
IRONSCALES’ AI-powered capabilities – which include adaptive AI that combines technology with human intelligence and
agentic AI for security operations centers (SOCs) – form the basis for Malwarebytes' new ThreatDown Email Security module, which is available now to all customers and will be released to MSPs and MSSPs in early August.
Adding email security to the lineup was an easy decision, according to
Malwarebytes founder and CEO Marcin Kleczynski.“Defending against phishing and other modern email threats is a huge pain point for IT resource-constrained organizations,” Kleczynski told MSSP Alert. “It was the number-one request from our customers and a natural fit for our platforms.”
Phishing and other email-based threats, which also include account takeover attacks, are growing in size, cost, and sophistication, he said. However, addressing the problem doesn’t mean piling on more security tools or adding more complexity to security management.
“Instead, organizations and the managed service providers that support them need streamlined solutions that expand attack surface protection while automating configuration, detection, and remediation, leveraging the tools they already own,” Kleczynski said. “That’s exactly what we’ve delivered.”
Email Security Still Top of Mind for Vendors
Email security continues to be a priority for established security vendors and startups alike. Most recently, Bitdefender said in June it is acquiring
buying Mesh Security to bolster the email security capabilities in its managed detection and response (MDR) and extended detection and response (XDR) offerings.
Earlier last month, startup Trustifi announced a
$25 million funding round to scale its email security portfolio.
Malwarebytes’ new module is integrated with its cloud-based security operations platform, Nebula, and OneView, its multi-tenant console for MSPs. Such integrations minimize the complexity of management for businesses, according to the Santa Clara, California-based company.
Phishing on the Rise
Such protections are needed. According to
Hoxhunt, which offers a cybersecurity training platform, businesses are under siege from email threats. The vendor said that
64% of businesses faced BEC attacks last year, with financial losses averaging $150,000 for each incident.
About 80% of phishing campaigns try to steal credentials, with cloud-based services like Microsoft 365 and Google Workspace often targeted through realistic – but fake – login pages. In addition, about 80% of phishing websites include HTTPS to make them appear legitimate and to evade detection. There also are phishing campaigns using voice technology, QR codes, and multiple channels like Slack, Teams, and social media.
“Around 40% of phishing campaigns now extend beyond email, reflecting a shift to these channels,” Hoxhunt officials wrote.
The average cost of a phishing breach was
$4.88 million last year, an all-time high, according to IBM.
Agentic AI Brings a New Layer to SOCs
According to IRONSCALES, a key to combating the rising phishing threat is agentic AI in SOCs. In a
blog post earlier this year, Audian Paxson, principal technical strategist at the Atlanta, Georgia, company, wrote that while AI is improving SOC automation, most AI in cybersecurity is about assisting security teams rather than helping to drive decision-making, and bad actors are getting better at using ambiguity, social engineering, and AI-generated phishing emails to get past both humans and systems.
“A traditional AI model might flag the easy stuff, but what about a highly crafted and targeted CEO impersonation email?” Paxson wrote “What about a never-seen-before attack that doesn’t fit into some weighted scoring model? That’s where agentic AI changes everything. Instead of treating security as black and white, it brings nuance to decision-making. It assesses, prioritizes, and takes action without waiting for human intervention.”
Leveraging AI for Security
The AI-based threat detection, which uses machine learning, natural language processing, computer vision, and behavioral analysis, is one of the key benefits of Malwarebytes’ new email security module, according to the vendor.
The IRONSCALES-based capabilities also include instantly removing or quarantining malicious emails across all inboxes, even after they have been delivered, native API integration with Microsoft 365 and Google Workspace with agentless, four-click deployment, and streamlining operations by managing both email and endpoint protection in the ThreatDown console.
There is also a crowdsourced element to it, with the module improving detection by using data from more than 16,000 security teams around the world and human-in-the-loop feedback.
MSSPs, MSPs will Benefit
All of this will help the MSPs and MSSPs Malwarebytes works with, according to Kleczynski.
“In today’s fast-changing threat landscape, these partners are the frontline defenders, delivering essential security services to organizations with limited IT resources,” he said. “One of the most requested capabilities from this community has been email security, and it’s easy to see why. Their role in safeguarding vulnerable organizations makes this a top priority.”