Email security

How do secure email gateways (SEGs) work?

Seg1440x320

How do secure email gateways (SEGs) work? 

Email is the number one target hackers use to access your organization's confidential data. Because of this, a secure email gateway (SEG) is a must when protecting yourself and your personnel from these attacks. Whether you're looking to prevent a data breach or any other malicious action, a secure email gateway is the first line of defense.

It acts like a firewall for email – checking every incoming and outgoing email for signs of danger.

What is a SEG?

A secure email gateway provides pre-delivery protection to individuals by blocking threats before they reach the mail server. Most email providers are secure and protect businesses from spam, viruses, malware, and DoS (denial of service) attacks.

The email provider scans each message to determine whether it's safe for individuals to open them. If it's deemed unsafe, it'll be blocked and won't be delivered to the recipient. These activities happen in the background without any action needed from the recipient.

What they're good at

Secure email gateways are great at blocking known threats, and they use filtering technology and dynamic threat intelligence to determine which emails are malicious. Because your colleagues are the biggest threat vector for email scams, an SEG is vital in protecting them against known viruses, malware, and phishing scams. 

This feature is an excellent add-on to basic anti-virus software as cybercriminals have become very good at creating programs to bypass anti-virus software. A SEG can add another line of protection against these more sophisticated attacks.

What they're not so good at

While SEGs provide a layer of protection against potential threats, there are some attacks they'll miss. Cybercriminals are becoming increasingly sophisticated regarding how they engineer attacks — often, their goal is bypassing basic forms of email security. One example of this is a business email compromise (BEC) scam. 

What is a BEC scam?

BEC scams are a type of email fraud where the attacker pretends to be a trusted source to trick the recipient into performing a task for an illegitimate reason — this often involves sending money or sharing private information.

These scams tend to be text-based, so they won’t always contain the known malicious signatures that SEGs pick up on. This makes them more likely to slip under the radar. To catch sophisticated text-based attacks, organizations need email security with natural language processing (NLP) capabilities.

No protection against unknown or zero-day attacks

In addition to BEC scams, SEGs won't always pick up on other types of attacks. While they detect known malicious content, they can't protect against new or unknown zero-day attacks, which make up 80% of successful breaches. That's because traditional signature-based detection platforms don't recognize these new attacks.

Hacked inboxes leading to account takeover (ATO) present another threat as SEGs only monitor emails outside the network, meaning emails between colleagues often go unchecked. If a colleague's email was to be compromised, an attacker could freely send malicious emails within the business network without detection.

While SEGs provide a security layer, they can't detect these more sophisticated threats. That means businesses need additional security to protect the organization from malicious actors.

Augmenting SEGs with intelligent security

SEGs have their uses, but it's best to augment them with more advanced tech that uses machine learning and natural language processing. Using these tools, an organization can better detect a threat and stop it in its tracks.

Natural language processing gives the software the ability to understand the context of language. That allows security solutions to look for threats in the email's content. Machine learning adds to this by analyzing the email's content for anything that could indicate a security breach.  

These tools are forever adapting and learning with every new piece of data coming in. By analyzing the context of an email based on previous interactions and messages, these security solutions can pick up on a hacked inbox or a BEC scam — something SEGs are unable to detect.

Bolster your defences with Defend

Egress Defend provides a way to augment your existing email security stack. It builds on the protection offered by secure email gateways to defend against more sophisticated attacks, including business email compromise, the delivery of ransomware, and social engineering attacks. 

Using natural language processing capabilities and contextual analysis combined with social graph technologies, it immediately flags suspicious emails to people as they enter their mailbox. That protects the business, increases compliance, and reduces the chance of a data breach.

Already using a SEG or thinking about purchasing one? Learn how to augment SEGs with Egress Defend.

You might also be interested in ...

Insider threats in cyber security

Discover Egress's article on insider threats are cyber security; From malicious internal sabotage to accidental email sending or disabling security control.

Why you should supplement your SEG with an Integrated Cloud Email Security (ICES) solution

Adding additional protection with an Integrated Cloud Email Security (ICES) solution could be the way to ensure your Secure Email Gateway (SEG) is enough to protect your business from phishing attacks.