Transitioning from a Secure Email Gateway to an ICES

Email security and protection against phishing are business priorities as phishing-initiated attacks soar: Statistical data shows that 71% of companies experienced a phishing attack in 2022. Without protection against phishing, employees, and the companies they work for are sitting targets. Secure Email Gateways (SEGs) were developed to provide email security. However, as cybercriminals innovate techniques and tactics to evade detection by SEGs, a new generation of integrated email security has arrived to take on the challenge. 

Integrated Cloud Email Security (ICES) offers unrivaled protection against email-borne attacks. TitanHQ explains why it is time to prepare your organization to transition from an SEG to ICES.

Integrated Cloud Email Security (ICES) vs SEG

Productivity suites such as Microsoft 365 and Google are popular solutions, with millions of companies depending on them to keep their business moving forward. But popularity is also a draw for cybercriminals intent on stealing from and harming legitimate businesses. A study has shown that cybercriminals that target popular solutions such as M365 are developing phishing campaigns that specifically evade detection by in-built cyber defenses in M365. The study captured a drop in detection rates by Microsoft Exchange Online Protection (EOP) and Defender over three years; during this time, evasive phishing tactics were explicitly developed to evade detection by these SEG tools built into popular applications.

Secure Email Gateways such as Microsoft EOP and Defender are no longer effective because hackers understand how they work and develop workarounds. These evasive workarounds can circumvent the basic protection mechanisms of an SEG; SEGs typically act as a proxy for the organization’s email server, redirecting email traffic for analysis and filtering inbound and outbound emails, searching for malicious indicators. SEGs use conventional methods to detect malicious email content using sandboxing and data loss prevention (DLP) techniques. It is these traditional methods that cybercriminals have learned to evade. Cybercriminals are even using AI technologies such as generative AI to help them develop code and phishing templates that an SEG cannot detect.

In the meantime, technology has advanced, and new AI-driven email security solutions have entered the arena. These new technologies provide multiple layers of AI-driven protection known as Integrated Cloud Email Security (ICES).

Cybercriminals that target popular solutions such as M365 are developing phishing campaigns that specifically evade detection by in-built cyber defenses in M365.

Features and Functions of an ICES?

Integrated Cloud Email Security (ICES) is a term coined by Gartner in its 2021 Market Guide for Email Security. Gartner added ICES solutions as a new category, firmly placing this new technological solution as a way forward in detecting and preventing advanced phishing threats. 

ICES solutions are cloud-native SaaS solutions that provide the capabilities inherent in cloud solutions, such as scalability, ease of deployment, and easier maintenance and management. The phishing detection and prevention sophistication inherent in ICES moves these security solutions into the next generation of email security products. 

Typical core features of an ICES solution that differentiates it from an SEG include the following:

• Unlike an SEG, an ICES solution does not require changing the Mail Exchange (MX) record or rerouting emails; ICES connectivity is handled using APIs.
• An SEG, such as M365, can be complex to configure correctly, leaving security gaps. ICES solutions, like PhishTitan, are designed for ease of configuration.
• ICES capabilities are based on AI, behavioral analytics, and natural language processing (NLP). These advanced techniques mean an ICES can enable advanced threat detection, including emerging and zero-minute phishing threats.
• AN ICES learns and modifies over time using behavior analytics and natural language processing. This capability is vital for the detection of social engineering-based phishing campaigns. This capability also helps to reduce false positives.  
• ICES integrates directly with common SEGs, such as M365 and Google, allowing a smooth transition to fully ICES when the time comes.

Gartner recommends augmenting SEG solutions with an ICES solution, such as built-in productivity suite email security. However, over time, Gartner expects an SEG to be replaced by the superior capabilities of an ICES.

41% of cyber-attacks begin with a phishing incident.

IBM X-Force

Limitations of Using an SEG without ICES

According to a 2023 IBM X-Force report, 41% of cyber-attacks begin with a phishing incident. Some companies use an SEG built into the productivity suite, without using an ICES overlay, to handle phishing attempts. However, this leaves security gaps. A study found that almost 20% of phishing emails go undetected by Microsoft 365 Exchange Defender and Microsoft Exchange Online Protection (EOP). Understanding the limits of an SEG provides insight into why using a Secure Email Gateway alone is not enough to prevent a cyber-attack that begins with phishing.

Some of the Limitations of an SEG include the following:

• Gaps in Emerging Threat Detection: SEGs do not use intelligent technologies to identify threats such as zero-hour and zero-minute exploits. Instead, an SEG uses deny lists, allow lists, and signatures to identify phishing emails and stop attacks. This factor significantly reduces the effectiveness of an SEG compared to an ICES. An ICES uses AL and natural language processing to detect highly sophisticated phishing emails.
• Poor Detection of Targeted and Multi-Stage Attacks: Each business has unique elements that phishing attackers exploit. For example, targeted spear phishing attacks focusing on specific organizational roles are much more challenging to detect. Another scam SEGs fall short of is Business Email Compromise (BEC), which can include multiple stages in an attack and may involve compromised email accounts. SEGs cannot detect complex, often multi-stage phishing attacks. ICES solutions are designed to detect email patterns, allowing the system to detect multi-stage phishing campaigns and compromised accounts.
• It Falls Short of Detecting Sophisticated Evasion Tactics: Open redirects, where legitimate web pages automatically redirect to another URL, allow cybercriminals to use legitimate URLs as first-stage phishing links. This is a challenge for an SEG, as an SEG cannot detect hidden payloads. However, an ICES solution like PhishTitan can detect evasion tactics, including URL swaps.

Transitioning to an ICES

Secure Email Gateways provide a good level of first-line defense. Still, they must now be shored up by more intelligent, proactive technologies available by applying an ICES layer to augment a SEG. Augmentation is only a steppingstone to more dedicated and effective technologies built to detect and prevent modern cyber threats. ICES technologies can utilize AI to recognize evolving threats, designed to evade detection by conventional solutions such as an SEG. An ICES that integrates with native email security in popular productivity suites like M365 provides the smooth transition pathway needed to move to an advanced ICES solution. 

PhishTitan ICES

PhishTitan provides an easy transition path to full ICES capability for the challenges of modern email-borne cyber-attacks. Importantly, PhishTitan uses AI, natural language processing, and behavioral analytics to drive emerging threat detection to detect and prevent sophisticated, multi-stage phishing attacks. PhishTitan performs this by applying anti-phishing analysis using AI and LLM data; training data is collected from a vast threat corpus. Detection of emerging threats is a core capability of PhishTitan, and even zero-minute phishing messages designed to change URLs are identified by the PhishTitan service. 

PhishTitan is an advanced phishing protection and remediation solution that integrates directly with Microsoft 365, catching and remediating sophisticated phishing attacks Microsoft misses. With direct API-enabled integration with M365, PhishTitan makes the transition from SEG to ICES simple and seamless.

Talk to TitanHQ about how PhishTitan can protect your business from even the most sophisticated phishing attacks.