EMILY's List

Resource for women in politics enlists Cloudflare Area 1 email security to protect members

This video features Michael Sager, CTO/CISO, EMILY's List

Tell us about yourself and your company.

Michael Sager: Hi, I'm Mike Sager. I'm the Chief Technology Officer and Chief Information Security Officer for EMILY’s List, which is a Democratic political organization. We elect Democratic pro-choice women to office all up and down the ballot in the United States.

What email security challenges were you facing?

Michael Sager: So as a political organization, email security is very much top of mind. There have been major incidents that have happened over email with phishing over the past few years. So this is something that we are acutely aware of. In addition to the major kinds of incidents, we're also very deeply concerned about the more common stuff that you'd see out there - wire transfer fraud, fake invoices, business email compromise, et cetera. These are all major things that we are worrying about as an organization that's present on the Internet, but also one that is heavily targeted by all sorts of different types of actors.

Why did you choose Area 1?

Michael Sager: When I first joined EMILY’s List, one of the first things we needed to do was to upgrade our email infrastructure, move off of a legacy platform into a cloud environment and adding an anti-phishing gateway was extraordinarily important to us at this point. We wanted to add multiple layers of defense against phishing into our environment.

Area 1 came very highly recommended to me by some folks that I trust. Once we put the solution in place and got to know the team we were very, very happy. The system is very easy to deploy and the different dashboards give us a lot of good insights to what we're seeing. We are able to quarantine messages that are of concern and are able to tune the system pretty well. Very rarely do I have to go back in and fish things out of the quarantine ... We feel very, very good about the quality of Area 1 and that it's catching the right messages and passing the right messages.

It also has very good tools around business email compromise (BEC) so that we are able to ensure that even very well constructed spear phishing messages that attempt to impersonate our users are intercepted and not making it to the inbox, which makes my job a lot easier.

How did Area 1 improve your security program?

Michael Sager: The benefit for me from Area 1 is that I don't have to spend as much time thinking about commodity phishing anymore. And that is a huge difference – that I know that the stuff that is just out there in general from the internet is being intercepted, it's being caught. Although you are never totally in the clear, even the best solution in the world is going to occasionally let things through – that's going to happen anytime you're dealing with technology where the adversaries continue to get smarter and smarter. But Area 1 is a tool that just reduces the volume of things that I actually need to be taking a look at ... it takes a huge problem and turns it into a much, much more manageable problem.

What would you tell a colleague/peer about Area 1?

Michael Sager: So what I would say to a colleague or peer is that we know that phishing isn't going away, that there is going to continue to be an attack vector against everyone. The folks on the other side of this is a human adversary. They're getting smarter, they’re trying new things and their cost to attack is basically nil. There's just going to be so much of this stuff pushed out and it's going straight to your user's inbox or even just going to a spam box that still presents significant risk to your users. Having a tool like Area 1 in place that is going to arrest the majority of this stuff is absolutely essential, especially for anyone who has any kind of organization that is likely to be attacked.

EMILY's List
Related Case Studies
Related Products
Key Results
  • More than 43,000 phishing threats blocked within a month
  • Decrease in time and resources spent on commodity phishing, allocating resources to critical security activities
  • Gmail inboxes secured; employees stay productive with Area 1’s transparent security

Having a tool like Cloudflare Area 1 in place that's going to arrest the majority of phishing attacks is absolutely essential, especially for anyone who's in any kind of organization that is likely to be attacked.

Michael Sager

It also has very good tools around business email compromise, so that even very well-constructed spear phishing messages that attempt to impersonate our users are being well-intercepted.

Michael Sager