Email has been a dominant communication medium for decades – today’s SMTP was born in 1981 and over the next three years a projected 375Bn emails are expected to be sent every day. Unfortunately, its ubiquity has made it a prime target for cyber criminals. In fact, 94% of malware is delivered via email. With businesses now moving away from on-prem email servers to cloud-based platforms like Microsoft 365 and Google Workspace, securing email in the cloud is more important than ever. This article explores the different framework options for modern email security: Native, SEG, and ICES.
Native Security
Native email security controls are included in productivity platforms like Microsoft 365 and Google Workspace, making them a convenient option for organisations seeking to consolidate vendors.
Gartner states that 75% of enterprises are adopting a vendor consolidation strategy, so using native security platform, such as often underutilised E3/E5 with Microsoft 365, makes sense. These controls often include blocking known bad senders/domains, AV scanning of attachments, and analysing/identifying SPAM.
Advantages of native security:
-
Simplification for single-vendor estates (e.g. Microsoft 365, Google Workspace)
-
Single subscription billing
Disadvantages of native security:
-
Less advanced capabilities compared to pureplay security vendors, resulting in reduced efficiency against sophisticated modern attacks.
-
Often complex UI and policy management lacking customisation.
-
Unlikely to work in hybrid environments.
-
Homogenous architecture and brand prevalence makes platforms a valuable target for malicious attackers to harvest credentials and bypass security controls.
Integrated Cloud Email Security (ICES)
Gartner classifies email security solutions that use an API (for example Microsoft GraphAPI) to analyse messages instead of a cloud-based gateway as ICES. ICES work alongside native functionality, enhancing security by adding techniques such as anomaly detection, natural language processing, and other ML-based approaches to detect risks and account compromises. This approach can effectively detect spear phishing, social engineering, and business email compromise attacks.
Advantages of Integrated Cloud Email Security:
-
Quick to deploy alongside native capabilities, no major configuration changes
-
ML-oriented security focuses on the human element, offering protection against more sophisticated phishing attacks
Disadvantages of Integrated Cloud Email Security:
-
Many solutions don’t necessarily quarantine questionable emails but provide the user with inline prompts and warning banners to reinforce security awareness training.
-
Reliant on platform API infrastructure, i.e. vendors often throttle API calls to prevent resource overuse on each tenant. For large volumes of email this may cause a delay in analysing and securing malicious email sat in the user’s inbox.
-
Not suitable for hybrid or multi-cloud environments and complex mail routing requirements.
Secure Email Gateway (SEG)
The cloud gateway is the tried-and-tested method of intercepting and scanning email traffic inline before it hits the user’s inbox. By modifying the DNS MX (mail exchange) record emails are routed via the vendors gateway for analysis and sanitisation. Most SEGs employ a Message Transfer Agent (MTA) architecture that relays traffic through multiple layers of security before it is delivered to the mailbox. As email is not real-time communication, the resulting delivery delay of up to a few minutes is acceptable.
Advantages of Secure Email Gateway:
-
Sophisticated pre-inbox protection against SPAM, phishing, malware, and business email compromise with defence-in-depth approach.
-
Inbound and Outbound mail scanning and attachment sandboxing – this enables intricate routing for hybrid environments, and the ability to easily add Compliant Archiving, Encrypted Communication, Data Loss Prevention and other modular features.
-
Ease of management, and automation through simple firewall-style rules and policies and a centralised dashboard for configuration and reporting
Disadvantages of Secure Email Gateway:
-
Requires DNS configuration and configuration of SPF/DKIM records to bypass native platform security.
-
Retraction of threats after they have been delivered requires time-of-click URL scanning, not just time-of-delivery to protect against post-delivery arming tactics.
-
Does not natively support internal email scanning via M365 as messages don’t route via MTA.
What is the best type of email security?
Our ethos at Censornet is to encapsulate the best of both worlds, with a SEG to secure emails inline before they hit the user’s inbox, and ICES API-triggered security to enable features such as post-delivery deletion and internal mail protection.
Although Email is the primary threat vector (91% of all cyber-attacks begin with a phishing email), around 2/3rds of incidents are cross-channel or multi-stage attacks. This means that the attack chain can move quickly to the web via a malicious URL, or deliver a malware payload via a cloud file sharing service for example. In these scenarios having even the most sophisticated security on the incoming medium is not enough. You need to be able to share threat intel in real-time across the entire attack surface. Only then can you protect not only against malicious outsider, but also the threat (be it accidental or malicious) from the company insiders, e.g. posting a file to a public SaaS cloud share or transmitting sensitive data outside the organisation.
Censornet’s autonomous integrated cloud security platform does this. Our platform provides modern, sophisticated protection across all attack vectors, delivered in a single pane-of-glass dashboard, thus reducing the operational burden on IT professionals and mitigating risk and potential damage that could be caused by a data breach.
Email security is critical to every organisation. With the rise of cloud-based platforms, securing email in the cloud has become even more important. Native security controls, ICES, and SEGs are all options for securing email, each with its own benefits and challenges. At Censornet, we believe in combining the best of both worlds to offer sophisticated protection across all threat channels.