As organizations migrate email to Office 365, their cloud-first strategies are calling into question the efficacy of their legacy Secure Email Gateway (SEG).

Particularly with new built in antivirus, anti-spam, data leak prevention, archiving and other capabilities build into the native O365 architecture, is the SEG still needed?

This white paper explores the new security features of Office 365 and the benefit of paring it with the new Secure Email Cloud to stop modern threats such as spear phishing, business account compromise and email account takeover.

Examining Efficacy and Risk of Traditional Email Security Controls
Persistent Security Gaps in Legacy Systems

Given the substantial investments in email security infrastructure over the past few decades, the current state of email security is surprisingly dismal.

An estimated 22.9 phishing attacks are launched every minute of the day, many of which result in a data breach. That data breach costs an average $8.19 million per incident in the United States5, not to mention the long-term damage to brand reputation and regulatory fines.

Executive spoofing has become commonplace because the core email architecture allows end users (instead of the network) to specify the sending identity. Currently, only around 13% of the Fortune 500 have fully protected their corporate domains5, leading not only to fake messages from the C-suite, but similar attacks including brand impersonation, partner invoice scams, and employee payroll scams.

Even with domains protected, workers can be attacked through techniques such as display name deception and look-alike domains. Email-based scams utilizing these techniques can lead to email account takeover (ATO), which allows cybercriminals to pose as the individual to divert money, steal information, and perform other malicious activities. Making matters worse, new single sign-on (SSO) capabilities can exacerbate the incident, leaving sensitive documents, confidential information, and collaboration tools exposed to unauthorized access.

ATO-based attacks are especially dangerous because they are notoriously difficult to detect and serve as a gateway to lateral movement as threat actors glean important context to compromise additional accounts, escalate their privileges, and gain access to other systems, all of which can result in a data breach across the extended enterprise. We explore a particularly virulent attack modality called vendor email compromise (VEC) in our Silent Starling threat dossier.

Malware, virus, and Trojan attacks are still commonplace, but with effective defenses having moved into Microsoft Office 365, attacks have shifted from targeting network and infrastructure to targeting core human emotions of fear, curiosity, and anxiety. These social engineering attacks come without a recognizable payload, so they typically bypass the SEG with plain-text emails that do not utilize the traditional techniques of malicious URLs and attachments.

For its part, the SEG checks incoming email only on receipt and generally does not re-check the inbox for latent threats that evaded detection or that weaponized post-delivery. The legacy protection also only protects against external attacks as email flows into the organization, completely ignoring the email flowing across the organization.


5. Agari Q4’19 Email Fraud and Identity Deception Trends report

Close button
Mail Letter

Would you like the confidence to trust your inbox?