Syncro + IRONSCALES: AI Email Security for MSPs

Welcome and Syncro Partnership Overview

Andy Cormier: Welcome everybody to our joint webinar with IRONSCALES. My name’s Andy Cormier, and I’m the Channel Chief here at Syncro. Today I’m joined by Eddie Phillips, Global Director of MSP Strategy and Enablement at IRONSCALES. We’re going to go over all things IRONSCALES.

Andy Cormier: We’ve been working with IRONSCALES since early last year trying to bring them into our marketplace, and I’m super excited we’re finally able to get this done. One of the things that attracted us to IRONSCALES in the first place was the simplicity of their approach. Email security in the past has been really cumbersome to deploy, and even more difficult to configure to the point where you’re actually getting value out of what you’re paying for. With IRONSCALES, you can blanket a customer with end-to-end security in minutes.

Andy Cormier: One of my favorite aspects of IRONSCALES is that they’re more than willing to put their money where their mouth is. Because this is exclusively an API-first approach, you can actually sit IRONSCALES right on top of any existing email security solution in a passive mode to see exactly what they’d be catching that your current provider isn’t.

Andy Cormier: Pricing is detailed in the IRONSCALES app card in the App Center of your Syncro instance. We don’t mention pricing publicly on webinars by design, but that’s all available to you there, along with account provisioning. On trials: every time a new customer is added under your IRONSCALES tenant, you can put them into a trial or right into production. That option is always available, even if you’ve been using IRONSCALES successfully for years. No license minimums, no time-based commitments. You pay for exactly what you consume.

Andy Cormier: IRONSCALES is fully compatible with our Universal Billing Framework. Map your Syncro customers to your IRONSCALES customers and we pull all your usage data automatically into Syncro every day. Those counts flow into your recurring invoices and adjust automatically as license counts change, so you never have to manually enter that data again. If you’re an existing IRONSCALES customer and want to migrate to Syncro to get access to Universal Billing, email ironscales@synchromsp.com and we can get that process started.

Eddie Phillips Introduction: Former MSP CEO Background

Eddie Phillips: Thanks for joining, I love the turnout. I want to frame this webinar from the perspective of a former MSP CEO. Before I joined the vendor side, I owned an MSP for 14 years and sold it in 2022. In 2014, something significant happened to me. One of our biggest clients, the world’s largest winter clothing manufacturer, got hit by ransomware while preparing their online and print catalog. 14 terabytes of data. A staff member had fallen for a phishing email, a fake invoice attack.

Eddie Phillips: As an MSP, you have one job: keep your client’s data available to the people who are supposed to have access. That’s it. Everything we do as MSPs circles around that one deliverable. Since 2014, it’s only gotten more complex. More phishing campaigns, more account takeovers, more credential theft, faster lateral movement. And it’s going to get even more complex as deepfakes and social engineering evolve.

Eddie Phillips: When I decided to join IRONSCALES, I had to do a serious evaluation. Would my MSP use this product? Can I confidently recommend it? IRONSCALES delivers protection from these threats in two main ways: adaptive AI email security, and security awareness training with phishing simulation.

Why Legacy Email Gateways Are No Longer Enough

Eddie Phillips: Legacy email gateways leaned on static policies, rules, whitelists, and blocklists. Today you can’t get away with that, because attacks are so dynamic. Business email compromise, vendor impersonation attacks, these legacy items just aren’t cutting it. My MSP was a Mimecast partner, and in its day it was cutting edge, but as things evolved, we needed a better, easier way to do email security.

Eddie Phillips: When legacy gateways changed your MX records and required you to stage email on their servers, you opened up the risk of breaking email flow. Then we got API plugins, and some started using AI, although most of it is still static, looking at malicious links or attachments but not the contextual, adaptive AI that IRONSCALES has developed. IRONSCALES has been using AI and machine learning since 2015. Before AI was cool, we were the hipsters of AI.

Eddie Phillips: IRONSCALES has three layers of defense. The first is adaptive AI: the platform learns the type of relationship between any two people in your email ecosystem. What’s a normal conversation between Andy and me? If Andy suddenly starts asking me for gift cards, IRONSCALES flags it. The second layer is the world’s largest crowdsourced threat intelligence, where real-time feedback from all IRONSCALES partners feeds the AI continuously, which is what makes it outstanding at stopping zero-day phishing attacks. The third layer integrates security awareness training, with user risk scores feeding back into the AI.

