Gartner’s Best Advice Yet on Reinforcing Your Defenses

In its 44 pages, Gartner’s new Technical Professional Advice, titled simply, How to Build an Effective Email Security Architecture, offers an unblinking look at where we stand in relation to email cybercrime, and how best to protect ourselves.

We’re locked in an intense, ongoing battle with worsening cyberthreats. The savage ingenuity and persistence of the criminals out to plunder enterprises of their assets and data are daunting. The time is ideal for this fresh analysis from Gartner.

Overwhelmingly, email is the main battlefield and critical channel for cybercrime; the premier target and entry point for hackers. Gartner notes Verizon’s statistic that phishing and pretexting encompass 98 percent of social incidents and 93 percent of breaches. Defenders confront a brutal equation—protection can work seamlessly 99.9 percent of the time, but a single phishing email that makes it through can cost a company unrecoverable millions.

A major headwind in solving cybercrime involves human nature itself, specifically trust. Even in the face of well-publicized risk, consumers and businesses lavish their unearned trust on senders, message body content, links, and attachments.

Hackers and Email: Love and War

Hackers love email for its low cost, scalability, and versatility. It adapts handily to both high-volume spam and slow, targeted spear-phishing. Email is uniquely elusive: mailboxes and domains can be registered by anyone accessing the Internet. Hackers have countless options for dodging and thwarting security solutions.

Only email offers such myriad ways to abuse protocols and technology, including a dizzying array of spoofs. Verification is complex and challenging. Email lets criminals deliver the initial URL, the attachment, the link to an exploit kit or phishing website, the payload, lucrative BEC, credential phishing attacks, and the ultimate insult of ransomware.

SEG: The Workhorse

Gartner considers Secure Email Gateways (SEGs) as “the workhorse for most email security architectures” and — their most important component. The flexibility to deploy on-premises or as a cloud or hosted solution gives SEGs additional value. SEGs stop inbound email attacks closer to the attacker—and farther from you. However, SEGs are not a silver bullet.

Fortify your SEG defense

SEGs can’t do it all, and their limitations are a major concern because they put the entire defense architecture at risk. “Not all SEG vendors include best-of-breed spear-phishing protection,” warns Gartner “Should this be the case for your SEG solution, consider complementing the SEG with a solution that provides additional protection” against targeted spear-phishing attacks and BEC.

Arm SEGs with machine learning and advanced capabilities

Gartner recommends enhancing vendor-offered SEG defense with advanced threat detection solutions such as those offered by Area 1 Security, to effectively battle elusive phishing attacks. Integrating smoothly with SEGs, Area 1 Security guards the inbox with capabilities that include:

  • Pre-emptive crawling
  • Machine learning models
  • Cousin domain detection
  • Anomaly detection—among others
Battling the Spectre of Phishing

Gartner defines phishing as “a form of social engineering to lure the recipient to perform an action.” The action could be leaking sensitive information, such as credentials, but it could also be BEC or even the installation of software attached to the message.”

A primary goal of a phishing attack is to install malware on your system. Once that happens, you are vulnerable to a universe of misery, including ransomware, theft of banking information and corporate credentials, and cryptomining. You’re wide open to all manner of fraud, as are your partners and vendors.

This is why Gartner calls out anti-phishing defense as an essential element of an overall email protection architecture. Those who focus on network and gateway security should start with a strong SEG, but don’t neglect the other layers of a multi-tier approach encompassing anti-phishing, anti-malware, sandboxing, URL inspection, anti-spam, and data protection through DLP and encryption.

BEC: The Emperor of Extortion

Phishing attacks can hardly deliver a more perilous racket than BEC. Because it is low-volume, extremely targeted, and bare of attachments or URLs that might flag its malign intent, BEC slips easily under the radar of conventional defenses. Worst, successful BEC pays off like practically no other crime.

The time and effort that criminals spend educating themselves about their victims on social media, learning how to mimic their writing styles, and conniving to compose credible messages is well spent when the bell rings for millions of dollars. Gartner notes that in 2017, the FBI’s Internet Complaint Center (IC3) received 15,690 BEC/EAC complaints with adjusted losses of over $675 million, as revealed in the U.S. Federal Bureau of Investigation (FBI) “2017 Internet Crime Report.”

In today’s landscape, a layered or multi-tiered approach is key to keeping your mailbox from being weaponized against you. Gartner’s latest publication is a comprehensive bible on designing an email security architecture that works on all levels against sophisticated malware, malicious URLs, credential phishing and BEC; all enhanced with checklists, tables and statistics.

If you’re a Technical Professional Licensed with Gartner’s research, here’s the full report: or contact us to learn more about on how you can stop phishing attacks with our preemptive and comprehensive anti-phishing service.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!


How to replace your email gateway with Cloudflare Area 1

Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.