What is Integrated Cloud Email Security (ICES)?

Integrated Cloud Email Security (ICES) solutions are API-based security platforms that use AI and machine learning to stop advanced email attacks. They connect directly with cloud email services like Microsoft 365 and Google Workspace without affecting email traffic or native security features.

Email has become the essential communication tool in the digital age, but it also exposes us to increased risk of cyberattacks targeting email systems. Integrated Cloud Email Security (ICES) solutions are designed to address this concern by providing advanced protection against various email-based threats. This article will discuss the fundamentals of ICES, its key features and benefits, differences from legacy solutions like secure email gateways (SEGs), examples of attacks that ICESs can catch, and considerations for replacing or augmenting your SEG with an ICES.

Integrated Cloud Email Security Explained

Integrated Cloud Email Security (ICES) is a comprehensive email security solution that combines multiple layers of protection to defend against a wide range of email-based threats like business email compromise (BEC), account takeover (ATO), and more. ICESs leverage artificial intelligence (AI), machine learning, and other advanced technologies to detect and block malicious emails that slip past traditional email security tools.

Separately, traditional email security solutions—and the default features of cloud-based email providers—can only detect common email attacks with harmful content, such as SPAM, malicious links and attachments, or fake email domains. However, these methods are not enough to stop newer forms of sophisticated phishing like business email compromise (BEC) or vendor email compromise (VEC) attacks. Unlike the old-school phishing attacks, these advanced attacks use "malicious intent" based emails that only rely on text-based social engineering techniques to trick recipients into giving up login information, sending confidential data, or paying a false invoice

This is where ICES solutions play a crucial role. ICES solutions connect with cloud email services through APIs and integrate directly with Microsoft and Google's built-in email security to deliver comprehensive protection without having to change MX records or possibly affecting email traffic.

What are the key features and benefits?

ICES solutions offer various features and benefits, including:

  • Multi-layered protection: ICESs combine several security layers, such as AI-powered analysis, computer vision, threat intelligence, and sandboxing to stop advanced email threats.
  • Real-time threat detection: ICESs use API-integration with cloud email services to actively monitor and analyze email traffic and inboxes, detects and responds to threats in real-time.
  • Account takeover detection and remediation: ICESs use AI and machine learning to analyze inbox behaviors and various other factors to detect and remediate account takeover attempts.
  • Seamless integration: ICESs are easily integrated with cloud email services, allowing for streamlined deployment and management.

How do ICESs differ from legacy solutions like secure email gateways (SEGs)?

While both ICESs and SEGs aim to protect organizations from email-based threats, ICESs offer a more advanced and comprehensive approach to email security. SEGs primarily rely on traditional techniques such as signature-based detection and content filtering, which may not be effective against sophisticated attacks. ICESs, on the other hand, use advanced technologies like AI, machine learning, and computer vision to identify and block a wider range of threats. Additionally, ICESs are better suited for cloud-based email systems and can be more easily integrated with other security solutions.

What are some examples of attacks that ICESs catch that traditional gateways do not?

ICESs can detect and block various attacks that can bypass traditional secure email gateways, such as:

  • Business Email Compromise (BEC) attacks: ICESs can identify and stop BEC attacks, which involve the impersonation of trusted individuals or organizations to manipulate victims into transferring funds or divulging sensitive information.
  • Spear-phishing: ICESs can detect highly targeted spear-phishing emails, which often use social engineering and personalization to deceive recipients.
  • Zero-day exploits: ICESs can protect against previously unknown vulnerabilities or exploits, thanks to their advanced threat intelligence and real-time monitoring capabilities.
  • Account takeover attacks: ICESs can identify suspicious inbox behavior and account activity to detect and remediate account takeover attempts before financial damage occurs.

Should organizations consider augmenting or replacing their SEG with an ICES?

When deciding between augmenting an existing legacy secure email gateway (SEG) with an ICES solution, or replacing the SEG with their native cloud email security combined with a ICES solution, organizations should carefully assess their existing security stack, IT/Security team resources, and existing or future IT service management (ITSM) requirements.

While augmenting the SEG with an ICES solution can enhance protection against advanced threats with a defense-in-depth security approach, it may also result in added complexity and potential compatibility issues. Conversely, transitioning to native cloud email security and a modern ICES solution provides a more streamlined approach, offering better integration, scalability, and adaptability to emerging threats while still providing the enhanced protection against advanced threats like business email compromise and account takeover.

Ultimately, the decision should be based on factors such as the organization's security requirements, budget, and existing infrastructure, as well as the potential benefits and challenges associated with each option.

Gartner's Thoughts on ICES

"Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG."

