WHITE PAPER

A SEG Doesn’t Offer Sufficient Protection From Email Threats

In today's complex threat landscape, secure email gateways (SEGs) no longer offer sufficient protection against modern types of phishing attacks and must be reinforced from inside the mailbox.

Ironscales_You’re_SEG_Won’t_Save_You_WP_Landing_Page_Transparent_Image_382x359_v1

Overview

Advanced email phishing attacks remains the most problematic cyber security issue that companies face today. An estimated 90% of successful cyberattacks can be traced back to a phishing email. Global losses from business email compromise (BEC) attacks cost organizations billions of dollars every year. And because cyber criminals are enjoying so much success, these attacks aren’t going away any time soon. If anything, the pace of attacks will continue to accelerate. As a result, security teams are overwhelmed, and employees are stressed out because they don’t want to be the one who falls for the next phishing attack. In an era of sophisticated and targeted attacks, each phishing attack affects multiple mailboxes across multiple organizations and requires managing an array of defensive tools to quickly detect and remediate phishing attacks. For this to become reality, CISOs and other information security managers must implement a multi-pronged approach including proven, post-delivery capabilities to bolster their defenses. In today’s complex threat landscape, secure email gateways (SEGs) no longer sufficient protection against modern types of phishing attacks and must be reinforced from inside the mailbox. Just as no security professional would ever suggest a firewall alone is enough to protect enterprise infrastructure, simply having a SEG in place is likewise insufficient to defend against advanced phishing attacks.

 

The Rise and Fall of the SEG

When SEGs first emerged and bad actors were less technically savvy, this technology provided an adequate layer of protection to block basic email phishing threats and spam. Not so today. Sophisticated attackers have created targeted phishing and BEC techniques that bypass SEGs with ease. The modern bad actor can easily assess which SEG an organization uses and find ways to slip through basic spam filters or even bypass the perimeter entirely. Once these dangerous threats have landed in user mailboxes, they are well beyond the reach of the SEG and its basic scanners and spam filters. That’s not to say the SEG has no role in today’s complex threat landscape. On the contrary, the SEG remains a critical, legacy workhorse focused on stopping spam and malicious attachments. However, protecting the perimeter – even with enhanced cloud prefiltering and modest anti-phishing capabilities – is no longer sufficient. Organizations must complement their SEGs with another layer of endpoint protection – and this one needs to operate from inside the mailbox itself.
 

Bypassing the SEG

Threat actors are constantly developing new, inventive methods – from social engineering and identity deception to BEC – to trick their targets, compromise accounts, and steal valuable credentials. For example, attackers may use different file extension names to bypass SEG attachment controls and deliver their payloads. SEGs only see what they know: e.g., known signatures,  malicious attachments, and web links. With 40% of all attacks containing unknown elements, it’s not surprising that many targeted phishing and BEC attacks still pass through SEG defenses should concern every information security professional. At the same time, those vendor-provided signatures mentioned above typically lag the actual threats, providing an ineffective defense against phishing email attacks. Outdated signatures from SEGs aren’t created in real time and can take up to 250 days from the time a phishing email attack is first reported to the time a signature is made available to enterprise technical staff – assuming it receives a high enough priority by the vendor to warrant a signature. Furthermore, the trend toward sophisticated, polymorphic phishing email attacks makes traditional signature-based approaches only marginally useful. Plus, many SEGs don’t scan every URL. Instead, they focus only on the type of URLs people click. But with more phishing attacks using single-use URLs, the risk of falling victim is growing.
 

A Race against Time

Inundated with the time-consuming tasks of manually responding to phishing attacks and attempting to mitigate those risks in the first place, security teams are drowning. They’re also fighting a losing battle – attempting to respond faster than end users can click on a malicious link. On average, it only takes 82 seconds from the time a phishing email is first distributed until it successfully lures its first victim.1 When cyber risks are multiplying unabated, SOC teams can’t afford to waste a minute. No solution will ever stop 100% of attacks. The realistic challenge then becomes how to respond to a phishing incident once emails land in the mailbox. The days of manual search-and-delete incident response are over. Enterprises need automated, post-delivery detection and response capabilities to address threats their email gateways missed. Automated anti-phishing solutions powered by machine intelligence can analyze messages at the mailbox level and provide one-click remediation of a phishing attack across the organization. As a result, security teams can reduce the time from discovery to remediation from days or weeks to a matter of minutes or even seconds.

 

Even Standards-Based Protocols Lack Sufficient Protection

In a perfect world, standards-based protocols like Domain-based Message Authentication, Reporting, and Conformance (DMARC) would provide adequate protection against phishing attacks based on domain-name spoofing. Unfortunately, we don’t live in a perfect world. DMARC requires both senders and receivers to be compliant, and that’s not always the case. Moreover, many phishing attacks that slip past native email gateways don’t involve exact domain name spoofing but instead use techniques such as domain lookalikes – and DMARC doesn’t protect against impersonation attacks like these. In a recent analysis of more than 100,000 email phishing attacks that successfully evaded SEGs, less than 1% were based on exact domain name spoofing.2 It’s worth noting that exact domain name spoofing represents only one of the many easily implemented weapons for email phishing attacks in the attacker’s arsenal.
 

The Future Is Autonomous

When SEGs first emerged and bad actors were less technically savvy, this technology provided an adequate layer of protection to block basic email phishing threats and spam. Not so today. Sophisticated attackers have created targeted phishing and BEC techniques that bypass SEGs with ease. The modern bad actor can easily assess which SEG an organization uses and find ways to slip through basic spam filters or even bypass the perimeter entirely. Once these dangerous threats have landed in user mailboxes, they are well beyond the reach of the SEG and its basic scanners and spam filters. That’s not to say the SEG has no role in today’s complex threat landscape. On the contrary, the SEG remains a critical, legacy workhorse focused on stopping spam and malicious attachments. However, protecting the perimeter – even with enhanced cloud prefiltering and modest anti-phishing capabilities – is no longer sufficient. Organizations must complement their SEGs with another layer of endpoint protection – and this one needs to operate from inside the mailbox itself.
Container-1

Stop Email Attacks.

Dead In Their Tracks.

Get better protection, simplify your operations, and empower your organization against advanced threats today.