fbpx Skip to main content

Managed Email Security

PhishIQ

phishIQ is our managed email security solution, combining staff training, cyber threat intelligence, and support to help your staff make informed decisions about cyber security.

We will help train your staff to recognise phishing and social engineering attacks using a combination of simulated phishing campaigns, infographics, video series and games that reinforce good security practice whilst being fun and engaging.

Find Out MoreFind Out More
CSIQ-Managed-Cyber-Security-header-v2
csiq-background-breaking-squares-3
CSIQ-Phishing-Computer-Screen

Why use PhishIQ?

Phishing and impersonation attacks continue to be the most prominent form of attack on business security. Four out of every ten organisations in the United Kingdom reported a cybersecurity breach in the last year, so having a fully protected business network is essential when protecting your data.

Our Threat Intelligence solutions integrate with the platforms you already use, including Proofpoint, Mimecast, Microsoft 365, On-Premise Exchange Servers and G-Suite. We will analyse every email for malicious indicators and make sure your staff are fully educated on what to avoid, all while taking the administrative burden away from your IT department by managing the platforms.

Find Out MoreFind Out More

Who is it for?

Phishing and impersonation attacks are growing in frequency and sophistication. So we have designed phishIQ for businesses of every size.

We integrate with well-known platforms such as Microsoft 365, On-premises Exchange and G-Suite to proactively protect your employees from malicious attacks delivered by email.

Get In TouchGet In Touch
csiq-square-with-circuit-cut-out
CSIQ-phishing-and-impersonation-attacks

Cyber Security Simplified

Our services are built to be cost-effective while maximising risk reduction. All consultancy and managed solutions provide actionable results that protect your business from opportunistic to advanced persistent threats.

82

of businesses say that cyber security is a high priority for their directors or senior managers

27

of all businesses impacted by a breach reported they were the victim of an impersonation attack

29

of businesses have tested their staff's response with phishing exercises

What are the benefits?

Every email displays security indicators

Empower users to make informed decisions

Defence-in-depth and Zero Trust by design

Scale up or down as needed

No minimum user requirements

Tailored Security Awareness Programme

Supported by CSIQ’s SOC and Threat Hunting Team

Meet Cyber Insurance Requirements for End User training

Harmonises with Microsoft Defender for Office 365

Compatible with G-Suite and On-premise Exchange

Features of PhishIQ

PhishIQ

The SOC team continually monitors user accounts for indicators of compromise, analyse reported phishing emails, ensures that systems work correctly, and adheres to security best practices.

All platform change requests are conducted with ITIL change management, ensuring that changes and completed with the proper authority and implemented securely with sign off by a technical specialist.

Emails reported as suspicious are analysed by our threat hunting team to determine factors such as the level of sophistication in techniques used and the determination of the threat actor. In a Targeted or Advanced Persistent Threat event, the phishIQ threat hunting team will produce a report and offer recommendations to limit user vulnerability.

If a suspected compromise is discovered, an Incident Responder will perform an initial triage of the incident to determine a timeline of events and provide recommendations on a response strategy.

*All user accounts must be protected with Multi-Factor authentication to be eligible for Incident Response Triage.

Monthly reports are provided detailing training progress, individual staff risk scores, a summary of events and security recommendations identified from phishIQ Insight.

All consultancy and managed services come with access to our Risk Management Portal. All risk types including technical, human, residual and inherent, are allocated a score, allowing for a strategic approach to risk reduction.

Every email is checked for threat metrics, including:

  • If the sender has previously messaged the user before
  • If the sender's name is often associated with another address
  • If the sender's name is similar to someone in your organisation
  • If the sending address is similar to your own organisation
  • If the sender's FROM address matches the reply address
  • If suspicious links were found in the email
  • If the sending organisation is missing security measures and can be impersonated
  • If non-english characters were found in the message
  • If non-english (similar looking) characters were used in the sending address
  • If the sending address is imitating a well-known website
  • If the sender is using phrases commonly used in phishing attacks
  • If the sending email domain has recently been registered

When a new user starts in your organisation, we will ensure that they are set up with phishIQ and receive their initial training.

With phishIQ, you will have access to our Cyber Intelligence services, including monitoring for email health, credential leaks and chatter relating to your users on the Dark Web.