Feature 1: The 90-Day Scanback

Eddie Phillips: My top favorite feature: the ROI writes itself. When you install IRONSCALES, even on a trial, the 90-day scanback runs automatically. Within about 48 to 72 hours, we look back three months and show you what would have happened if IRONSCALES had been installed. A lot of vendors use what I call the Trust Me Bro framework: kick their software around for 14 days and trust it’ll work. We show you three months of actual evidence based on email that already exists in your client’s environment.

Eddie Phillips: Here’s how MSPs are using it as a sales tool. Install the trial, run the 90-day scanback, present the results to a prospect within 72 hours. Some partners are offering a free or paid email security assessment: they reach out, offer to run an email security assessment showing where the customer currently stands, install IRONSCALES in silent mode, and present that report. It’s compelling because every threat in that report is an active, live email currently sitting in the user’s inbox. It’s not theoretical. These emails made it through Microsoft, through Google, through whatever gateway they already have in place.

Andy Cormier: To double down on that: MSPs often struggle to differentiate when going after a new bid. Being able to show a prospect not just ‘we’ll protect all your stuff’ but ‘here is everything that would have been caught, from email that already got through, in your actual environment,’ is a huge win. It doesn’t cost anything. This is the best tool I know of when it comes to landing a new customer or expanding into an existing customer that doesn’t have email security.

Feature 2: Three-Click API Deployment

Eddie Phillips: My number two favorite feature: it’s so easy to implement. We’re not changing MX records. There are no complex, risky DNS changes. We’re not breaking email flow. It is a three-click API change integration with Microsoft or Google Workspace. That’s it.

Eddie Phillips: The last thing you want to do is break a new potential customer’s environment during deployment. Legacy gateways required you to route all email through external servers, and anything that goes wrong there creates real downtime risk. We just make it easy.

Andy Cormier: The first time I tried to deploy a legacy SEG, I was testing it on our own email tenant, and I accidentally routed the MX records wrong and took our email down for three hours. With IRONSCALES it’s: put in your credentials, you’re done. That legacy model is just that at this point.

Feature 3: One-Click Threat Remediation

Eddie Phillips: My number three: fast remediation. The old way: a user forwards a suspicious email to your help desk, it creates a ticket, you do a thread analysis, figure out if it’s phishing, then you have to do a message trace to find out who else in the organization got it. By the time you communicate to end users not to open it, you’re racing the clock. That whole process takes about 30 minutes and increases risk throughout.

Eddie Phillips: With IRONSCALES: auto-clustering groups emails that share around 80% in common, so one incident covers all similar emails. Users report via the in-client report phishing button. The AI re-evaluates. If confirmed phishing, you can reach out and remove the email from every affected inbox across the entire organization in one click, without a message trace, without manually tracking down all recipients, without worrying about whether the attacker changed the domain or wording slightly. Static rules fall apart on that, we learn it on the fly and apply it across all your customers.

Additional Features Overview

Eddie Phillips: Beyond those three core differentiators, IRONSCALES also includes advanced account takeover detection; unified quarantine with Microsoft Quarantine; autonomous SAT campaigns where the AI generates and sends security awareness training on a recurring schedule; new hire simulation automation that triggers automatically when a new hire is added without manual configuration; DMARC Management; and DMARC Pro launched this month. Coming in Q2: encryption and deepfake protection.

SAT Campaigns Demo

Andy Cormier: Can you drill into the SAT campaigns specifically? We get a lot of questions about how easy they are to set up, especially around current-event-based phishing like Super Bowl season campaigns.

Eddie Phillips: In the simulation and training console, you come in and schedule training. The autonomous campaigns are the best feature: set them up once to run every month, and the AI generates new content each time so you’re not spending cycles every month or year creating something new.

Eddie Phillips: You can also build your own simulations. Choose your tenant, name the campaign, choose participants, set your schedule and start and end dates, configure reporting to managers for incomplete training. Then you get to select and modify templates. One standout feature: if IRONSCALES catches a really clever phishing email in the wild, you can go into the incident, click Create Template, and it dumps that email into your templates library, de-weaponized with links and attachments removed. You can then use that actual threat as a phishing simulation template for your users. That’s how you keep training relevant.

