June 24, 2020
Secure Email Gateway or simply SEG is a popular email security tool that filters inbound and outbound emails for phishing, malware, and spam.
SEG analyzes different aspects of email, relying on flagged keywords and blacklisted URLs that would suggest a suspicious nature of the content. Acting as a referee for all incoming and outcoming emails, SEGs decide whether to block, quarantine, or pass an email on to its intended recipients.
One could compare SEG with a firewall for emails.
Its simple model is effective in the context of secure on-premise email environments, where SEG replicates the functionality of a Message Transfer Agent (MTA), but the same can not be said about SEG in the context of cloud environment, where the “email perimeter” has effectively transformed and multiplied, because cloud is a a holistic ecosystem of components, not a single vendor solution or point product.
With cloud computing much of our information is stored and accessed far away from the original perimeter, and endpoints be considered the new perimeter, or at least it’s newer layer.
Office 365 is the #1 cloud email service on the market with 180 million users, and it is subjected to constant phishing, spear phishing, and malware attacks. To secure cloud email, SEG acts as a forward proxy that analyzes and reroutes emails to the email provider, which then carries out an additional scan.
Unfortunately, SEG is powerless against the majority of modern email threats it was never designed to address.
SEG solutions can prove to be worthy, but they do not cover all email security risks in 2020 and can’t be your only building block when arranging a secure email strategy.
Just like every other security tool, Secure Email Gateways have their limitations. While modern SEG solutions offer us sandboxing capabilities, content reconstruction and data loss prevention, they still have multiple points of weakness.
It makes sense to start from the most obvious weakness. For threat detection SEG relies on known malware signatures and domain blacklists, which is only helpful in preventing attacking methods that are known to SEG, but not the more sophisticated attacks like spear phishing.
Secondly, Secure Email Gateways were designed to process inbound and outbound emails, and they are not equipped to protect users from threats hidden in internal emails. If SEG greenlights a phishing email that will take the account credentials of any Office 365 user, the attacker will be able to launch more spear phishing attacks internally, now without any difficulties. Account takeover attacks are prevalent in the cloud email environment, and act as a first step for multi-staged attacks like Business Email Compromise.
Speaking of BEC, Secure Email Gateways are also ineffective against Vendor Email Compromise (VEC) attacks, a variation of a 26 billion dollar scam. In VEC attacks the original victim of the phishing attack is the vendor you’re working with, who’s been phished and then monitored for months. After gaining the intel on the business relationship of the compromised vendor, hackers target their customers by sending a fake invoice with new banking details.
Since vendor’s account is used to facilitate this scam, and no malware or malicious URLs are used to defraud the final victim, the chances of criminals succeeding are higher than usual. Even if the hacker decides to spoof the compromised account, they could have enough information to craft a good spear phish that would bypass the majority of SEG solutions.
Lastly, the one thing that aggravates the SEG case is the need to change MX records for the company to reroute emails through SEG. As this is public information that can be looked up, hackers are able to adapt their attacks and bypass MX records. More information about MX record bypass can be found in an IDC report “New Email Paradigm Requires New Security Approaches”.
It also should be highlighted that SEGs do not address other entry points that are connected to email. SharePoint, OneDrive and ShareFile are some of the most abused cloud providers, and hackers use geo-location to help prevent analysis carried out by security tools and human researchers, enabling malware to slip through SEG’s defenses.
In more than 34,400 email threats reported by users, 90% of environments used SEGs, according to a 2019 report by Cofense. Secure Email Gateway in its traditional form is a great tool to protect SMB companies from bulk phishing emails, but is not sufficient enough to resolve more targeted and sophisticated attacks.
Many consider post-delivery protection tools as a better choice for enterprises, citing how machine learning systems and artificial intelligence algorithms can automate threat prevention and decrease the strain on the IT department and company’s employees.This becomes a good point, because SEGs are guilty of generating a high rate of false positives when being overconfigured, and they don’t mix effectively with native Office 365 security.
StealthMail can be a viable addition to your company’s email security strategy plan, as it can be used by both SMB companies, who are content with having only a SEG, and enterprises that are tasked to balance between both platforms.
While Secure Email Gateways can continue being useful tools for filtering out malicious content, StealthMail solution can address other email threats and attacks, securing your corporate data from both internal and external attacks.
One of the first things to know about StealthMail, is that your emails never leave your company’s protected perimeter, and stay encrypted both in transit and at rest inside the company’s local servers, or in the company's Azure cloud. You have the option to choose how to deploy the solution.
Only the company owns its data and encryption keys - a crucial condition for the protection of intellectual property. StealthMail combines modern encryption standards with easy-to-understand rights management.
All secure data, that is requested by an authorized StealthMail user, is downloaded via an end-to-end encrypted channel to a protected temporary storage, where all the stored data is erased after the user’s session ends. Sensitive information never faces the open Internet, and the only data recipients get through a public channel is a link to the protected storage. After getting a link, the recipient should authorize to access a separately encrypted storage.
Furthermore, at any given time, the security officer may block user access to the information stored on the user side and even erase it. This approach also helps address the heightened risk of insider attacks. No one except a specified list of recipients is able to see the user’s email content. Senders, recipients, and their devices are identified and authorized to battle spear phishing threats. Email senders become content owners, which allows them to see who got access to their emails.
StealthMail would be an ideal tool for businesses that need to send/receive sensitive information to/from customers and partners, and for organizations who look to protect their confidential corporate data.
If you’re interested to find out more about StealthMail’s approach to email security, please feel free to visit StealthMail.com.
Link copied to clipboard!