We provide tailored training to increase technical and general awareness of cyber threats such as phishing, ransomware and social engineering. All training is aligned with business goals and designed to be time effective, and we only train staff on what they need to know.

Train users to spot the latest phishing attacks using benign samples that track users who read, reply, click links, open attachments, and supply credentials. Our adaptive training tracks users via a risk score, those who are susceptible to phishing receive additional tailored training.

Use our Platform to distribute company policies to employees and contractors, track acknowledgement and the time spent reading them.

We continuously monitor the company's SPF, DMARC and DKIM records to ensure your organisation is always protected from impersonation attacks while processing the DMARC reports providing Insight on attackers attempting to impersonate staff to attack your customers.

Benefits

  • No minimum user requirements
  • No minimum term contracts
  • Seamlessly integrated with Microsoft 365 and G-Suite
  • Harmonises with Microsoft Defender for Office 365
  • Compatible with G-Suite & On-premise Exchange
  • Every email displays security indicators
  • Empower users to make informed decisions
  • Tailored Security Awareness Programme
  • Defence-in-depth & Zero Trust by design
  • Supported by CSIQ’s SOC & Threat Hunting Team

PhishIQ + Platform

Designed to work in combination with Microsoft 365, G-Suite or On-premise Exchange

With phishIQ + Platform, CSIQ's SOC team will manage each security feature and ensure the Platform is operating smoothly.

Using a combination of Reputation-based email filtering, whitelisting, blacklisting and Bayesian content analysis, we filter the majority of all spam. If a spam email does get through, users report it to the SOC team to ensure it is blocked for everyone.

All attachments are run within a sandbox environment to ensure they are safe to run before being delivered to the user. Malicious content will be quarantined, and the user will be informed. Users can contact our SOC team for further advice.

In the event that Microsoft 365, G-Suite or on-premise Exchange technical issues, emails will be queued and accessible within the emergency inbox allowing the business to continue operating with minimal disruption. Once services are restored, all emails are replicated back to the mailbox.

Ensure sensitive information cannot be read by anyone but the recipient by encrypting the email with end-to-end encryption. The recipient will be notified of the encrypted email waiting for them and invite them to login to the Platform to access it. Encrypted emails can be automatically purged after a defined period.

All URL's are rewritten in the email message body and logged centrally, links to websites and files are scanned to protect users from accessing malicious content.

Email digests are sent to the users periodically, summarising all emails identified as spam, allowing users to release and manage personal white / blacklists.

Filter inbound and outbound emails based on conditions, including sender and recipient address, email size, source country, subject, email headers, message types and keywords.

Prevent accidental or malicious data loss. Emails containing key phrases such as UK National Insurance and patient numbers, Taxpayer references, driving license numbers, health and financial identifiers can be quarantined and marked for review to ensure that sensitive information does not leave the organisation through email.

Benefits

phishIQ + Platform additionally includes:
  • Protection from Ransomware, Viruses and Malware
  • URL Re-write and Attachment Sandboxing
  • Integration with Active Directory and Azure AD
  • Spam Filtering
  • Spam and Quarantine message digests
  • The Platform managed by CSIQ’s SOC team
Expedited Incident Response and Advanced Email Protection against:
  • Impersonation attacks
  • Payment diversion fraud
  • Spear phishing
  • Business email compromise
  • Intellectual property theft
  • Malicious attachments
  • Ransomware, viruses, and spyware

PhishIQ + Platform & Compliance

Designed to work in combination with Microsoft 365, G-Suite or On-premise Exchange

Archiving

Ensure compliance by archiving all inbound and outbound emails for up to 10 years.

phishIQ + Platform additionally includes:
  • Protection from Ransomware, Viruses & Malware
  • URL Re-write and Attachment Sandboxing
  • Integration with Active Directory & Azure AD
  • Spam Filtering
  • Spam and Quarantine message digests
  • The Platform managed by CSIQ’s SOC team
  • Expedited Incident Response
  • Email Archiving (Ten Years)
Advanced Email Protection against:
  • Impersonation attacks
  • Payment diversion fraud
  • Spear phishing
  • Business email compromise
  • Intellectual property theft
  • Malicious attachments
  • Ransomware, viruses, & spyware

Onboarding Assessments

During the onboarding process, we will understand how you work so that we can support you with minimum disruption while providing prioritised remediations for any identified risks.

