Email Security is sometimes falsely regarded as a solved problem. Many security and IT professionals assume that since email and email security systems have existed for so many years, then there are no significant differences between available services. This false assumption leads to not evaluating the efficiency of their current security solution and an unnecessary acceptance of the exposure to advanced cyber risks and threats. 

However, today’s reality proves that this type of misconception can lead to destructive results. We’re witnessing a significant rise in cyberattacks in our day-to-day lives. In the news, we hear about attacks on major organizations every single day, like the recent ransomware attack on Accenture and the SolarWinds attack on 18,000 government and private computer networks. 

These are just the tip of the iceberg. Attackers are infiltrating every type of organization, from businesses to public sector and even non-commercial organizations that were historically a less attractive target – such as healthcare facilities, hospitals, universities, and other educational institutes. Organizations are experiencing different types of attacks, ranging from phishing to everyday malware, advanced malware, such as zero-days and ransomware, and more. Depending on the severity of the attack, business processes can be disrupted or even completely stopped, leaving the organization paralyzed for days and weeks. 

The importance of the reevaluation of email security controls

Given the rising number of cyberattacks, it is no wonder that analysts and email security experts recommend organizations reevaluate their incumbent email security solutions. For example, the new Gartner Market Guide for Email Security notes that “the continued increases in the volume and success of phishing attacks and migration to cloud email require a reevaluation of email security controls and processes. Security and risk management leaders must ensure that their existing solution remains appropriate for the changing landscape”.

Related content: Read our guide to email security protocols.

Tal Zamir

Catch the threats your incumbent security solution misses

The grim reality is that many enterprises are suffering from a growing number of severe cyberattacks, where the majority of them originate from email and actually could have been prevented by a next-gen advanced email security solution with the right features and necessary level of protection. 

What are these missing ingredients? What do security experts need to look for? 

To name a few key capabilities: 

  • Dynamic scanning & recursive unpacking – Many of the email security solutions are built to just statically scan content (simple AV) or use CDR (Content Disarm & Reconstruction technology). AV technology is dependent on what is already known while the latter tampers files and changes them. Dynamic scanning is the process of actually detonating files & URLs inside an isolated environment in order to detect malicious code execution.

    Recursive unpacking is the ability to find threats underlying any nesting level inside the content. This is a key capability in protecting against evasion attempts – without that, an attack can go undetected, when the attacker buries a threat deep inside the content. 
  • Speed and scale – a common problem with incumbent security solutions is managing scale at the required speed. Legacy solutions have indeed migrated to the cloud but are not designed for scaling. When workloads grow, they are forced to be selective on what they scan – which increases the risk for the infiltration of malicious content, and this is exactly what attackers are waiting to exploit.
  • Engine optimization – advanced threat protection solutions require engine optimization, which should be performed continuously, as they are constantly exposed to and need to efficiently protect organizations from new types of threats. If not optimized, security performance degrades over time, which is a common problem amongst organizations. 
    Engine optimization is a combination of the email security solution’s agility – the ability to define new rules and policies on the go, together with a skilled cybersecurity workforce that is able to identify the threats and perform these optimizations on an ongoing basis. 

So how can organizations evaluate the effectiveness of their security solution?

Organizations should opt for evaluating new email security solutions against their incumbent ones with a no-risk, low-effort process. Gartner recommends in the recently published Gartner Market Guide for Email Security, using a POC in Email Security product selection, and also quotes “don’t be surprised if the proof of concept (POC) process of the incoming vendors shows large-scale improvements over the incumbent product”, but states that this process needs to be done properly, in order to provide a true evaluation.  

Solutions that integrate directly into cloud email via an API or a connector, are much easier to evaluate, compared with legacy secure email gateways (SEGs), because they reside after the MX-record and simply catch what wasn’t caught before them. In addition, in order to lower the effort and required resources, organizations prefer not to make any network infrastructure changes, and thus should opt for solutions that provide an easy, plug-n-play deployment. 

Related content: Read our guide to email security solutions.

Recommendations

  • Form a strategy for email security
    Evaluate current technologies in the market to form a strategy on what needs to be part of your email security solution’s architecture, features, and related processes and playbooks.
  • Monitor your email security’s performance and evaluate it periodically
    Don’t blindly trust the email security solution you have. In the current ever-evolving cybersecurity threat landscape, the recommended period of time for reevaluation is every 6 months.
  • Perform a POC evaluation and compare against your incumbent solution
    Choose a solution to POC according to your email security strategy, make sure it’s an easy to deploy and measure solution. 

Catch what’s not caught with Perception Point’s Advanced Email Security

Perception Point’s Advanced Email Security is designed to provide security experts with the ability to easily and at no risk, improve their detection capabilities, and accurately assess their current security gaps, by allowing an evaluation of which threats the current security solution misses and Perception Point catches. 

Perception Point’s solution is: 

  • Easily connected and integrated, with a deployment process that takes minutes and does not require network infrastructure changes. 
  • Runs in the background, in a nonintrusive mode. 
  • Compliant with SOC 2, it scans the traffic and does not store clean emails in the system at all. 
  • Backed up by the Perception Point Incident Response team, which optimizes the  service’s detection engines for your organization, and delivers investigation requests and reporting. With Perception Point, the evaluation of your next email security solution just got a whole lot easier. 

To learn more about how to prevent ransomware, phishing, and other cyberattacks with Perception Point. Contact us today for a demo.

Why is it important to reevaluate email security controls?

According to Gartner, “the continued increases in the volume and success of phishing attacks and migration to cloud email require a reevaluation of email security controls and processes. Security and risk management leaders must ensure that their existing solution remains appropriate for the changing landscape”

What do security experts need to look for in an email security solution?

– Dynamic scanning & recursive unpacking
– Speed and scale
– Engine optimization

How can organizations evaluate the effectiveness of their security solution?

Organizations should opt for evaluating new email security solutions against their incumbent ones with a no-risk, low-effort process.  Gartner recommends using a POC in Email Security product selection, and also quotes “don’t be surprised if the proof of concept (POC) process of the incoming vendors shows large-scale improvements over the incumbent product”, but states that this process needs to be done properly, in order to provide a true evaluation.

What steps should you take when reevaluating your email security solution?

Form a strategy for email security
Evaluate current technologies in the market to form a strategy on what needs to be part of your email security solution’s architecture, features, and related processes and playbooks.
Monitor your email security’s performance and evaluate it periodically
Don’t blindly trust the email security solution you have. In the current ever-evolving cybersecurity threat landscape, the recommended period of time for reevaluation is every 6 months.
Perform a POC evaluation and compare against your incumbent solution
Choose a solution to POC according to your email security strategy, make sure it’s an easy to deploy and measure solution.