"discussionUrl": "https://ironscales.com/blog/three-security-vets-drop-uncomfortable-seg-truths#comments", "commentCount": 0, "interactionStatistic": [ { "@type": "InteractionCounter", "interactionType": "https://schema.org/ReadAction", "userInteractionCount": 0 }, { "@type": "InteractionCounter", "interactionType": "https://schema.org/ShareAction", "userInteractionCount": 0 } ], "isBasedOn": { "@type": "Dataset", "name": "SEG Performance Research Data", "description": "Analysis of 1,921 IRONSCALES customers who also use SEGs to measure missed phishing attacks", "creator": { "@id": "https://ironscales.com#organization" } }, "educationalLevel": "Professional", "learningResourceType": "Research Analysis", "teaches": [ "SEG performance limitations", "Email security gap analysis", "Phishing attack statistics by vendor", "Email security operational challenges" ],

Three Security Vets Drop Uncomfortable SEG Truths

What happens when you put three seasoned security practitioners in a room with data that shows exactly how many phishing attacks their tools are missing?

You get the kind of honest conversation most vendors don't want you to hear.

I just hosted a webinar that felt more like eavesdropping on a coffee shop conversation between security veterans than your typical vendor pitch-fest.

SEG Webinar Guest Speakers

Jason Phillips (Sensient Technologies), Jeff Rader (Hoosier Energy), and Michael Kobrowski (SMC) joined me to dig into some research that's been making waves... SEGs are missing 67.5 phishing attacks per 100 mailboxes every month.

That number hit different when it came from practitioners who'd lived through the pain.

The "We Had No Idea" Moment

The most telling part? None of these guys knew how bad their visibility gap was until they had a way to measure it.

Jeff's reaction was particularly memorable: "We were getting 10-15 misses a day that...became obvious once we could see them." Jason discovered his SEG was letting through 6,500 phishing emails in a single week. Michael admitted he was initially hesitant about "another tool" but got convinced quickly when he saw what was slipping through.

Before having visibility into what their SEGs missed, they relied on what Jason called "sharp eyes" - that one reliable employee who'd spot the suspicious stuff (we've all worked with that person).

The Maintenance Reality Check

One insight that landed hard: why smaller organizations get hammered worse. The data shows companies with 1-99 mailboxes face 751 missed attacks per 100 mailboxes from Barracuda alone.

That's not a typo.

SEG Gaps Smaller Orgs

Jason nailed the explanation...smaller teams can't babysit their SEGs the way larger organizations can. They don't have dedicated staff constantly tuning rules and managing whitelists. So, while the tools work the same way, the outcomes are dramatically different.

 

The Three-Quarantine Problem

Jeff dropped what might have been the line of the webinar: dealing with "three quarantine places is a drag."

Anyone who's managed email security knows this pain. You've got quarantine in your SEG, quarantine in M365/Google, and users asking where their emails went. Meanwhile, you're playing detective across multiple systems trying to track down that "urgent" message from the CEO that turned out to be legitimate.

The group wrestled with this exact tension during our discussion. As Jason put it: "There's a balance there...defense in depth versus having three places to go find something." Everyone gets that email filtering is a requirement, but the operational complexity of managing multiple layers can become its own problem.

Jeff's perspective captures it perfectly: you need the protection, but the simpler you can make the investigation process, the better off your team will be.

The Buzzword Winner

When we asked which industry buzzword makes them hit delete fastest, "AI" won decisively. Not because they're anti-technology, but because they're tired of vendors slapping "AI-powered" on everything without explaining what it actually does. And yes, I see the irony too, but TBC, we've been using (home-grown) AI in our email security platform for almost 10-years.

Michael summed it up: vendors need to show, not tell. Real data beats marketing speak every time.

What Actually Triggers Change

The conversation about what finally pushes security teams to look for better solutions got real, quickly. Between breaches, phish clicks, VIP complaints, and increasing time spent on email tickets...it's usually all of the above, plus the realization that you're flying blind.

As one panelist put it: "You find out when something bad happens" isn't a strategy anyone wants to stick with.

The Whitelist Vulnerability That Everyone Knows

Before diving into the numbers, Jason shared a story that'll sound familiar to anyone managing email security. When they used Proofpoint, they'd whitelist trusted vendors and partners. Standard practice, right?

Then one of those whitelisted companies got compromised.

"They would walk right in," Jason explained. "So it's nice to not have that anymore. When people say I need this whitelisted, I say, no. We don't do that. We'll evaluate the threat when it comes because we know it is coming at some point." (watch the video clip below)

That's the allowlist weakness problem in action, and it shows up in the data.

The Numbers Don't Lie

The research covered 1,921 IRONSCALES customers who also use SEGs, so we could measure exactly what traditional gateways miss:

  • Barracuda: 101 missed attacks per 100 mailboxes monthly
  • Proofpoint: 68.4 missed attacks per 100 mailboxes monthly
  • Cisco: 51.6 missed attacks per 100 mailboxes monthly
  • Mimecast: 38.4 missed attacks per 100 mailboxes monthly

What's getting through? Primarily credential theft (32.8%) and vendor scams (34.3%), the exact threats that bypass traditional rule-based detection.

Jason's whitelist story suddenly makes a lot more sense when you see vendor scams topping the list.

Want to See What You're Missing?

Curious about your own environment? We built a calculator that uses this same research data to estimate what your SEG might be missing. Takes about 8 seconds and uses real numbers from organizations like yours.

Try the SEG Missed Attacks Calculator →

Watch the Full Conversation

The 30-minute recording captures the complete discussion, including the war stories we couldn't fit here. No sales pitch, just practitioners sharing real experiences with real data.

Watch the Hidden Gaps Webinar →

Get the Research Details

The full whitepaper breaks down the methodology, vendor-specific findings, and attack type distributions. It's the kind of data you can actually use in budget discussions.

Hidden_Gaps_in_SEG_Protection_Feature_Image

 

 

 

 

 

Download the Hidden Gaps in SEG Protection Report →

 

Sometimes the most valuable insights come from admitting what you don't know. In this case, most security teams don't know how many attacks their SEGs miss each month. Now you can find out.

 

Explore More Articles

Say goodbye to Phishing, BEC, and QR code attacks. Our Adaptive AI automatically learns and evolves to keep your employees safe from email attacks.