Secure Email Gateway: The Gaps That Could Cost You

/in


The email channel is one of the most essential components of effective corporate communication. Email is vital to keeping business flowing amongst colleagues, clients, vendors, and others. In  fact, the total number of business and consumer emails sent and received per day exceeded 293 billion in 2019. This is forecasted to grow to more than 347 billion by the end of 2023. 

That’s why it should come to no surprise that the email channel is one of the most leveraged threat vectors. The Verizon 2020 Data Breach Investigations Report notes that 94% of the time malware is delivered via email. Therefore, it’s imperative that organizations have a sophisticated security solution that is able to fully protect their email channel. 

The Three Major Security Gaps of Secure Email Gateway Solutions

Secure Email Gateways typically analyze all inbound emails for malicious content and, if an email is deemed safe, it is sent to the recipient. So, while Secure Email Gateways aim to prevent emails containing spam, phishing, malware or fraudulent content, they fall short in being able to protect against the plethora of other threats regularly targeting inboxes. And, there are additional disadvantages to Secure Email Gateway solutions that open enterprises up to further risk. 

Extremely advanced socially engineered attacks, such as the scenario with the Bank of America phishing attack, enable hackers to penetrate Secure Email Gateway protections. Here, the bad actors’ use of new and unique domains, along with refraining from the traditional “spray and pray” approach, allowed them to bypass being labeled as known bad or nefarious. Threat actors are continuously seeking ways to exploit such vulnerabilities within security solutions like Secure Email Gateway and evade the protective measures enterprises have in place. 

1. Secure Email Gateway relies on known malware signatures 

Unfortunately, new and unknown threats continue to proliferate. Every day, the AV-TEST Institute registers over 350,000 new malicious programs. These programs are unlikely to be found within the Secure Email Gateway’s database of malware signatures. Even if Secure Email Gateways are using dynamic threat…

Source…