Secure Email Gateway: The Gaps That Could Cost You

Hand using tablet with white and blue envelope icons above it - Votiro

The email channel is one of the most essential components of effective corporate communication. Email is vital to keeping business flowing amongst colleagues, clients, vendors, and others. In  fact, the total number of business and consumer emails sent and received per day exceeded 293 billion in 2019. This is forecasted to grow to more than 347 billion by the end of 2023. 

That’s why it should come to no surprise that the email channel is one of the most leveraged threat vectors. The Verizon 2020 Data Breach Investigations Report notes that 94% of the time malware is delivered via email. Therefore, it’s imperative that organizations have a sophisticated security solution that is able to fully protect their email channel. 

The Three Major Security Gaps of Secure Email Gateway Solutions

Secure Email Gateways typically analyze all inbound emails for malicious content and, if an email is deemed safe, it is sent to the recipient. So, while Secure Email Gateways aim to prevent emails containing spam, phishing, malware or fraudulent content, they fall short in being able to protect against the plethora of other threats regularly targeting inboxes. And, there are additional disadvantages to Secure Email Gateway solutions that open enterprises up to further risk. 

Extremely advanced socially engineered attacks, such as the scenario with the Bank of America phishing attack, enable hackers to penetrate Secure Email Gateway protections. Here, the bad actors’ use of new and unique domains, along with refraining from the traditional “spray and pray” approach, allowed them to bypass being labeled as known bad or nefarious. Threat actors are continuously seeking ways to exploit such vulnerabilities within security solutions like Secure Email Gateway and evade the protective measures enterprises have in place. 

1. Secure Email Gateway relies on known malware signatures 

Unfortunately, new and unknown threats continue to proliferate. Every day, the AV-TEST Institute registers over 350,000 new malicious programs. These programs are unlikely to be found within the Secure Email Gateway’s database of malware signatures. Even if Secure Email Gateways are using dynamic threat intelligence, these feeds–though constantly updated–are always constantly out of date. Therefore, zero day threats get  the stamp of approval to move forward throughout the channel. 

Undisclosed, unknown, and zero-day threats pose a high risk to enterprises due to their ability to continue malicious operations behind-the-scenes. These threats can go unaddressed for an extended period of time.Research shows 80% of successful breaches are new or unknown zero-day attacks that are not recognized by traditional signature-based detection solutions. Once hackers have infiltrated they can continue to work their way throughout the network to infect additional systems or compromise sensitive data. 

2. Secure Email Gateway cannot protect from savvy, multi-stage attacks

Straightforward malware or ransomware attacks have been occurring less frequently, as hackers develop sophisticated attacks with various malicious components and modules. These components provide further access to corporate networks and systems and/or data. Votiro researchers discovered a sophisticated attack that deployed a Dridex trojan payload that hid within Microsoft Excel spreadsheets delivered via phishing emails appearing to be from UPS, FedEx, and DHL. An attack of this nature would evade detection by Secure Email Gateway due to a sophisticated obfuscation technique that prevents the malicious content from being viewed or analyzed by these tools. Additionally, the cybercriminals were able to expertly disguise the email to appear as if it legitimately came from either FedEx, UPS or DHL, leaving end users especially vulnerable to opening the email. 

3. Secure Email Gateway can only detect threats within the body of the email 

Secure Email Gateway lacks the ability to detect malicious content that is embedded within attachment programs or infrastructure. This can include macro programs or pixel data. Macros are mini programs that automate a task inside of a larger program in order to make the user experience faster and easier. They are typically found within Microsoft Office software and when used for nefarious purposes, they can easily trick users into deploying a payload and spread malware. We know that nearly all, or 98% of threats, targeting the Microsoft Office Suite use macros. 

Additionally, threat actors can leverage pixel data found within image attachments to spread malware–a technique called steganography. Recently, Microsoft discovered malicious spam campaigns that were distributing disk image files infected with malware. The image attachments were infected with a strain of the Remcos remote access trojan (RAT), which gave attackers full control over the infected systems. It’s imperative that enterprises have solutions that are able to fully analyze all components of email attachments for malicious activity. 

Votiro Prevents What Secure Email Gateway Can’t to Fully Protect the Enterprise Email Channel 

Votiro’s Positive Selection® technology is able to overcome all of the challenges Secure Email Gateway cannot protect against. The technology neutralizes all external malicious content threats, including undisclosed and zero-day exploits. Votiro for Email Attachments singles out only the elements of emails known to be fully secure, guaranteeing they are 100% safe. As a result, employees can open every email and file attachment with complete peace of mind, and without any delays or disruptions to business. In fact, Votiro’s Positive Selection technology solutions have never suffered a single breach in seven years.

Votiro understands that predicting threats based on historical data is imperfect. Votiro outperforms predictive detection-based methods, guaranteeing you receive the exact same file while getting rid of all potential risk. That way, your file remains 100% authentic and functional, yet 0% dangerous. Votiro is able to sanitize all malicious code and exploit threats while preserving the integrity and functionality of the original file. Recipients are able to save, edit, use and share the file without risk. See for yourself by scheduling a demo.

background image

News you can use

Stay up-to-date on the latest industry news and get all the insights you need to navigate the cybersecurity world like a pro. It's as easy as using that form to the right. No catch. Just click, fill, subscribe, and sit back as the information comes to you.

Subscribe to our newsletter for real-time insights about the cybersecurity industry.