The dusk of Secure Email Gateway?Gartner Market Guide for Email Security.
No panic, the Secure Email Gateway sector is currently still doing quite well. Nevertheless… when Fortune magazine conducted a survey on email back in 2016, 90% of the organizations surveyed, had a mail server locally. What has changed since then? First and foremost, the cloud email offering.
Today, migrating an email server to the cloud not only simplifies maintenance and administration – it’s also often cost-effective. Especially if your email is part of a larger service like Office365 or G-Suite.
And how does this affect security?
When all email resources were stored locally, security was provided by a “gateway” – Secure Email Gateway. This independent proxy server deployed on a next-hop basis that imposed and enforced security rules on email traffic. This is changing with the migration to the cloud – where some security features are provided natively by the provider. Both Google and Microsoft provide basic email hygiene capabilities, including:
- Blocking emails from known bad senders
- Scanning attachments with AV
- Blocking emails with known bad URLs
- Content analysis to identify spam
According to a Gartner report – by 2023, at least 40% of all organizations will use built-in protection features from cloud email providers instead of a secure email gateway (SEG), up from 27% in 2020.
Migration to the cloud has changed security technologies….
Gartner now defines 3 separate areas of technology to protect email communications – regardless of whether the email server is deployed locally or in the cloud.
- Secure Email Gateway: a gateway in the form of local or virtual appliances or cloud services. SEGs process and filter SMTP traffic and require the organization to change the MX record to point to the SEG.
- Integrated Cloud Email Security: Advanced email security features are increasingly being deployed as integrated cloud email security solutions rather than as a gateway. These solutions use API access to the cloud email service provider to analyze email content without changing the Mail Exchange (MX) record. The integrated solutions go beyond simply blocking known bad content and provide user prompts that can help reinforce security awareness training, as well as provide detection of compromised internal accounts. Initially, these solutions are deployed to complement existing gateway solutions, but increasingly the combination of native capabilities of cloud-based email providers and ICES is replacing traditional SEG.
- Email Data Protection: most often add encryption to track and prevent unauthorized access to email content before or after it is sent. EDP can also help prevent accidental data loss due to misdirected recipients. EDP has historically been either part of a DLP or SEG-class solution. However, as the market evolves, it is evolving into a separate technology or part of ICES.
Given the above – Gartner has come forward to IT security leaders with the following recommendations:
- Consider adopting email security solutions that use ML-based anti-phishing technology and AI to protect against BEC (Business Email Compromise), to analyze conversation history and detect anomalies.
- Consider API-based ICES solutions when evaluating email security solutions. The simplicity of the assessment and additional visibility into internal traffic and other communication channels will help reduce risk.
- Invest in user education and implement standard operating procedures for handling financial transactions and sensitive data, which are often targets of impersonation attacks. Reinforce this training with contextual banners and prompts to help educate users.
- Integrate email events into a broader XDR or SIEM/SOAR strategy by selecting vendors that have integration with these security tools via APIs (faster response).
- The most common practice is still to use DMARC to protect against domain spoofing attacks.
- Don’t rely on email as a way to conduct secure transactions and share sensitive data. Mitigate risk by implementing data protection solutions.
If you would like to explore the future of your email communications security – feel free to contact us!