Read Gartner's recommendations in their 2023 Email Market Guide


When considering whether to replace or augment an SEG with an ICES, several factors should be taken into account:

  • Email environment: If an organization relies heavily on cloud-based email services, an ICES can provide better integration and more comprehensive protection than a traditional SEG.
  • Threat landscape: Evaluate the types of threats the organization faces. If you are dealing with advanced threats like BEC/VEC attacks, account takeover attempts, or VIP impersonation, an ICES will offer the best protection.
  • Scalability & Flexibility: ICES solutions are designed to scale with the organization's growth, enabling the solution to handle increasing email traffic and security demands without disruptions or additional investments. API-based solutions can be easily adapted to different email environments and security strategies, as they allow for customization and configuration based on an organization's unique requirements.
  • Budget: Depending on if an organization is considering augmentation or replacement of their legacy secure email gateway, an ICES could be seen as an added cost or a cost savings. In the case of augmentation, ICESs add costs to an organization's email security stack, but it can reduce the total loaded costs through reduced incident response and remediation expenses (not to mention the savings associated with preventing a breach).
  • Installation and Operation: ICES are easier to set up and integrate across an enterprise's security stack via their API. In terms of operational costs, ICES solutions are generally more user-friendly and easy to learn. This makes the platform more accessible and easier to manage, even for individuals with limited technical expertise.
  • Compliance requirements: ICESs can help organizations meet various data protection and privacy regulations, such as GDPR, SOC2, or HIPAA.

In conclusion, Integrated Cloud Email Security (ICES) solutions offer advanced, multi-layered protection against a wide range of email-based threats. They are particularly well-suited for organizations that rely on cloud-based email services and face sophisticated attacks. Deciding whether to replace or augment your SEG with an ICES depends on your organization's specific needs, threat landscape, compliance requirements, budget, and resources. Carefully evaluating these factors will help you make an informed decision on the best email security solution for your organization.

IRONSCALES: The next generation of ICES

Integrated Cloud Email Security solutions are commonly seen by vendors as advanced machine-only solutions using AI to address advanced email threats. While the most sophisticated AI-powered systems can effectively identify and prevent a vast majority of threats, roughly 99%, they are still leaving a small yet significant 1% undetected. When applied to large organizations this 1% can still result in thousands of threats getting through. This gap in coverage underscores the limitations of relying solely on technology to combat evolving email threats and highlights the need for a more comprehensive approach that combines AI with human insights.

IRONSCALES is an Integrated Cloud Email Security (ICES) solution that offers complete protection against modern email threats using AI and human insights. Key features of the platform include:

  • Industry-leading AI: IRONSCALES' artificial intelligence employs advanced techniques such as natural language processing and social graph analysis to detect and prevent advanced email threats like social engineering. By continuously learning from user interactions and evolving its threat intelligence it has become the industry's only fully autonomous AI security analyst.
  • Human Insights: IRONSCALES incorporates human insights by empowering users on the mailbox level to engagement in threat detection and remediation via banners and report buttons. The platform then uses the verified threat data across its network of security professionals and employees reporting threats in its user base to feedback into the AI system continuing to advance its threat detection capability.
  • Customized banners and report button: Customized email banners are provided by the platform for different types of suspicious emails enabling employees to investigate and report threats directly to security analysts from within the inbox. 
  • User Empowerment: Weaponizing top-performing employees for threat detection and remediation based on their long-term threat detection accuracy when reporting suspicious emails effectively expands the security team and enhances overall protection.
  • Phishing Simulation Testing: Natively integrated phishing simulation testing based on real-world threats, helps to train and strengthen the defenses of the organization's email users. Phishing simulation campaigns can be manually customized and automatically generated and deployed for a fast and scalable impact.
  • Crowdsourced threat intelligence: Organizations using IRONSCALES not only gain the human insights from its own employees and security analysts, but the insights from all organizations and security analysts using IRONSCALES through its crowdsourced threat intelligence.
  • Security Awareness Training: IRONSCALES offers integrated security awareness training solution that educates employees on cyber threats and best practices. By providing a vast library of video training content and easy-to-deploy personalized training campaigns, IRONSCALES equips employees with the knowledge and skills needed to recognize and respond to cyber threats of all kinds.

Whether augmenting an existing legacy secure email gateway (SEG) or replacing it with native cloud email security, IRONSCALES provides a multi-layered defense against modern email-based attacks. Its seamless integration, adaptability to evolving threats, and user-centric approach make it an ideal choice for organizations seeking to strengthen their email security posture while fostering a proactive security culture.

Learn more about IRONSCALES advanced cloud email protection here.

FREE Email Health Scan

Request an AI-powered email scan of your mailboxes and uncover lurking phishing threats.

Featured Content

Human & Machine

A core tenet at IRONSCALES is that phishing is a human + machine problem that can only be solved with a human + machine solution.

Vendor Spoofing

A researcher at IRONSCALES recently discovered thousands of business email credentials stored on multiple web servers used by attackers to host spoofed Microsoft Office 365 login pages.

The Cost of Phishing

Businesses are spending too much time and money on phishing. Discover how much in this survey report. 252 security professionals. 20 industries. 5 key takeaways.

Schedule a Demo

Request a demo to see what IRONSCALES AI-powered email security can do for you.