Let’s get straight to the point, email-based attacks present a serious security threat for organizations today, especially enterprises. In 2022, Verizon’s Data Breach Investigations Report found that phishing continued to be one of the top three attack vectors attributed to data breaches. And during the 2020 COVID-19 quarantine, phishing attacks increased by 350%.
Billions of new phishing emails are sent out every day, overwhelming security teams as they struggle to keep up with investigating suspected phishing attacks. Even when an attack or breach is detected, it can often take weeks or months to resolve.
Cloud-based email providers and legacy technologies like Secure Email Gateways (SEGs) provide some protection, but they simply can’t keep up with the volume or sophistication of today’s email attacks to fully defend your company. SEGs are good at identifying “known” attacks based on rules and policies or scanning of malicious links and attachments, but they can’t detect malicious intent of a BEC attack.
Choosing a comprehensive email security solution that integrates technology with tools to address the human element is critical—like integrated security awareness training (SAT) and phishing simulation testing—or features that empower employees to quickly analyze suspicious email messages from within their email client, to flag potential zero-day/emerging attacks, without overloading security teams with false positive alerts.
A Few Things to Look for in an Enterprise Email Security Solution
Ease of use
For an enterprise email security solution to be truly effective, it's got to be easy for the admins and all the employees to use. A system that requires a lot of manual steps to investigate a reported incident gets tedious and doesn’t actually save IT admins’ time. Further, these types of systems are seldom fully adopted—and are frequently abandoned (while continuing to pay for the remainder of any subscription fees).
The ideal solution should provide meaningful automation to reduce the significant amount of time that administrators spend investigating email incidents. From an ease-of-use standpoint, it should also include:
- Easy installation and integration with cloud-hosted email services
- An intuitive user interface with a minimal learning curve
- Minimal management and maintenance requirements
A solution that emphasizes ease-of-use saves significant time for IT and security teams will always has a better chance of delivering the security and protection desired.
AI and Machine Learning for Continuous Inbox Protection
Evasive phishing attacks slip past traditional email security (SEGs, M365, and GWS security controls) and reach user inboxes—especially business email compromise (BEC) and account takeover attacks.
Look for API-based Integrated Cloud Email Security (ICES) solutions that take advantage of artificial intelligence and machine learning. These solutions are able to continuously monitor and scan inboxes for threats and anomalous behavior after they have been delivered—and can claw back malicious messages from all protected inboxes.
ICES solutions use AI and ML to detect unknown threats and emails with malicious intent. They can also detect email attacks that use time-delayed detonation URLs (emails that link to a legitimate website but then redirect to a known phishing site after a programmed amount of time) used to bypass traditional email gateway security models.
This level of protection can only be achieved by integrating with cloud-hosted mail services via API. The direct connection allows for continuous scanning and analysis of both external and internal messages. The AI/ML provides advanced analysis of multiple data points, including:
- Identifying social engineering attempts
- Time-delayed link and attachment weaponization
- Escalate suspicious email user behavior
- Detecting unusual email handling rules
- Analize conversation histories to detect anomalous activity
These advanced technologies analyze ALL data points in real time to identify suspicious behavioral patterns and unusual communication styles and proactively hunt for threats.
Security and Data Privacy
Beyond features and functionality, it’s important to consider how a vendor addresses the security and privacy of customer data. Some things to look for include:
- Encryption: the vendor’s solution should use industry-standard and current encryption algorithms to protect data both in transit and at rest.
- Access control: look for solutions with granular access controls so you can limit who has access to sensitive data and what they can do with that data—features such as role-based access control and multi-factor authentication.
- Compliance: ask the vendor if they comply with relevant data protection frameworks such as GDPR and SOC2, and ask for evidence of their compliance, such as independent third-party audits.
- Data minimization: vendors should only collect and process the minimum amount of personal data necessary to provide their service. Further, they should have a clear process for obtaining and managing user consent for the collection and processing of their personal data.
I may be contractually required to mention scalability (or “at scale”) any time I write about enterprise-grade solutions, but that really shouldn’t be an issue with modern SaaS-based solutions. Scalability should be considered germane to SaaS offerings. The services should be designed to accommodate fluctuations in demand, number of users, and data volume.
So, don’t be impressed by vendors who try to make a big deal out of something that should be considered table stakes.