Tip of the ICEberg for Cloud-Native Email Security

Email Security has certainly come a long way. With cloud messaging now the standard versus the legacy on premise approach (Lotus Notes anyone?) the strategy of securing these clouds has also experienced a revolution. Gone are the days of the Secure Email Gateway (SEG) being an option. Cloud-native email protection with multiple deployment options are now changing the game. With winter in our minds, it’s time to start talking about “ICE.”

“ICES” (Integrated Cloud Email Security) solutions appeared for the first time in the recently-published Gartner 2021 Market Guide for Email Security (ID G00735200).  

In terms of the broader landscape, two trends carried over from the 2020 Market Guide: 

  1. Cloud adoption continues to grow; and
  2. Phishing, ransomware and account takeover attacks continue to increase. 

Gartner estimates that 70% of organizations now use cloud suites, primarily Microsoft 365 and Google Workspace. Even though these cloud email providers have provided built-in email hygiene and protection capabilities, email continues to be a significant attack vector, with phishing, ransomware and Business Email Compromise attacks resulting in large financial losses. Gartner cautions that, “Continued increases in the volume and success of phishing attacks and migration to cloud email require a reevaluation of email security controls and processes. Security and risk management leaders must ensure that their existing solution remains appropriate for the changing landscape.”

New Gartner Category Provides Better Security ChoICES 

In this year’s report, Gartner introduced a new category, Integrated Cloud Email Security (ICES), positioning it as the predominant defense against phishing threats slipping past traditional security controls. Although specific vendor capabilities vary, ICES can offer several advantages over traditional SEGs: advanced threat detection, ease of use, and improved visibility and response. Area 1 Security is pleased to be recognized as a Representative Vendor for this growing new category.

Advanced Threat Detection 

One of the challenges of sophisticated phishing attacks is that there is often no link or attachment to scan for malware. Instead, attacks use social engineering to lure victims into sending money or sharing credentials. Other advanced attacks embed malicious links or weaponized documents behind layers of benign content, making detection difficult. 

And as Gartner notes, “As built-in security from Microsoft and Google has improved, threat actors are also getting more sophisticated, often targeting them using fake login pages as a way of harvesting credentials.” And, “Many ransomware-as-a-service gangs use email as the initial entry point. Beyond malware, business email compromise and account takeover threats continue to rise, with significant financial losses as a result.”

Gartner explains that, “To combat these, [ICES] email security solutions use a variety of more-advanced detection techniques, including NLU, NLP, social graph analysis (patterns of email communication) and image recognition.”

Ease of Use

With the majority of organizations using cloud email providers, ease of use and ease of integration are important when adding solutions for advanced threat detection. As an ICES solution, Area 1 Horizon™ can integrate with email providers via API, offering flexibility and faster time to value. (More on that flexibility part later.) 

Gartner indicates that more customers will opt for API-based solutions in the future, predicting that the number of anti-phishing solutions delivered via API integration with the email platform will increase more than 4x by 2025. 

Improved Visibility and Response 

Detection is only one piece of the puzzle; broad visibility and fast response are also necessary for an effective cybersecurity program. 

Building on the advantages of APIs just mentioned, ICES solutions allow easy integration of email events into security information and event management (SIEM) or security orchestration, analytics and reporting (SOAR) systems via API. This allows for increased threat visibility and better coordinated response. Many ICES also offer built-in response capabilities or managed services offerings. (Learn more about Area 1’s post-delivery and M-SOAR capabilities here).

Are SEGs on Thin Ice? 

With all the advantages of ICES, it appears that traditional email security systems, many of which are still hardware-based/hosted hypervisors, are having a hard time keeping up. In our experience, many, if not most, of our customers have existing SEGs but come to us to eliminate the security gap left by SEGs missing threats

Gartner seems to agree, noting that “Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG.”

Gartner also predicts that nearly half (40%) of all organizations will switch to using built-in protection capabilities from cloud email providers and ICES rather than a SEG by 2023. This is an increase of nearly 150%. 

Area 1 Horizon Supports All Gartner Best PractICES

We are pleased to be recognized in the Gartner first-time ever Integrated Cloud Email Security (ICES) category, and believe that we offer the most effective (and only preemptive) email security to defend organizations against advanced threats. 

As an ICES, Area 1 Horizon uses a variety of more-advanced detection techniques, including NLU, NLP, social graph analysis (patterns of email communication) and image recognition to preemptively detect and stop advanced threats. 

However, unlike many other ICES vendors with API-only integration options, Area 1 can be deployed via API as well as inline as the MX record holder, simultaneously ensuring protection across the entire cycle: pre-delivery, at-delivery and post-delivery. With a focus on providing comprehensive security, our flexible deployment options and direct integration make our solution easy to evaluate and prove business value. 

For better visibility and faster response, the Area 1 Horizon  platform also comes with built-in response with message retraction, and we easily integrate with SIEMs and SOARs for a cohesive extended detection and response (XDR) strategy.  

As typical of their Market Guides, Gartner provides security practitioners with a short list of recommended vendor criteria. 

We believe that Area 1 successfully maps to every single recommendation, as detailed below:

In addition, Area 1 Security supports 16 out of the 19 key features Gartner calls out for all email security vendors.

In short, Area 1 offers seamless, deep integration with cloud email providers like Microsoft 365 and Google Workspace for better security. And while many prefer to deploy us just with their email provider for a modern, cloud-first architecture, we also “play nICE” with SEGs, too. 

To request a complimentary copy of the Gartner 2021 Market Guide for Email Security, click here.

To assess whether Area 1 Security can help address gaps in your current email security defenses, contact us for a free Phishing Risk Assessment, here.

Gartner, “Market Guide for Email Security,” Mark Harris, Peter Firstbrook, Ravisha Chugh, Mario de Boer, 7 October 2021.

Gartner Disclaimer:

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.