MISLEADING CONCEPTS ABOUT EMAIL SECURITY GATEWAYS ARE BEING SPREAD BY NEW PLAYERS OF THE EMAIL SECURITY INDUSTRY

New players of the email security industry are spreading a number of misleading concepts about Email Security Gateways.

We briefly reply to these “attacks” to the Email Security Gateway solution which, by the very nature of SMTP, is still the most efficient and most effective email security approach.

 

1. When using an email security gateway you are not forced to turn off Microsoft’s or Google’s email security

Multiple layers of protection can co-exist. It’s up to you to decide whether to keep the Office365 or Google security checks in place when deploying Libraesva ESG.
Once e more effective protection is in place you can choose whether to accept the false positives that the second layer involves or not. Routing inbound email traffic through the gateway and disabling security checks are two independent configurations.

You get to choose.

 

2. Attackers cannot bypass the security gateway

When deploying Libraesva ESG, the proper configuration of O365/GSuite involves blocking inbound email except from the security gateway.

With this simple configuration any attempt to deliver email bypassing the gateway will result in a rejection.

 

3. Scanning outbound (or even internal email) is possible with an email security gateway

LibraesvaESG can scan inbound, outbound and even internal email traffic should you wish to do so. Scanning inbound email is, of course, the main purpose of any email security solution.

Scanning outbound provides additional security features like the account takeover protection and the Adaptive Trust Engine, which improves the protection by learning from legit communication patterns and highlighting unusual ones.

Scanning internal email traffic is also possibile even though it is more of a marketing argument rather than a security feature.

 

4. The email security gateway detects and blocks compromised accounts.

The Libraesva ESG provides a full set of features for account takeover protection: automatic detection of account abuse, early alerting and easy manual disable of compromised mailboxes.

 

5. BEC, whaling, impersonation attacks are detected and blocked by email security gateways

Libraesva ESG provides a specific engine against BEC/Whaling: any impersonation attempt is blocked and a notification is immediately sent to the organization.

The Adaptive Trust Engine automatically highlights unusual senders, it also detects and blocks impersonation attempts.

 

 

SMTP is a protocol explicitly designed for relaying messages through different gateways.

The Email Security Gateway is still the best email security solution because it perfectly fits with the SMTP design principles and it relies on the very fundamentals of the SMTP protocol.

Complexity is the enemy of security, adding additional complexities weakens the security.

 

Simplicity and ease of management is another field where the email security gateways excel. Adding an Email Security Gateway is simple and safe: just by updating the MX record you route the inbound traffic to the gateway. Complex and dangerous configurations are avoided, no need to provide full administrative control of your Microsoft or Google tenant to third parties, which is not a wise security practice.

By managing directly the SMTP conversation with the sending servers, the Email Security Gateway is in a privileged position: very useful information for the security classification gets lost in the following steps.

Any email security solution that analyzes the message at a later stage can rely solely on information contained in the email headers. The email security gateway, being the MX record of the domain and being the one that actually “talks” with all the sending servers can rely on all the transport information you can have.

An email security gateway is independent of you email solution. You are free to change provider, move to or from the cloud, the Libraesva ESG is agnostic: it will follow your choices by providing additional features where specific APIs are available but it will not tie you to a vendor or to a technology. Vendor lock-in is a hidden cost that the email security gateway frees you from.

 

Rodolfo Saccani
CTO / Head of R&D @  Libraesva