Integrated cloud email security (ICES) is a cloud-based email security solution that supplements the native security capabilities of a cloud email provider like Microsoft 365 or Google Workspace. ICES is a relatively new term coined by Gartner in the 2021 Gartner Market Guide to Email Security to describe the evolving offerings in the email security market.
What differentiates ICES? It uses direct API integration (unlike a gateway) with an organization’s cloud email provider, giving it access to thousands of signals without rerouting mail. This visibility allows ICES solutions to understand the content of an email within the context of an organization. This insight filters malicious emails and detects suspicious activity across internal and external emails.
Keep reading to learn how ICES works, the benefits of implementing ICES, and why a secure email gateway (SEG) can't be the only part of your cybersecurity plan.
What Does Integrated Cloud Email Security Do?
ICES scans all inbound external and internal emails for anomalous signals common in socially engineered email attacks like phishing and BEC.
As organizations increasingly rely on cloud-based services, it's necessary to evaluate the efficacy of existing email security solutions. Cloud email providers have expanded their native security capabilities, but they frequently miss attacks. Modern email threats have evolved to evade traditional security like secure email gateways and email provider native security.
Gateways and built-in security from cloud email providers can spot traditional indicators of compromise (IOC) like malicious links, suspicious attachments, or known bad email domains. While this is useful, it doesn't block the new types of phishing and business email compromise attacks. These attacks use text-only social engineering emails to trick targets into sharing login credentials, sending private data, or paying a fake invoice.
That's where ICES solutions come in. ICES solutions integrate with cloud email via API and work directly with Google and Microsoft’s built-in email security to provide a full spectrum of coverage.
According to Gartner, ICES solutions “use a variety of more-advanced detection techniques, including NLU, NLP, social graph analysis (patterns of email communication) and image recognition.”
This allows ICES to track user email behavior, evaluate an email’s context, and spot suspicious tones and language used in phishing and BEC attacks. The combination of cloud email providers' native security and ICES can help to create a comprehensive email security solution.
Key Features and Benefits of an Integrated Cloud Email Security Solution
When it comes to ICES solutions, different providers will offer different features. But here are some recommendations for key features and their related benefits:
Utilize built-in security from cloud email providers: Cloud email providers have evolved to identify and block common attacks. This functionality can include blocking emails from known bad senders and URLs, scanning attachments for viruses, and identifying spam with content analysis. When combined with ICES solutions, it can protect against many email attacks and eliminate the need for a secure email gateway.
API access to the cloud email provider: APIs connect ICES solutions without rerouting emails or changing the MX record. This greatly simplifies deployment and maintenance.
Provide in-line prompts to users: Users receive notifications while reading emails to help them spot potentially malicious emails. It's also a great way to reinforce security awareness training and makes it simple to report suspicious activity to the IT team.
Visibility of internal traffic: Monitoring East-West traffic or internal emails is crucial in detecting insider threats and account compromises within your organization. This lets you leverage thousands of signals across a cloud environment.
Advanced detection techniques: ICES uses sophisticated technology like natural language processing (NLP), natural language understanding (NLU), and image recognition. This helps ICES detect compromised internal accounts or malicious emails by evaluating the tone, language, and context – crucial elements to determine the authenticity of an email.
Builds baselines for better detection: By analyzing past email activity, ICES can understand a user’s normal behavior, communication patterns, and typical tone and content. Establishing this baseline makes it easier for the system to detect suspicious behavior that can indicate account takeover fraud.
Provides end-to-end encryption: Email encryption may be required by compliance and legal regulations.
Built-in classification mailboxes: ICES solutions can understand how users interact with unwanted mail like spam and graymail. It can use this insight to automatically deliver emails to appropriate folders. This improves user experience, saves time, and removes the need for complex policy management.
How is ICES Different From a Secure Email Gateway (SEG)?
Secure email gateways reroute emails through an external gateway for analysis. This implementation is complex, requiring maintenance and, in some cases, disabling cloud email provider native security. SEG threat analysis focuses on known red flags like suspicious URLs and malicious attachments–this doesn’t catch social engineering attacks and necessitates manual review from security teams.
ICES solutions quickly connect directly to the cloud email environment, so they don’t need to reroute emails. And integration means ICES solutions augment existing security from the email provider. The double layer gives an ICES solution visibility across an entire organization’s email ecosystem.
SEGs were designed in a different era when organizations had on-premises servers and a rules-based approach to finding and blocking malicious emails. But the landscape has evolved.
A recent email security trends survey from Abnormal found that:
93% of organizations have switched to a cloud email solution or plan to do so in the future.
78% believe that secure email gateways (SEGs) are not capable of protecting modern cloud email environments.
79% think the native security capabilities of cloud email solutions offer insufficient protection on their own.
90% agree that a combination of a cloud email provider’s native security capabilities and an integrated cloud email security (ICES) platform can replace a SEG.
By continuing to use a gateway, organizations can’t detect modern threats.
Email Attacks That ICES Catches
An ICES solution’s language processing and contextual awareness helps catch socially engineered email attacks that a SEG misses. These attacks include:
Business email compromise
Vendor and supply chain compromise
Social engineering relies on human behavior to trick people into falling victim to scams. With ICES, factors like urgent tones, unusual requests, altered bank details on invoices, irregular payment requests, and more can raise red flags. SEGs don’t detect these behavior-based anomalies in a malicious email.
Consider a business email compromise (BEC) attack. It begins with an attacker impersonating a trusted source like an executive or external vendor. They send an email intentionally designed to bypass SEG rules.
For example, the first email is text-only and employs conversational tactics to build trust. A gateway can't scan any links or attachments for viruses because there aren't any. It also can't evaluate the tone and content of the email for suspicious red flags without language processing, behavioral analysis, and organizational relationship mapping.
Meanwhile, ICES solutions can identify suspicious language and tone indicative of an unusual request. It can also review the email header to spot spoofed domain names. These are two factors commonly used in a BEC attack. By looking beyond traditional IOCs, ICES can monitor behavior-based factors to notice and block a potential email attack.
With BEC attacks increasing by an astounding 84% between the first and second halves of 2021, organizations must implement an email security solution to detect and block these attacks.
Should You Replace Your SEG with ICES?
When it comes to email security, you should continually evaluate your systems and make any necessary adjustments to the latest threats and sophisticated unique attacks.
You can choose to simplify your email security by deprecating your SEG. This allows you to re-enable a cloud email provider's native security features and enhance it with an ICES solution. With this modern, simplified architecture, you can enhance your protection against the full spectrum of attacks and unwanted emails.
Ready to enhance your email security and protect your organization from modern email threats? Get a demo to see how Abnormal Security can replace your SEG.