What is a Secure Email Gateway? How They Work and Why They Aren’t Enough

A secure email gateway (SEG) is an email security solution that filters emails for suspicious and potentially malicious messages.

Many organizations have implemented a secure email gateway as part of their email security system. Before an email enters or exits your employee's inboxes, it needs to pass through a SEG first. The email gateway determines whether the incoming email has red flags which indicate a malicious message. It can also monitor outgoing emails for sensitive information. If red flags are present, it won't deliver the email.

Even though SEGs are a popular email security defense tool, they haven’t kept up with the changing landscape of email attacks. SEGs look at traditional signs of suspicious emails, which means they don’t catch social engineering attacks that are increasing in frequency and danger.

Organizations have noticed this too. According to Gartner's email security market guide, at least 40% of all organizations will rely on built-in security from cloud email providers rather than a SEG by 2023. That's an increase from just 27% in 2020.

So why move away from traditional SEGs? Read on to learn more about how SEGs work, and why they're not enough to protect your organization from the latest email threats.

A secure email gateway works to protect inboxes from suspicious emails. SEGs scan all incoming and outgoing emails, using a set of rules to determine whether an email is allowed to pass through the gateway to an inbox. The goal for email gateways: filter out malicious emails and only deliver non-threatening emails.

Secure email gateways detect emails with unwanted content like spam, phishing links, or malware. Once a SEG detects a potential email threat, it blocks the email from getting sent and reaching the intended recipient. This reduces the odds that a company will fall victim to an email-based cyberattack because it was never delivered in the first place.

Different gateways have different features. But these are common aspects of a standard SEG:

• Spam and graymail filtering: SEGs focus primarily on detecting and blocking spam emails. It looks for common patterns found in spam messages and then quarantines them. It may also include a feature for employees to mark an email as spam. These same features extend to graymail.

• Malicious content protection: Email gateways can detect certain elements of a phishing email like malicious links or attachments. However, sophisticated phishing attacks can pass these tests, eluding SEG rules and delivering the email.

• Data loss prevention: Outgoing emails are also scanned with SEG. It looks for sensitive information in emails that are getting sent to an unauthorized recipient. DLP can help prevent intentional or accidental data leaks from employees.

• Email encryption: Some SEGs offer end-to-end encryption to obfuscate sensitive messages and data.

When choosing email security solutions, it's essential for organizations to choose products with the required capabilities and configurations. Otherwise, security gaps may appear.

It may seem that a SEG is enough to block email threats, but even the best secure email gateway has some shortcomings. Criminals constantly adapt to defensive technology, and SEGs haven’t evolved to keep up. While a SEG does a great job of filtering spam and large-scale email attacks, it’s not equipped to handle highly-targeted phishing and social engineering attacks. Our email security survey found that 78% of respondents believe a SEG is largely incapable of protecting a modern cloud email environment.

Why? Sophisticated socially engineered email attacks don't have traditional red flags and known bad signals (like suspicious attachments and links or spoofed domains), which means a SEG can't detect the threat and allows the email to enter a recipient's inbox. This leaves your organization at risk of modern, costly attacks like business email compromise.

Implementing a SEG also comes with drawbacks. Organizations need to change their MX record to redirect to the SEG. It’s not always an easy and instant integration, unlike an API-based solution.

Secure email gateways struggle with social engineering attacks that don’t contain traditional malicious email signals.

Take a supply chain compromise, for example. In this cyberattack, a criminal compromises the account of a trusted vendor and sends an email about a payment transfer to one of your employees. The email contains no malicious links or attachments and is text-based only.

Here is a real-world example of a social engineering attack that evaded a secure email gateway. The attacker impersonated a trusted vendor and tricked an employee into transferring $753,000 to a new bank account.

A traditional SEG allows the email to enter an employee's inbox because there are no red flags of a cyberattack. It comes from a known partner and doesn’t contain obvious malware. However, modern email security with natural language processing and behavioral models can notice the unusual request–an unusual financial request involving an invoice outside of the regular scheduling with new deposit information, for example–and mark the email as suspicious.

Business email compromise and account takeover threats continue to rise since email gateways lack the technology to notice and block socially engineered threats. The FBI reports that business email compromise cost organizations a stunning $2.4 billion in 2021. This is why it's crucial for organizations to augment or replace their SEGs with email security that can detect unusual email behavior in topic, tone, and sentiment.

Organizations should consider integrated email cloud security (ICES). An API-based ICES solution significantly adds to your email security stack. It provides additional visibility into internal traffic to help identify and prevent account takeovers, lateral phishing attempts, and unwanted email content.

When combined with cloud email providers (like Google or Microsoft) and their built-in security, it can replace the traditional SEG and provide more efficient email security.

Abnormal Security identifies the modern threats which evade SEGs. Email gateways don’t have the AI and NLP technology to read between the lines of an email to detect socially engineered threats.

SEGs also struggle with suspicious internal emails, which a cloud-based security solution can detect.

Abnormal Security has the advanced email security tools you need to protect your organization from social engineering attacks. Some of our features include:

• Detects behavioral anomalies in emails by understanding relationships and context.

• API seamlessly integrates with email cloud providers like Microsoft 365 and Google Workspace.

• Additional visibility into internal emails for better threat detection.

• Evaluate vendor risk context for supply chain attacks.

• Monitors all emails, including from trusted sources.

• Leverages cloud signals to search for compromised credentials, unusual sign-in events, and more.