Email Health Assessment

We review your current email health and provide recommendations on implementing SPF, DMARC and DKIM correctly and without interruption.

Microsoft 365 and Azure AD Security Assessment

Our consultancy team will perform a security assessment on your Microsoft 365 environment during onboarding. The report will detail health and configuration, identify signs of compromise, and provide recommendations on securing your accounts from the latest threats.

Endpoint Security Assessment

We will conduct an assessment against a typical end-user device and provide recommendations on how to protect against malicious attachments and techniques used by advanced persistent threat groups.

Find Out MoreFind Out More
CSIQ-Gradient-Square-Light
CSIQ-PhishIQ-Onboarding-assessments
CSIQ-PhishIQ-Onboarding-assesments-2
Essentials
£12User / Month+ £220 Onboarding
Recommended for

SME's and Startups

  • Managed Email Security
  • Risk Management Platform
  • Monitored by the SOC Team
  • Monthly Reporting
  • New Starter Onboarding
  • Threat Hunting
  • Incident Response Triage
  • Threat Monitoring
  • Typo Squatting Monitoring
  • Information Leakage
  • Public Email Addresses
  • IP Reputation
  • User Awareness Training
  • Tailored Cyber Awareness Training
  • Simulated Phishing Campaigns
  • Company Policy Distribution & Tracking
  • Client Side Email Analysis
  • Sender Impersonation Detection
  • Deep Email Threat Analytics
  • Managed Email Platform
  • Industry Leading SPAM Filtering
  • Email Anti-Virus
  • Attachment Sandboxing
  • Email Continuity - Emergency Inbox
  • Email Encryption
  • Inbound/Outbound Filtering
  • Email Spooling
  • Data Loss Prevention (DLP)
  • Malicious URL Protection
  • Email Digest Reports
  • Onboarding
  • Email Health Assessment
  • Microsoft 365 Security Assessment
  • Workstation Security Assessment
  • Compliance
  • 10 Year Email Retention
  • Optional
  • ProtectIQ (Email Backup)
Control
£16 User / Month+ £420 Onboarding
Recommended for

Scaleups and Risk Adverse SME's

  • Managed Email Security
  • Risk Management Platform
  • Monitored by the SOC Team
  • Monthly Reporting
  • New Starter Onboarding
  • Threat Hunting
  • Incident Response Triage
  • Threat Monitoring
  • Typo Squatting Monitoring
  • Information Leakage
  • Public Email Addresses
  • IP Reputation
  • User Awareness Training
  • Tailored Cyber Awareness Training
  • Simulated Phishing Campaigns
  • Company Policy Distribution & Tracking
  • Client Side Email Analysis
  • Sender Impersonation Detection
  • Deep Email Threat Analytics
  • Managed Email Platform
  • Industry Leading SPAM Filtering
  • Email Anti-Virus
  • Attachment Sandboxing
  • Email Continuity - Emergency Inbox
  • Email Encryption
  • Inbound/Outbound Filtering
  • Email Spooling
  • Data Loss Prevention (DLP)
  • Malicious URL Protection
  • Email Digest Reports
  • Onboarding
  • Email Health Assessment
  • Microsoft 365 Security Assessment
  • Workstation Security Assessment
  • Compliance
  • 10 Year Email Retention
  • Optional
  • ProtectIQ (Email Backup)
Vigilance
£18 User / Month + £420 Onboarding
Recommended for

Industries with high data retention requirements

  • Managed Email Security
  • Risk Management Platform
  • Monitored by the SOC Team
  • Monthly Reporting
  • New Starter Onboarding
  • Threat Hunting
  • Incident Response Triage
  • Threat Monitoring
  • Typo Squatting Monitoring
  • Information Leakage
  • Public Email Addresses
  • IP Reputation
  • User Awareness Training
  • Tailored Cyber Awareness Training
  • Simulated Phishing Campaigns
  • Company Policy Distribution & Tracking
  • Client Side Email Analysis
  • Sender Impersonation Detection
  • Deep Email Threat Analytics
  • Managed Email Platform
  • Industry Leading SPAM Filtering
  • Email Anti-Virus
  • Attachment Sandboxing
  • Email Continuity - Emergency Inbox
  • Email Encryption
  • Inbound/Outbound Filtering
  • Email Spooling
  • Data Loss Prevention (DLP)
  • Malicious URL Protection
  • Email Digest Reports
  • Onboarding
  • Email Health Assessment
  • Microsoft 365 Security Assessment
  • Workstation Security Assessment
  • Compliance
  • 10 Year Email Retention
  • Optional
  • ProtectIQ (Email Backup)

