ePrivacy and GPDR Cookie Consent by Cookie Consent

Disinformation - What Your SEG Isn't Telling You

e92plus
July 2024

by Hannah Long

In the realm of cybersecurity, organisations have relied heavily on traditional security solutions and Secure Email Gateways (SEGs) since computers and the internet were invented. Their role? To protect us and digital infrastructures from a plethora of malicious threats.  

However, what many businesses fail to realise is that this traditional security technology has limitations when it comes to accurately and effectively spotting and preventing new email threats. This blind spot can leave companies vulnerable to the sophisticated and ever evolving cyber-attacks that bypass traditional measures. So, what exactly is your SEG not telling you, and why is live threat intelligence so crucial in today's digital landscape?

The Limitations of SEGs

SEGs play a vital role in filtering out threats such as spam, viruses, and known malicious attachments from incoming emails. They operate based on predefined rules, blacklists, and known signatures/ Indicators of Compromise (IOC’s) to identify and block threats before they can enter a network. While effective to some extent, SEGs are not equipped at tackling the sophistication of the threats of today. They struggle when facing new, evolving and advanced threats such as spear-phishing attacks, zero-day exploits, and highly targeted malware. Let’s not forget that threat actors also have access to the very tools companies employ to protect them, so are evolving daily and even minute by minute to evade them.

Cofense detects an email threat breaching SEG technology every single minute, but why are up to 50% of threats still making it through? And, why isn’t this shortfall a topic in the boardroom and higher on the priority list?... Because it isn’t something SEG vendors like to admit! 

So, why can’t, and won’t, these traditional methods of email security ever be 100% effective?

1. Lack of Context: SEGs lack contextual understanding when analysing emails, something only a human is capable of. They may miss subtle indicators of a sophisticated attack, leading to false negatives and allowing malicious emails to slip through the cracks. The access and use of highly personal information from digital public spaces also means that threat actors are now able to engage with recipients and enter a network by leveraging conversational tactics. This highly personalised and convincing tactic doesn’t contain traditional signatures or IOCs, and so is completely reliant on humans successfully identifying.

2. Inability to Detect Polymorphic Threats: The development of accessible technology means that cybercriminals can now constantly evolve their tactics, creating polymorphic threats that change form rapidly to evade detection. A blacklisted email address or known malicious url can be replaced instantly to escape security measures, and SEGs will struggle to keep pace with these dynamic threats, putting organisations at risk.

3. Over-Reliance on Signatures: SEGs heavily rely on signature-based detection or Indicators of Compromise (IOC’s), which means they can only recognise threats that have been previously identified and catalogued. New and emerging threats will go undetected until an IOC is created and updated across a software or network, leaving a window of vulnerability. 

4. Sophisticated New Tactics: In Q1 2024 Cofense has seen an overall trend in increasingly complex but low in volume threat campaigns. Threat actors are adopting far more strategic, sophisticated tactics to achieve maximum penetration and susceptibility. As well as exploiting public personal data to their advantage, threat actors are leveraging the powers of technology and AI to generate far more convincing and tailored attacks. The recent use of malicious QR codes, Vishing and Smishing are all examples of ways threat actors are bypassing SEGs by not containing traditional IOCs, manipulating recipients with convincing content, or ‘appealing’ to them outside the safety of a work network.  

5. Lack of Regulation: Unfortunately, unlike firewalls and other security technology, SEGs receive no regulatory or compliance oversight. They receive no validation testing against the problem they’re meant to solve, so why would organisations know otherwise. With this lack of regulation comes a lack of accountability in the gaps of security, which highlights the importance of employee training and the need for bolstered live threat intelligence.  


The Role of Live Threat Intelligence

To combat the limitations of SEGs and maximise email security, organisations should ensure they are leveraging live threat intelligence. Live threat intelligence includes real-time monitoring, analysis, and integration of real and zero-day threat data to proactively detect and remediate cyber threats as they evolve. This is only achieved by accessing expansive data sources outside of a companies own network, such as Cofense’s network of over 35 million threat reporters. By tapping into it this crowdsourced intelligence will enable multiple layers of a security stack to deliver enhanced email security they wouldn’t be able to deliver by themselves: 

1. Real-Time Detection: By tapping into live threat intelligence, organisations are able to not only educate their security teams, but also their applications, such as SIEMS, TIPS, and SOARs, to enhance the full security stack. It allows teams to search for new threats, but also, by combining it with machine learning tools, allows proactive threat remediation in real time. 

2. Maximised Human Defence: By feeding this crowdsourced intelligence into an organisations training plan and simulations, it ensures an employee base is continually conditioned to spot and prevent the latest threats, even if they have never been seen in their own network. This ensures maximum vigilance and resilience to emerging cyber threats. 

3. Better Prepared Teams: Access to this type of intelligence also means a better and deeper contextual understanding and analysis of email content, sender behaviour, and attachment characteristics. This means that security teams can make educated predictions, decisions and actions based on current trends to better protect their organisation.

4. Adaptive Defences: By having a continuous feed of live threat intelligence into teams and tools means that cyber security can continually adapt to evolve with threats by learning from new data points and threat indicators. This adaptive approach ensures that organisations stay ahead of cybercriminals and are equipped to respond effectively to emerging attack vectors.


Conclusion
In conclusion, while SEGs serve as a fundamental layer of defense against a big portion of email threats, they are not infallible. To enhance an organisations email security posture and mitigate the risks of advanced cyber attacks, organisations must complement their SEGs with live threat intelligence. By integrating real-time threat data, they can deliver more effective monitoring, detection, contextual analysis, and adaptive defenses, better protecting their employees, infrastructure and safeguarding sensitive data.

To find out more about how you could access live threat intelligence and bolster your email security solutions then get in touch.