This article will focus on Secure Email Gateways, explaining the benefits of this technology as well as raising awareness about its drawbacks.
With 3.9 billion global email users in 2019 – and that number projected to rise to 4.48 billion by 2024 – email has become the channel of choice for hackers seeking to carry out cyberattacks. In fact, according to the 2020 Verizon Data Breach report, 22% of breaches involved social engineering, and 96% of those breaches came through email. As the pandemic has forced many organizations to shift to a Work-from-Home model, email has become even more essential for regular office communications. An increasing number of organizations recognize the need to secure their emails from outside threats and even from internal ones. The Verizon report highlighted that another 22% of breaches were a result of human errors, where sensitive data was accidentally emailed to the wrong recipient. Some of these organizations are turning to Secure Email Gateways to protect themselves from cyber threats.
What is a Secure Email Gateway (SEG)?
A Secure Email Gateway (SEG) is a solution that protects the organization’s internal email servers by analyzing and inspecting every incoming or outgoing email before it finds its way into a user’s email Inbox. While the organization cannot control the sending of emails, it can monitor emails that are sent and received, and control whether or not to allow the email through to its intended recipient. The goal of a Secure Email Gateway is to detect any unwanted and malicious emails and stop them before they cause damage to the organization. Secure Email Gateways can be deployed on premise within an organization or delivered as a cloud-based service.
Who Uses a Secure Email Gateway?
Organizations of all sizes and across all industries can utilize a Secure Email Gateway. Whether a small size business or a massive enterprise, email communications are an easy target for cyber criminals, and a Secure Email Gateway can be used to enhance the organization’s security. Governments and businesses have used email gateway protection to attempt to defend themselves against a wide range of cyber threats, including phishing attacks, Business Email Compromise (BEC) schemes, Denial of Service (DoS), spam, fraudulent content, ransomware, trojan and other forms of malware.
How Does a Secure Email Gateway Work?
Email security gateways harness multiple technologies to protect organizations from email-based cyber threats. Essentially acting as a firewall for email, Secure Email Gateways utilize a message transfer agent (MTA) to reroute inbound and outbound emails via proxy. The agent then scans both outbound and inbound messages, and implements specific rules for which emails are considered malicious and therefore blocked from leaving or reaching the network. Email secure gateways can inspect the domain of incoming emails, and analyze the email’s content itself. Outgoing messages can be filtered to automatically encrypt or completely block sensitive data from leaving the organization.
If the scanned email is considered safe, the Secure Email Gateway will send it to the internal server or service to be delivered to the user’s Inbox. If the email is considered spam or malicious, the SEG will either block or quarantine the email for further inspection by the system administrator. In this scenario, the intended recipient will not receive the email.
Secure Email Gateways’ filters use threat intelligence feeds to decide which emails are malicious. These feeds conform with the latest published standards for anti-spam and signature-based anti-malware. System admins can tailor the email gateway protection’s filters and rules to meet the organization’s requirements. In addition, SEGs work at the network level, which means that the level of protection is extended to employee devices, even if they are working from home on their own personal laptop or phone.
Why could a Secure Email Gateway be Useful?
A Secure Email Gateway can serve as the first line of offense against malicious emails and may enable enterprises to reduce the likelihood of email-based cyber-attacks against their business. The technology may help protect employees from falling prey to some types of email-borne threats, such as spam, viruses and phishing attacks, and other types of malware.
Are Secure Email Gateways still relevant?
The rise of phishing attacks and the move to cloud-based email requires organizations to reevaluate whether their email security controls are sufficient. As organizations increasingly transition to cloud-based email, Secure Email Gateways have become less relevant as a means to protect users from email-based cyber threats.
Key Features of Secure Email Gateway Software
While there is a range of email security gateway products on the market, there are a number of key features that should be considered.
- Spam filtering: Secure Email Gateways can block email messages from known spam email domains. Algorithms may detect patterns that indicate new spam, such as keywords and suspicious links. Spam filters also allow individuals to report and block spam emails that do manage to make it through to their Inbox.
- Virus and malware blocking: Secure Email Gateways use anti-virus technologies to detect messages that have known malicious URLs or attachments, and attempt to prevent them from entering the organization’s network.
- Phishing and social engineering protection: Phishing is when an attacker sends email messages that look harmless to the recipients but contain a malicious attachment. Secure Email Gateways use anti-fraud technologies to validate sender domain name, and try to block emails with malicious links and attachments.
- Email archiving: Secure Email Gateways can store emails to help the organization meet legal compliance and data management needs.
- Admin controls and reporting: System admins can have full control over the company policies for filters and quarantine rules. For example, they can decide to block specific senders or IPs, or reject messages with specific keywords.
- Reporting: A centralized dashboard can offer system admins visibility over their network’s email activity, as well as access to a reporting function.
Top 4 Benefits of a Secure Email Gateway
Secure Email Gateways offer some benefits, such as:
- Helps prevent some malicious emails and stop some phishing attacks
- Helps stop sensitive data from leaving the organization
- Helps protect employee emails across multiple devices
- Helps meet compliance needs with email archiving and encryption
The Top Secure Email Gateway Factors to Consider
If your organization is wondering whether an SEG is right for you, keep in mind that there are a number of secure email gateway factors to consider before making a decision. Make sure you investigate the following questions:
- Can the vendor detect and block a wide range of malware, both via links and attachments?
- Does the vendor analyze messages leaving the organization to encrypt sensitive data or block it from leaving altogether?
- Can the vendor supply your organization with threat analysis: what attack tactics are being used, who is being targeted most often, and what is the origin of these attacks?