Email Threat Hunting Lifecycle

Security Operations Centre

Our SOC team uses our Email Threat Hunting Lifecycle to proactively monitor and respond to threats. Ensuring a timely and prioritised approach to risk reduction

CSIQ-Lifecycle-Background
1
Onboarding
2
Discovery
3
Monitoring
4
Threat Assessment
5
Eradication
6
Targeted Training
7
Reporting

Flexible Pre-Pay Contract

Benefit from 25% off and rapid response with our Pre-Pay Contract

CSIQ Insight: Risk Management Portal

All consultancy and managed services include access to our Risk Management Portal.

A Single Pane of Glass

All risk types, including technical, human, residual and inherent, are allocated a score, allowing for a strategic approach to risk reduction.

Monthly Reports

Monthly reports from our managed services detailing individual risk scores, a summary of events, detailed vulnerabilities, and security recommendations are all available from the platform.

Visual Attack Path

Multiple vulnerabilities are typically exploited to reach a target. Our platform visualises the attack path taken by your consultant to achieve the objective.

Trend Analysis

Track your exposure over time to ensure that your IT teams are tackling the vulnerabilities identified.

If you have our pre-pay contract, simply send us a message through the platform to assist with the remediation.

CSIQ-Footer-Logo-4

Managed Cyber Security Services

To learn more about the other managed cyber security services we offer, visit our managed Attack Surface, Backup & BCDR, Firewalls, and Email Security pages.

Or get in touch to discover all of our available services.

Contact UsContact Us

Our Accreditations & Memberships

We are proud of our industry recognised certifications in Cyber Security and Service Delivery

CSIQ NCSC Assured Service Provider Cyber Advisor
CSIQ NCSC Assured Service Provider Cyber Advisor
Cyber Essentials Plus Certification Body
Cyber Essentials Plus Certification Body
IASME Governance Certification Body
IASME Governance Certification Body
ISACA Professional Members
Ecologi - Climate Positive Workforce
Ecologi Climate Positive Workforce

FAQ

Will PhishIQ help us meet Cyber Essentials Plus Compliance?

Absolutely. Our solutions will ensure a pass first time for all tests carried out during the Cyber Essentials Plus audit.

What is email spoofing?

Spoofing is the forging of people’s names, addresses, emails, and website domains. When a hacker attempts to impersonate a known person or company, this common strategy is used in email threats such as phishing and spear-phishing.

What is an impersonation attack?

Impersonation refers to hackers’ ability to take on another person’s identity. Assume someone is impersonating a senior executive at your organisation and sending phishing emails to the finance department seeking payment on an invoice. This attack is commonly achieved through weak DNS and email security configuration.

What is domain hijacking?

This type of attack is typically achieved by a hacker when a company does not correctly secure their DNS portal or allows a domain to expire. If an attacker can gain control of your DNS records, it is possible to redirect queries to servers within their control and potential infect staff and customers.

Why is email security so important?

Regarding email security, cyber risks such as social engineering attacks targeting organisations are rising. Phishing emails can lead to the disclosure of sensitive information, the approval of fraudulent bills or the download of malware that can infect the corporate network.

What is social engineering?

The danger of social engineering allows a hacker to deceive and persuade people. Before sending a malicious email to your organisation, a cybercriminal will research what your company does, how it relates to other companies, and who your employees are.

What is Business Email Compromise?

Theft of email accounts is hijacking, which may result from a malware infection or account compromise. In this situation, the hacker had access to the email account and could read and send emails as if he were a staff member. This type of attack is referred to as a BEC scam (Business Email Compromise).

Have a question for us about our services?

Send us an enquiry to get a rapid response from a cybersecurity expert.

"*" indicates required fields

Name*
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.