#SEGxit 2020: Ditch the Security Status Quo

Every now and then — whether the establishment likes it or not — a small flash revolution gains momentum and reshapes the future. In the world of email security, we’re seeing a popular groundswell worth watching

As they move to the cloud, CISOs are resolutely disentangling themselves from legacy technology — specifically, overpriced and underperforming Secure Email Gateways (SEGs) that charge (a lot) for continuing to expose their customers to (a lot of) phishing attacks.

CISOs are calling it SEGxit. Here’s why it’s happening.

Just like the doddering, nodding-off apparatchiks in Brussels, SEG vendors have the agility of concrete and the imagination of indifferent, bumbling bureaucrats.Their legacy architectures and rigid, unresponsive technology put them beyond any hope of reform.

CISOs know it’s past time to leave SEGs on the ash heap of history — for six reasons:

  1. SEGs don’t work. SEG vendors play on fear, uncertainty and doubt — but effective cybersecurity depends on data and facts. And facts have a habit of speaking for themselves. CISOs see how everyday phishing campaigns land in their colleagues’ inboxes, and that SEGs miss 33.7 percent of all phishing attacks.
  2. SEGs are rigid, reactive and unresponsive. Incremental efforts to “tune” Old World SEGs like Cisco IronPort, Symantec MessageLabs, Proofpoint, Barracuda, Mimecast and others are a costly distraction. This millennium’s approach, born in the cloud and pioneered by Area 1, identifies malicious websites and infrastructure before phishing campaigns even launch — and never need “tuning” because they’re always up to date.
    Why? Because cloud-native protection adapts instantaneously. Rather than having to update each box after breaches happen (which is inevitable in the SEGs’ fake “cloud” offerings, since they’re still appliance-based antiques), SaaS architecture deploys new releases and updates at scale to block the most advanced threats in minutes, not days or weeks.
  3. SEGs keep missing the fastest-growing and most dangerous of phishing assaultsBusiness Email Compromise (BEC) where attackers gain control of suppliers’ email accounts and pursue the “long con” of multiple email exchanges that lead to multi-million-dollar fraudulent wire transfers.
    Proof? Area 1 just prevented a $24.5 million wire transfer from a major global airline to a fake fuel supplier, after the real one was compromised by a phishing email. The Old World’s most “sophisticated” SEG, relying on authentication and signature-based detection (SPF, DKIM and DMARC), simply missed it.
  4. SEGs cost too much, and aren’t remotely accountable for performance — to you or anyone else. Their entrenched interests override your best interests. In fact, when they come up short, they charge for incremental products and services, piling on more “solutions” that don’t solve the problem. We believe the day will come when every cybersecurity vendor has to be fully responsible for performance — and only gets paid when their solutions work. We call it Pay-per-Phish. CISOs call it accountability.
  5. SEGs compromise organizations — and CISOs’ careers. Security professionals are inherently risk-minimizing. In the case of underperforming legacy SEGs, security leaders are realizing that the risks of doing nothing — and the downsides of the SEG status quo — are far greater than directing dollars to technology that actually does what it says.
  6. SEGs don’t matter. In 2020, you have your cloud email provider, and — since its defenses are inadequate — you likely have a SEG. So it’s a simple equation. Of these two, who will still be around in 2030? If you bet on Microsoft and Google, you already know that SEGs will be the odd man out. An expensive, forgotten footnote in cybersecurity history.

In fact, as with any revolution, the seeds of the SEGxit movement were sown by the transition to cloud email and the unresponsiveness of SEG vendor laggards. It took root among frustrated organizations overcharged and underwhelmed by their SEGs’ performance, and increasingly concerned about the #1 cause of cybersecurity damages — phishing attacks.

The leaders of this movement are CISOs that have voted with their dollars, justifiably placing their full faith and credit in the only born-in-the-cloud anti-phishing protection that works, and — au revoir, mon ami! — keeping more of their currency in the bargain.

At RSA later this month, you’ll see the spark of a popular revolution against the entrenched, sclerotic, unresponsive SEG legacy.

The signs will be everywhere. Take back your power! Free yourself of entanglements! Just say “No” to security appliance salesmen! Restore your independence and self-determination! Ditch the security status quo!

SEGxit 2020. You won’t just hear about it. One day soon, you’ll be part of it.

Meet us at RSA to learn more.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!


How to replace your email gateway with Cloudflare Area 1

Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.