This is the last article in the 3 part blog series “The Layers of the Email Security Tech Stack” where we break down what a complete email security tech stack capabilities are, what some popular tools that serve these purposes are, and what they mean for practical use. This last piece is the meat of this series, defining the tools and use cases that are required for a comprehensive email security tech stack.

As a quick recap, we covered the 10 functions of email security, how a tool called the Secure Email Gateway (SEG) covers most of these functions, and some of the SEG’s shortcomings. This begs the question…

What Are Some Secure Email Gateway Alternatives?

The most obvious option to using a Secure Email Gateway is to forgo it entirely and rely on the native security functions of cloud email solutions such as Google Workspace or Microsoft 365. These are cloud-based platforms that offer comprehensive protection against advanced threats such as phishing, spear-phishing, and zero-day attacks, often with greater flexibility and scalability than traditional SEGs.

Many of these cloud email platforms have developed many of the same functions of traditional SEGs. Microsoft has significantly enhanced the native email security capability in their 365 cloud email platform by employing the same signature-based and reputation-based detection as SEGs. However, the innovation is working in both ways. Modern SEGs are developing much more functions and capabilities than traditional SEGs including internal email protection and social engineering protection.

What Tools Can Make Up For SEG Shortcomings?

Previous we discussed that the SEG has a difficult time with:

1. Advanced Threats Beyond Initial Delivery
2. Internal Email Threats
3. Encrypted Email Threats
4. Fileless Attacks and URL-based Threats
5. Post-Delivery Threat Discovery
6. User Behavior and Targeted Phishing Attacks
7. Comprehensive Data Loss Prevention (DLP)

A number of technologies exist to serve these use cases. Each of these have some cross-functional uses. Briefly, they are listed below:

1. Secure Web Gateway (SWG) addresses Fileless Attacks and URL-based Threats. SWG solutions can block access to malicious URLs in emails, offering another layer of defense against phishing and web-based threats. Some popular software in this category include ZScaler Gateway and Cisco Umbrella.
2. Data Loss Prevention addresses Comprehensive Data Loss Prevention (DLP). DLP solution to protect sensitive information from being accidentally or maliciously shared outside your organization. Some popular software in this category include Broadcom Data Loss Prevention and Forcepoint DLP.
3. Security Awareness Training addresses User Behavior and Targeted Phishing Attacks. Large organizations invest in educating their employees on the importance of email security and train them to recognize and respond to threats. Some popular software in this category include KnowBe4 Enterprise Awareness Training Program and Mimecast Email Security Awareness Training.
4. SIEM / SOAR / XDR addresses Advanced Threats Beyond Initial Delivery, Post-Delivery Threat Discovery, Fileless Attacks and URL-based Threats, and Internal Email Threats. These are the most advanced solutions on the market, though each one differs slightly from the other. Some popular software in this category include Palo Alto Networks Cortex and CrowdStrike Falcon.

Many cloud email software already incorporate some of these functions.

Everything You Need for a Complete Email Security Stack

For an average user, none of this software is useful. Whatever email client that user chooses, whether it be Gmail, Yahoo Mail, Outlook, or any others, email security is already built in. It works in the background so that the user do not have to think about it.

For small businesses, using cloud-based email solutions such as Google Workspace or Microsoft 365 with some Integrated Cloud Email Security (ICES) solutions such as Abnormal Inbound Email Security will work just fine, or use a SEG. Small businesses tend to have less capital so they need to be able to balance resources with risk.

For enterprises, the email tech stack becomes much more complex. Large enterprises have a lot more risk, data, and attack surfaces. Some companies need on-prem solutions for security purposes or have email service providers. Almost all enterprises already deploy some form of email protection, but some might still lack information on what exactly is needed for comprehensive email security. If so, then check out some of the above-mentioned software.

How Abusix Plays In the Entire Tech Stack of Email Security

Abusix is at the very forefront of email security, positioned at the first layer- the spam filtering layer. Abusix Mail Intelligence is a well-designed suite of real-time DNS Blocklists (DNSBL) that blocks over 99% of spam during the connection session. Abusix Mail Intelligence is created from a number of different data sources:

• Spam traps
• Real-time SMTP Transaction feeds
• Honeypots
• Policy blocklist scanners
• Welcomelists (whitelists)

All of this data is sent into our data processing infrastructure that enriches this data and provides it to the processors that correlate the data and make the ultimate decision to list something or not. This provides the first layer of protection for email systems and saves bandwidth and computer resources by quickly eliminating these threats. It can also protect your reputation by helping identify and block compromised accounts and spam from leaving your network.

For those interested in learning more about how Abusix works in email security, our team is available to assist. Please reach out to us at [email protected] for further information.