- Does the vendor offer any response capabilities so if a malicious email does penetrate the organization, it can be quickly located and deleted?
- Does the vendor offer its Secure Email Gateway as a cloud service or on-premise solution?
- For threats that evade the Secure Email Gateway, do you have other solutions in place to catch them?
Drawbacks to Secure Email Gateway
While Secure Email Gateways have proven effective in stopping spam and some malicious content, they are not without drawbacks.
Cannot Defend Against Signature-Less Threats
Secure Email Gateway solutions analyze risks based upon known malicious content. This puts the organization at risk because zero-day attacks have become more prevalent and are increasing in frequency, with new or unknown zero-day attacks expected to more than double in 2021. In fact, 80% of successful breaches are new or unknown zero-day attacks that are not recognized by traditional signature-based detection solutions.
Cannot Defend Against BEC Attacks
By that same token, Secure Email Gateways cannot defend against today’s extremely professional Business email compromise (BEC) Attacks, where cybercriminals spoof trusted brands or names of co-workers to trick innocent employees into opening malicious emails. In fact, BEC attacks are known in the industry as CEO fraud, because employees are known to follow the CEO’s emailed instructions to the letter, not realizing they are under BEC attack. These emails look so realistic that they cannot be detected by Secure Email Gateway technologies.
Cannot Defend Against Internal Email Threats
Since Secure Email Gateways connect to the mail flow outside of the email provider’s cloud, internal emails – such as employee-to-employee communications – are not scanned for known threats. This presents a significant threat as hacked inboxes would be free to send malicious emails without detection.
Loss of Productivity
As Secure Email Gateways quarantine or block files, inevitably, the organization will experience a decline in productivity. Large files can cause bottlenecks, and urgent emails may be delayed or not delivered at all, resulting in workflow hiccups and employee frustration. For large organizations with many email accounts, expect to spend significant time and resources unblocking emails and files and removing them from quarantine for end users.
Limited to Email Attacks
Protecting the organization against malicious emails is important, but cyber attacks can come from a range of sources—beyond email. Organizations with Secure Email Gateways may falsely think they are protected, when in fact, threats can penetrate from the web, company portals, and other sources. The inbox-level protection that email secure gateways provide is not sufficient.
Known to Hackers
Secure Email Gateways broadcast themselves to hackers via the MX record, making it easy to develop evasion techniques to defeat the Gateways. Simple Google searches will provide attackers with the information they need to ensure their malware can evade detection – such as only executing once inside the production environment – or bypass the Gateway altogether.
Requires Maintenance & Upkeep
Secure email gateway maintenance requires extensive IT resources, time, and money, as well as the need to continuously update complex security policies.
Alternatives to Secure Email Gateways
A sandbox is an isolated testing environment that stands apart from the production environment, where a file or program from untrusted sources can be executed in isolation. If a program or file is malicious, a sandbox can help discover and block the threat without compromising organizational security. Unfortunately, hackers have figured out how to get around the sandbox’s protection.
Download the eBook, How to Plug the Gaps in Anti-Virus, NGAV, and Sandbox File Security to learn how hackers are evading sandboxes.
Content Disarm and Reconstruction
Content Disarm and Reconstruction (CDR) is a security technology that does not rely on detection, unlike other anti-malware tools. Instead, the technology assumes all files are malicious and scrutinizes all individual file components that are outside of the approved firewall. Also known as file sanitization, the technology removes malware, strips any embedded code, and rebuilds the file in a way that disrupts any additional covert malicious code. The end result is a safe copy of the original file, with most – or some – functionality intact.
Many CDR solutions do remove active content from files. Instead of sanitizing the content, they block and remove the active content, rendering the file potentially useless to the end user, resulting in reduced productivity.
Votiro Cloud, Powered by Positive Selection® technology
Votiro’s Positive Selection technology is the next evolution of CDR technology. Votiro Cloud uses template-based reconstruction to re-create clean templates with only the known good content included. Unlike detection-based file security solutions that scan for suspicious elements and block some malicious files, Positive Selection singles out only the safe elements of each file, ensuring every file that enters your organization is completely safe. While all types of CDR do not rely on malware detection or predictive analysis, only Positive Selection technology delivers fully functional content in milliseconds that is always effective against zero-day attacks with a 0% false positive rate.
Built with deep expertise in the architecture of every file format – as well as close working relationships with file format companies like Adobe – Votiro Cloud technology understands and protects all file types – from .ppt, docs, pdfs and image files, all the way to more complex formats that no NGAV or Sandbox can possibly detect.
While many threats pass through these other solutions and Secure Email Gateways, Votiro’s Positive Selection technology has been proven to stop them, ensuring your organization is completely safe from file-borne threats.
SEG vs. SFG Comparison Table
Compare a Secure Email Gateway with Votiro Cloud.
|Secure Email Gateway||Votiro Cloud|
|Blocks or quarantines everything – no loss of productivity||Doesn’t block or quarantine anything – no loss of productivity – 0 latency|
|Signature-based detection||Signatureless – not based on known signatures / out of date databases of threat intel|
|Only secure inbound and outbound Emails||All files secured, including emails & the email file itself, including intra-company emails|
|Secures Emails only||Secure all incoming files regardless of channel|
|Points to a known protection method…evasion techniques known to specific solutions||No broadcast to hackers – API based, not an MX record|
|Higher cost||Lower cost|
|SEG solutions often don’t allow POCs||Flexible deployment options – on-prem, in their cloud, or SAAS licensing models|
Download the Votiro Cloud and Secure Email Gateway Comparison Guide here.