Security and Email Security

Take a holistic approach to email security to reduce vendor sprawl

by Duncan Mills
Published on 5th Oct 2022
Screens Person Chair 1003X233

The proliferation of security tools has reached new heights and rather than improving security posture, the mantra of best-of-breed is having a detrimental effect. To counter this, according to industry analyst Gartner, 75% of organizations are pursuing a vendor consolidation strategyi. 

Email security consolidated back in 2010   

In 2010, Gartner produced their first report for the secure email gateway (SEG). This product category was created for those email security solutions that had converged inbound and outbound threat protection, i.e. signature-based anti-virus and anti-spam with outbound rules-based content-aware data loss prevention (DLP). This allowed organizations to reduce their number of discreet email security products and consolidate around a single SEG.  

In their latest Market Guide for Email Security, Gartner coined two new terms – integrated cloud email security (ICES) and Email Data Protection (EDP). These were created for a new breed of intelligent email security solutions that protect against difficult to detect inbound and outbound threats that evade current SEGs.  

Will history repeat itself and these two categories converge into a single product? Read on to discover why we believe they will.  

Defense-in-depth has created vendor sprawl 

So, how did we get to where we are today? Cybersecurity has always been like a game of whack-a-mole – threats evolve, and new companies bring new technologies to market to counter them. This hotbed of innovation has resulted in a fast-moving industry that fosters start-ups and drives a best-of-breed approach to security infrastructure.  

However, we have reached a tipping point – vendor sprawl has become commonplace and is having a negative impact on security. Every new technology deployed increases the attack surface and the opportunity for misconfigurations that can create vulnerabilities.  

An IBM reportii found that, on average, organizations had 45 security tools, and worryingly, those with more than 50 tools ranked themselves 8% lower in their ability to detect an attack. 

Islands of discreet functionality have created fatigue in the SecOps team  

The IBM report also found that responding to an incident required coordination across, on average, 19 tools. This requires security analysts to be competent in the effective use of many different tools, creating console fatigue. Add to this the alert fatigue caused by trying to make sense of the overabundance of alerts generated by each security technology, and you get an extremely busy SecOps team.  

Organizations are consolidating around fewer vendors 

Given these challenges, it is hardly surprising that organizations are looking to remove some complexity from their security infrastructure. According to Gartner, vendor consolidation is a top trend for 2022iii – 75% of organizations are pursuing a vendor consolidation strategy, up from just 29% in 2020. Importantly, 65% are doing so to improve their overall security posture.  

Five reasons email security is back with a bang 

In 2017 Gartner moved from a Magic Quadrant report for SEGs to a Market Guide. This typically means they consider a market fully matured. However, in the last few years it has seen somewhat of a renaissance, resulting in the creation of ICES and EDP. This is due to five main driving forces: 

  1. Inbound email attacks evade detection: inbound email threats have evolved from malware concealed in attachments and downloaded by clicking on malicious links to payloadless phishing threats that evade detection by incumbent email security solutions.
  2. Outbound email threats cannot be detected: threats resulting from human error that result in data breaches, such as emails and attachments being sent to an incorrect recipient, are a major cause of data breaches, and they cannot be detected by static rules-based DLP tools. 
  3. Cloud email platforms enable new detection techniques: the shift from on-premises email servers to cloud platforms, such as Microsoft 365 and Google Workspace provide APIs to allow post-delivery inspection of emails by ICES solutions
  4. Microsoft now has a credible email security offering: after many years of being considered inferior to SEGs, Microsoft Exchange Online Protection and Defender ATP are now deemed a credible alternative to the market leading SEGsiv.
  5. Intelligent technologies improve detection efficacy: innovation in intelligent technologies such as machine learning, social graphs and linguistic analysis can effectively meet the challenges highlighted in points 1 and 2. 

So, now you need two more security products 

ICES and EDP have emerged as a direct result of these five driving forces. They are two new critical technology controls that you need to shore up your existing email security.   

Addressing the inbound threats with ICES: to protect against sophisticated inbound threats, organizations must deploy an ICES solution to augment their current email security. If they have a SEG, they should evaluate the value it adds over Microsoft 365 to determine whether they can remove it to help their consolidation efforts.  

Addressing the outbound threats with EDP: organizations must address the outbound use cases and protect against data breaches caused by human error that results in misaddressed emails, incorrect attachments, sensitive emails being sent unencrypted, and various other threats. To do so, they must add an EDP solution, as existing SEGs and native Microsoft 365 security cannot address them. 

Intelligent email security is consolidating yet again  

You’ve almost reached the end of this blog and now you are likely thinking that we have just advocated introducing two new products, as a high priority, when much of this blog has focused on reducing vendor sprawl.  

If we can reach agreement that ICES and EDP solutions are both essential if you are to realize your goal of preventing data breaches caused by inbound and outbound email threats, then Egress can help. Egress Intelligent Email Security is one of very few integrated ICES/EDP platforms on the market. This immediately reduces the new vendors you need to add by 50%.  

Next, if you are considering vendor consolidation, you are likely already auditing the functionality provided by Microsoft 365 that is duplicated in your other applications and infrastructure products. No doubt you are also considering removing your SEG but are concerned about the few threats that it detects that might evade Microsoft security. Maybe you should evaluate whether your ICES might help there – Egress Intelligent Email Security is proven to detect threats that evade Microsoft 

At Egress, we have recently taken the next step to realizing our goal of providing fully integrated inbound and outbound intelligent email security. Egress Security Center collapses multiple consoles into a single portal where email administrators and security analysts can execute their high-priority tasks.   

We fully expect that the few vendors leading the charge to take a holistic approach to intelligent email security will enable the market to follow the same path that it took back in 2010, when the previous generation of email security products converged into the SEG. 

This buyer's guide from Osterman Research will help you navigate how to research, evaluate, and choose an email security solution that can augment and fill the gaps left by secure email gateways and the native security provided by cloud email platforms.   

 

i Infographic: Top Trends in Cybersecurity 2022 — Vendor Consolidation, Published 19 August 2022 - ID G00765917. 

ii The 2020 Cyber Resilient Organization Study by the Ponemon Institute  

iii Infographic: Top Trends in Cybersecurity 2022 — Vendor Consolidation, Published 19 August 2022 - ID G00765917. 

iv At the time of writing 87% of reviewers ranked EOP 4 or 5 out of 5 on Gartner Peer Insights