Guest Column | November 11, 2021

Why SEG-Based Security Is Dying—And Relay-Based Is Rising

By Rom Hendler, Trustifi

Question mark

Over the years, Secure Email Gateways (SEGs) have blocked threats to users’ email inboxes by detecting IP addresses that have previously been identified as malicious, containing those messages before they could breach the intended email server. This broad, “spray” method was the most prevalent and effective mode of spam, viruses, malware, and denial of service attacks, where harmful messages were sent en masse to a volume of random recipients. This technique was easy to detect in standard, on-premises environments.

However, hackers have switched gears and developed phishing methods that are near impervious to SEGs. Venture Beat recently reported that more than 2 million malicious emails bypassed SEG gateways in a year. Threats that did not exist before the prevalence of cloud-based email are not detected by these legacy SEG solutions, a fact that has necessitated a complete reinvention of email security.

Gone are the days when the best security tactic was to screen out messages from known, ill-intentioned IP addresses. Hackers have developed more elaborate phishing schemes targeting high-level executives. They hack a C-level personnel’s email and impersonate them, making requests for otherwise unauthorized wire transfers. Employees conduct these transfers before ever realizing the directives were fraudulent.

This type of attack falls under the umbrella of BEC, or Business Email Compromise. Because many of these instances of BEC involve contextual instructions inside the email, it has rendered SEGs unreliable, outdated, and unacceptable for businesses sending and receiving secure data. Solutions must employ more technically astute methods like artificial intelligence, machine learning, and optical character recognition to interpret, flag, and quarantine these imposter emails, which often request the transfer of large sums of money.

In The Forrester Wave™: Enterprise Email Security, Q2 2021 report, this major analyst firm noted that SEGs are “slowly becoming dinosaurs.” Now that clients are facing more advanced email security threats, they’re turning to SaaS-based solutions that are commonly used with products such as Google’s G Suite and Microsoft’s Office 365.

Email security experts have started implementing cloud-native API-enabled email security (CAPES) as alternatives to SEGs. Such solutions are also referred to as relay-based security, and they offer a roster of benefits as opposed to SEG-based email security. Managed Services Providers need to deliver a highly intelligent solution that has evolved along with the malicious actors—and along with the proliferation of cloud infrastructures.

Why SEGs Must RIP

A primary challenge of legacy SEGs is that they reside on the client’s locally-housed server, as opposed to the cloud, where most secure data now reside. This local gateway architecture of the SEG creates a single point of failure. If the system goes offline, users are unable to send or receive emails. No organization has time for the outage delays and potential compromise of data associated with this method.

Due to its dependence on the “whitelisting” of approved IP addresses, the authentication method between SEGs and email servers has become weak. SEGs function based on IP reputations, global blacklists, and signatures—all outdated metrics that do not apply to the latest cyber email threats.

SEGs are also limited in their ability to address active security complications on the fly. Given the inline nature of SEGs, once email messages have moved into user mailboxes, there is often no ability to pursue post-delivery corrections or modifications without expensive, poorly integrated add-on tools. Plus, SEGs require dedicated, technical management skills of engineering support teams involving time-consuming manual software updates.

Email Encryption As A Defense

Cybercriminals are looking at who your users communicate with, how they communicate, who at their organization is empowered to do what, and even what times users are more likely to slip up. Effective email encryption can thwart hackers from gathering the information they need to conduct these more sophisticated impersonations since nefarious actors can’t access encrypted content that will allow them to identify powerful executives.

Email security must allow organizations to secure and protect data to and from any device whether mobile or on-premises, both inbound and outbound. They should include automated tools for real-time email analysis and activity insights, active alerts, and quarantining options for questionable emails. These technologies should also ideally provide two-factor authentication as well as the ability to recall, block, and modify messages or attachments. Empowering the end user with these tools can prevent costly mishaps.

To combat BEC, organizations must consider using cyber security solutions that leverage more advanced methods such as AI and machine learning to fully protect email from end-to-end. These tools go beyond catching blacklisted IP addresses and instead have moved on to analyzing language and habits. AI tools and relay-based solutions will guard organizations against this new level of malware, ransomware, spoofing, phishing, and other future forms of cyber fraud, and will solidify an MSP’s position as a trusted IT advisor, bringing cutting-edge knowledge and protections to the table.

About The Author

Rom Hendler is CEO and Co-Founder of Trustifi, a SaaS-based security solution featuring relay-based email security and encryption. The company’s white paper on SEG vs. relay-based cyber security can be found here.