Our recent report Fighting Phishing: The IT leader’s view, shows that 84% of organizations were impacted by a phishing attack over the past 12 months. While most organizations implement tools to deal with these attacks, as criminals grow in sophistication, there's an increased need to supplement this existing technology.
A secure email gateway (SEG) is a great first defense against phishing attacks and other email scams, but organizations should also consider an integrated cloud email security (ICES) solution.
A SEG provides pre-delivery protection to individuals within your business by blocking threats before they reach the mail server. Most email providers are secure and protect businesses from spam, viruses, malware, and DoS (denial of service) attacks.
These providers can block known threats and work as a great add-on to existing antivirus software. What this tool is not so good at, though, is detecting more sophisticated scams such as business email compromise, which is where ICES comes in.
What is an ICES solution?
Using machine learning and natural language processing (NLP), an ICES tool, can go beyond blocking known threats by protecting and educating employees in real-time. In Fighting Phishing: The IT leader’s view, 89% of surveyed IT leaders had at least one issue with the performance of their SEGs. An ICES solution steps in to fill these gaps and better protect a business from malicious actors.
The Gartner 2021 Market Guide defines ICES as the predominant defense against phishing threats that may otherwise slip past traditional security controls. Specific vendor capabilities vary, but the key here is that ICES solutions offer several advantages over SEGs, including advanced threat detection, ease of use, and improved response.
What an ICES solution does
ICES products use behavioral analysis, natural language processing (NLP), and machine learning to detect and stop phishing attacks, account takeovers, and the delivery of ransomware.
While a secure email gateway might be able to detect known threats, an ICES solution takes this to the next level. While SEGs can scan links and attachments for malware, the more sophisticated attacks use social engineering to lure victims into handing over data or sending money. An ICES product's advanced tools mean it's possible to stop these social engineering attacks before they cause any damage to the business.
Gartner explained in its guide: "[ICES] email security solutions use a variety of advanced detection techniques, including NLU, NLP, social graph analysis (patterns of email communication), and image recognition."
Findings in IBM's Cost of a Breach Report showed that organizations with AI-based security solutions — such as ICES — experienced a significant reduction in data breach costs, cutting breach costs from $6.71m to $2.90m.
Contextual machine learning allows a tool to understand users' behavior in real-time. That includes the message's content, the sender's typical behavior, their location, and when they're communicating with recipients. That allows the ICES product to spot suspicious activity outside the expected behavior of a user and their recipients.
NLP turns language into actionable data. Attackers often use it to find out sensitive information about a target to launch a spear-phishing attack. That's why it's also an important tool in preventing these types of attacks. An ICES solution that uses NLP can understand the context of an email or attachment as a human would and take action accordingly.
Augmentation of SEGs
Augmenting the security of your SEG with an ICES solution is the best way to add additional protection to your business emails. That means you won't just have protection against known threats but also against more sophisticated attacks. An ICES product doesn't need to replace your existing email gateway, either; consider it the next line of defense.
Traditional SEGs provide excellent email hygiene — filtering spam, malware, and some phishing attacks. However, they struggle to detect today's advanced malicious links and payloadless attacks. Treat an ICES tool as a backup for the work your SEG is already doing. By adding machine learning and NLP capabilities to your email security, you'll be able to pick up on more threats, protect your business against email compromise, and foil social engineering attacks.