Email Security Gateway – What is it and why should you have one in place?
I recently wrote a blog post about how to spot a phishing attack (read it here), and also incorporated some of the content in a webinar we did with Precursor Security which showed how easy it is to was to compromise a Microsoft 365 account (watch it here). In both I mentioned that if you had a sufficient Email Security Gateway in place then it should help to catch and block phishing attempts. Here I will go into more detail about what an Email Security Gateway is, and what it can do for you.
What is it?
An Email Security Gateway is effectively a security barrier between your email solution and the outside world. It has visibility of all emails sent / received and interrogates them looking for malicious content.
How does it work?
When an Email Security Gateway is put in place, the MX records for your email domain are changed to the servers of your chosen provider. This then points all email traffic to your chosen solution which will then forward the email traffic to your email servers after interrogating them. Connectors are also configured within your email solution to allow mailflow to and from the Email Security Gateway.
How does it protect you?
Traditionally, an Email Security Gateway would be hosted on-premises scan an email’s attachments for viruses and that would be that. These days an Email Security Gateway is based in the cloud and will protect you against much more. Here are just a few of the attack types that a competent solution will prevent:
- Denial of Service (relevant to on-premises email servers)
- Impersonation emails
- Malicious links in emails
- Zero-day threats
- Email account takeover
- Low reputation senders
Some numbers for you…
- 91% of cyberattacks start with an email
- 85% of organisations were hit by a phishing attack in 2020
- 1 in 7 organisations experienced an account takeover in 2020
- $200,000 is the average ransom fee paid in 2020
“But I am using Microsoft 365 which has built in protection”
While technically this is true, the Microsoft Defender for Office 365 product requires a license uplift to get only some of the comparable features that a dedicated Email Security Gateway would provide. Being a dedicated solution, a 3rd party product would sanitise email traffic before it even hits Microsoft 365 and provides protection against more threats than Microsoft. Additionally, in independent tests Microsoft 365 ATP tends to perform poorly against the competition (full test here):
An Email Security Gateway would also provide an Email Continuity solution should the Microsoft 365 email servers ever go down (which they have done in the past). See a brief diagram from Barracuda on how this would work:
Email servers working
Email Servers NOT working – Barracuda’s Email Continuity service takes over
What do we recommend?
Planet IT recommends a capable 3rd party Email Security Gateway like Barracuda or Mimecast to protect your business against email threats, as both solutions provide all the tools and protection you need to keep your organisation safe.
If you would like to discuss further how Planet IT can help you secure your email environment and protect your users from scams like the above email, please get in touch via DM or email [email protected].
My name is Adam, and I am a security-focused Technical Architect. My job is to provide expert advice on security solutions and assist our customers with protecting their environment from viruses, ransomware, and other nasty attack vectors! My background is in Security as a Service, Infrastructure and Helpdesk Support; I keep myself up to date with the latest threats and security products, so you don’t have to! Want to hear more of my thoughts on Cybersecurity and other technology news? Connect with me on LinkedIn