According to Gartner’s newly published Market Guide to Email Security, “Dramatic increases in the volume and success of phishing attacks and migration to cloud email require a reevaluation of email security controls and processes. Security and risk management leaders must ensure that their existing solution remains appropriate for the changing landscape.”
Why is this important?
The transition to a native cloud email platform changes the landscape. With the changing landscape, the way we manage risk around email security must also change. Phishing attacks have evolved to evade traditional email security defenses, so the risks are increasing as organizations migrate to the cloud. Effective email security must focus on the capabilities required to address today’s advanced threats targeted towards organizations using cloud native platforms.
Gartner’s Market Guide to Email Security includes some important findings and key considerations for information and security officers to know.
Comparing Email Security Architecture
Secure Email Gateway
Secure Email Gateway (SEG) aims to improve overall protection around outgoing and incoming emails. Many companies already have an SEG layer which sits in front of the email platform to prevent threats from ever reaching the platform. Because SEGs sit in front of the platform, downtime must be taken into consideration as an overall risk to the organization. SEGs, however, have anti-spam and signature-based anti-malware capabilities which are good at blocking “known bad” including marketing and graymail classification. Also, DLP and email encryption capabilities are built-in for outbound content. In a nutshell, SEGs are considered to be the firewall of email.
However, there are some challenges with an SEG. It is not as effective when it comes to account takeover, BEC or behavioral-based anomaly detection for advanced threats. Because SEGs were built on-premises and are legacy email security systems, the technology to detect and respond to advanced threats is lacking.
One recommendation by Gartner states that organizations should, “Address gaps in the advanced threat defense capabilities of an incumbent secure email gateway (SEG) by either replacing them or supplementing them with complementary capabilities via API integration. Invest in user education and implement standard operating procedures for the handling of financial and sensitive data transactions commonly targeted by impersonation attacks. Remove as many targeted ad hoc processes from email as possible.”
Integrated Email Security Solution
Integrated Email Security Solution (IESS) vendors offer many of the same capabilities found within an SEG, such as URL protection, blocking malicious emails, and remote browser isolation.According to Gartner, “There are a growing number of vendors (see Table 4) that provide the core functionality of an SEG but integrate directly into APIs in Office 365 and G Suite. This type of product includes antivirus and spam detection capabilities to detect threats before they arrive at the user’s inbox. They often include other capabilities such as machine-learning-based detection trained on existing emails, image analysis, account takeover detection and image recognition of URLs to identify phishing attacks as well providing protection for internal emails and M-SOAR functionality.”
IESS is more robust in advanced threat capabilities. IESS solutions include additional capabilities including using machine learning to detect threats to emails, account takeover, and images of URLs. These advancements aim to detect phishing and protect emails. When combined, these advanced threat features and capabilities including the ability for organizations to more effectively protect against URL-based attacks, impersonation and social engineering tactics, IESS vendors should be evaluated when a cloud-native email platform is in place. Gartner suggests that when an IESS is used with native protection capabilities often provided by Microsoft and Google, it can serve as a good choice for gateway protection
As security and risk management leaders reevaluate technologies and processes, the end goal is to reduce the mean time to detect (MTTD) and mean time to respond (MTTR) to attacks. And according to Gartner, the situations where IESS provides substantial security is when your organizations want to ensure email attacks are managed quickly.
Cloud Email Security Supplement
Cloud email security supplements (CESS) vendors focus on specific threats. The key difference between CESS and IESS is that CESSs are primarily excellent and differentiated in a small number of advanced threat detection capabilities. If an organization has a very specific use case, or a specific advanced threat type is prevalent, an organization should consider this additional layer of defense.
Differentiating Capabilities: A Brief Overview
With all the talk around SEG, IESS, and CESS, it makes sense that understanding how the three compare to each other is necessary to know which segment(s), are best for your organization.While a CESS looks for the harder to detect areas, an IESS is a cloud-native platform and aligned to handle the breadth of advanced threats in the moment of risk. The SEG architecture was built for on-premises solutions, so as organizations migrate to the cloud native environment, security and risk management leaders should strongly consider the alternative to gateway protection.
It is important during this evolution that an integrated email security solution is considered. An IESS should be able to detect a full range of advanced threats that use URLs, impersonations, and social engineering tactics, but protect against account takeover attacks, and also integrate with other email security vendors to effectively orchestrate, automate and remediate advanced threats.
If you want to know what advanced threats are currently getting through to your existing email security solution and into your end users’ mailboxes, get the free Advanced Email Threat to uncover your current risks