Why You Should Switch from an Email Security Gateway (ESG)

Email security gateways (ESGs) no longer match the realities of today's threat landscape.

Look no further than the recent news about a zero-day exploit of Barracuda’s Email Security Gateway (ESG) appliances. Over the recent holiday, UNC4841, the Chinese state-sponsored threat actor, took advantage of the vulnerability CVE-2023-7102 to target Barracuda customers. This latest attack offers a major reason to switch from ESGs. Other signals come from respected institutions like Gartner, which has recommended since 2020 that organizations adopt a cloud email security supplement (CESS) instead of legacy gateways. This year, Gartner doubled down on this recommendation in their 2023 Market Guide for Email Security.

Still, many organizations continue to rely on ESGs. If you're among them, there are numerous reasons you should consider switching to a CESS—also known as an API-based or integrated email security solution.

In this post, we examine why you should switch from an email security gateway to a cloud email security supplement and how you can.

Why email security gateways put you at risk

Many in the cybersecurity community, including vendors, have moved away from ESGs. Here are four reasons to consider following suit:

1. Lack of adequate protection.

The recent UNC4841 attack isn't the first to target an ESG or an organization relying on one. By design, ESGs leave you vulnerable to hackers. While zero-day threats are becoming increasingly common, legacy gateways rely on reputation and signature-based detection methods that filter for known malware signatures and blacklisted IPs and senders. These technologies protect against attacks that worked in the past, not those that are just emerging.

With an estimated 450,000 new malware variants introduced every day, organizations need forward-looking solutions that can predict and prevent advanced, dynamic, and emerging attacks. That's where integrated, AI-powered email security solutions come into play.

2. Lack of insider protection.

ESGs exist outside the architecture of cloud email platforms like Microsoft 365, leaving you exposed in the event of an account compromise. This means you can't detect or monitor insider attacks, whether they are phishing, spear phishing, or malware. Considering that you must defend an ever-expanding attack surface—due in part to the growth of the digital supply chain and interconnected tools—this represents a significant vulnerability hackers can exploit.

3. MX record changes.

ESGs require an MX-record change, a significant security concern. MX-record changes give hackers clues to determine what email security solution you’re using through an MX-record lookup. From there, they can determine how best to circumvent or exploit your protections.

4. Configuration and effort.

In addition to lengthy deployments, ESGs require manual configurations that, while time-consuming, also open the door for misconfigurations that can lead to vulnerabilities in your security.

How to switch from an email security gateway

How do you make the switch from an email security gateway to an integrated solution? Simple. Start signing up for demos and evaluating solutions. Once you pick the right one, deployment and configuration can take as little as a few minutes.

When shopping for a new solution, look for the following capabilities and features:

1. Advanced protection against spear phishing: CEO Fraud, Payroll Fraud and other spear phishing scams are arguably the most difficult to detect and the ones that many solutions miss. Look for solutions that harness Natural Language Processing algorithms and offer anomaly detection. These can spot subtle textual threats that are masked as legitimate requests.
2. Anti-phishing and malware protection: Don’t forget phishing and malware. Phishing attacks are the most common threat and #1 cause of initial compromise. It’s also the top method of distributing malware. Look for solutions that leverage machine learning and Computer Vision algorithms, and base detection on a real-time and extensive intelligence network. Be sure to evaluate whether solutions can protect against advanced threats like Quishing, or QR code phishing, which is a trending attack that many email security solutions can’t handle.
3. Cross-tenant incident response: Saving time is not only an administrative benefit, but an important outcome for adequate security. Favor solutions that allow you to take action across your tenants, including investigating and remediating suspicious emails. Better yet, look for those that can automate tasks, such as automatically remediating threats post-delivery, while allowing you to manage email security through a single pane of glass.
4. Phishing awareness training: Human error remains your greatest risk. Phishing and spear phishing attacks typically require your users to participate in the scam for it to succeed. Phishing awareness trading can fortify this weakness by teaching users how to spot and report potentially malicious threats. Ask whether the email security solution includes phishing awareness training, and whether it’s an additional cost or part of the complete security package. For those that offer it, favor the ones that administer training automatically, personalize it by role, and deliver it any time a user encounters a threat.
5. Vendor track record: The partner is arguably more important than the product. That’s why you should evaluate the “who” of your email security as much as the “what.” Select vendors that offer significant partner support, lack a history of being targeted and exploited by hackers, and have a record of serving clients that need elevated security.

How Vade can help

It’s only a matter of time before hackers exploit the next ESG vulnerability.

Protect your business, clients, and users by adopting an AI-powered and integrated email security solution like Vade for M365. Leveraging an intelligent AI engine backed by sophisticated algorithms, human insights, and a global intelligence network of more than 1.4 billion mailboxes, Vade for M365 protects against today’s most advanced emerging threats.

The solution also automates important aspects of managed security, including remediating threats post-delivery and administering just-in-time, personalized phishing awareness training. For tasks that require human intervention, it offers a cross-tenant dashboard and capabilities, as well as robust features for incident response and threat investigation.