The email security market is full of vendors offering a wide array of features and capabilities. To make sense of the chaos and to bring clarity to companies seeking the right solution for their specific email security challenge, Gartner broke the market into three segments and aligned vendors to each: Secure Email Gateways (SEGs), Integrated Cloud Email Security solutions, and Email Data Protection solutions. Here is a summary of each segment as stated in the most recent Gartner Market Guide for Email Security:
- SEGs: “Email security for both inbound and outbound email has traditionally been provided by SEG solutions either as an on-premises appliance, a virtual appliance, or a cloud service. SEGs process and filter SMTP traffic and require organizations to change their MX record to point to the SEG.”
- ICES: “Advanced email security capabilities are increasingly being deployed as integrated cloud email security solutions rather than as a gateway. These solutions use API access to the cloud email provider to analyze email content without the need to change the Mail Exchange (MX) record. Integrated solutions go beyond simply blocking known bad content and provide in-line prompts to users that can help reinforce security awareness training, as well as providing detection of compromised internal accounts.”
- Email Data Protection: “Email is fundamentally unsecure, and email data protection solutions add encryption to track and prevent unauthorized access to email content before or after it has been sent. EDP can also help prevent accidental data loss due to misdirect recipients.”
For the sake of this conversation, let’s agree that Email Data Protection is a niche use case and that these technologies were not designed or capable of standing alone in defending a company from phishing attacks. That leaves just two: SEGs and ICES. So, what is the fundamental difference between the two? In summary, the debate boils down to whether an email security technology should block emails before they ever get to an end user’s mailbox (the “pre-delivery” approach) or leverage artificial intelligence and machine learning with a powerful combination of capabilities (the “on-delivery” approach). The latter approach takes advantage of anomaly detection, natural language processing, and visual scanning to inspect every email just as they hit the company’s O365 or GWS tenant—performing an analysis in milliseconds and automatically determining whether the email is a threat or not.
The category that Gartner places a specific email security vendor into (SEG or ICES) is entirely dependent on whether that vendor uses pre-delivery or on-delivery. The former goes into the SEG category, and the latter goes into the ICES category. Now let’s look closer at the Gartner definitions of each category. Notice in the SEG definition that the authors use the word “traditionally.” That means the old way of doing things, which is the pre-delivery approach. Now, look at the words used in the ICES definition: “Advanced email security” and “rather than a gateway,” this is the new way of email security, which is the “on-delivery” approach.
Let’s go one level deeper on the pre-delivery vs on-delivery approaches. SEGs have been around for decades and have not been able to keep up with the new breed of phishing emails that do not contain links or attachments. Because of where they are placed in a company’s technology stack, they can’t leverage the behavioral patterns of end-users and use those insights to identify intent-based phishing attacks. The pre-delivery approach is essentially backward-looking. SEGs must be updated constantly with updates about attacks that have already happened. We often compare SEGs to old-school firewalls because they use similar block/allow lists to limit attacks. Both technologies are placed in between the internet and the company’s infrastructure. And both are dependent on continuous updates about new known attacks. Now ask yourself this question: would you just install a firewall between the internet and your company’s infrastructure and then tell your CEO that your company was secure?
This all makes sense now, right? Two approaches, with vendors aligned to each based on their approach to securing email. Well, as the great American sportscaster Lee Corso is famous for saying: “Not so fast, my friend.” You see, there’s a vendor out there who is telling anyone who will listen that pre-delivery is the way to go, but then they also claim to be an ICES vendor because they use APIs (which, to be fair, is accurate according to Gartner). Let’s try to make this clear:
- If you’re pre-delivery, you’re a SEG.
- If you’re just using an API for email journaling, you’re still a SEG.
- If you can’t capture end-user behavioral patterns to build Machine Learning models to stop advanced phishing attacks, you’re a SEG.
Just own it, be proud of it and make your case to prospects. Seriously, pick a lane already.
Email security is an enormous challenge for companies of all sizes and picking the right solution for your specific needs is critical. Trying to be a vendor who has one foot in both the old approach and the new approach categories is confusing and completely unnecessary.
At IRONSCALES we are all in on the on-delivery approach to email security. In fact, we are going to be taking it to an entirely new level in the very near future. More on that another time.
If you would like to know more about IRONSCALES and how we are the best option for protecting you against phishing attacks, visit our website today at ironscales.com.