Eddie Phillips: Training materials range from short snippet training to longer security awareness courses. You can also upload your own. The platform tracks risk levels per mailbox so you can identify high-risk users who need extra attention. And those same risk scores feed back into the AI: users who are very good at spotting and reporting phishing get weighted more heavily in the AI’s incident evaluation, so their reports carry more weight when determining whether something gets flagged as a real threat.

Andy Cormier: So if Bob clicks every phishing simulation we ever send him, and then Bob starts reporting things, the AI is going to treat Bob’s reports with a bit of skepticism. That’s very cool.

Eddie Phillips: Exactly. If they keep falling for phishing, they stay at beginner risk level, and incident thresholds for their reports reflect that accordingly.

DMARC Pro Demo

Eddie Phillips: DMARC Pro launched this month. The console is available from a button at the top of the IRONSCALES console. There’s no charge for the console itself, which includes a free domain analyzer tool and a power toolbox similar to MX Toolbox.

Eddie Phillips: Where it gets powerful: instead of managing DMARC through cryptic XML files, IRONSCALES provides a visual interface for everything. You go through a wizard to set up a domain, which does require one DNS record change. But once that’s done, IRONSCALES hosts your SPF records, meaning you can flatten all your SPF records and manage them directly in the platform without ever logging into your DNS host again.

Eddie Phillips: IRONSCALES includes a DNS wizard that detects your DNS hosting provider, prompts for credentials, and makes that initial DNS change on your behalf. After that, adding a new email-sending service like MailChimp is just: find MailChimp in the list, click it, modify, save. No DNS login required. Hosted DMARC lets you set policy to do nothing, quarantine, or reject, all in one click. The Sending Sources view color-codes all sources sending from your domain so you can immediately see approved senders in green and anything suspicious or unauthorized in red or orange, without digging through XML. DMARC is priced per domain.

Q&A

Andy Cormier: Do you suggest running IRONSCALES alongside Barracuda or similar, or is it enough to run alone?

Eddie Phillips: Run us alone. Save your money, save the configuration complexity. If you’re going to embrace AI, there’s a paradigm shift: leave the legacy SEGs in the past. The longer IRONSCALES is in place, the more it learns, and the less you have to do. This is where AI is going to take real cycles off MSPs: you can stop going into your console to release emails and create policies.

Andy Cormier: How does IRONSCALES compare to Avanan, specifically on false positives?

Eddie Phillips: Avanan has pivoted to API-level integration and added some AI, but where a lot of competitors fall short is real-time, zero-day email threat context and feeding the AI based on what’s happening right now. For example, if a partner in Australia reports a phishing email at the start of their morning, the AI processes it, and it rips that threat out of your users’ inboxes before they even wake up in the US. That ability to feed the machine in real time using crowdsourced intelligence is where IRONSCALES is outstanding.

Andy Cormier: Can IRONSCALES stop a bad email before it hits the mailbox, or is it delivered and then removed?

Eddie Phillips: Scanning is on delivery and post-delivery. Because we’ve got the algorithms dialed in and we’re looking strictly at the algorithmic output of emails, we identify threats extremely fast. It is not purely pre-delivery blocking, but the speed of detection and the auto-remediation make the distinction largely irrelevant in practice.

Andy Cormier: How does IRONSCALES see mail without changing MX records?

Eddie Phillips: It plugs in at the mailbox level inside the Microsoft or Google Workspace ecosystem using the Graph API. That’s why there are no MX record changes and no email routing risks.

Andy Cormier: Is the DMARC add-on priced for the whole tenant or per domain?

Eddie Phillips: Per domain.

Andy Cormier: Is IRONSCALES pricing month-to-month?

Andy Cormier: Yes, 100% month-to-month. No minimums. If you need to increment up or down because you added or lost a customer, you pay exactly what you use in any given month.

Andy Cormier: Does IRONSCALES protect all of M365, like Teams, OneDrive, SharePoint?

Andy Cormier: IRONSCALES covers email specifically. Teams protection is included in the Complete Protect tier. OneDrive and SharePoint coverage are not part of the IRONSCALES scope. For M365 Cloud Backup covering OneDrive, SharePoint, and Teams data, Syncro has its own native backup solution available in the App Center.

Andy Cormier: Final notes: Existing Syncro customers, provision your IRONSCALES account directly in the App Center. Non-Syncro customers, links for a demo or free trial were shared in the chat. Any follow-up questions, email andy@syncrosecure.com. The webinar will be recorded and shared with all attendees.