Email continues to be a significant attack vector for both malware and credential theft through phishing. An estimated 40% of ransomware attacks start through email, according to the latest Gartner Market Guide report. In addition to ransomware, “impersonation and account takeover attacks via business email compromise (BEC) are increasing and causing direct financial loss, as users place too much trust in identities associated with email, which is inherently vulnerable to deception and social engineering.”
Focusing on three main types of email security solutions, Secure Email Gateways (SEGs), Integrated Cloud Email Security (ICES), and Email Data Protection (EDP), here are some key takeaways and recommendations from the February 2023 Market Guide for Email Security.
1. Gartner Market Recommendation:
“Evaluate built-in email security capabilities provided by cloud email systems and augment it with third-party solutions for handling sophisticated attacks.”
Cofense Insights: With almost 50% of email phishing attacks, including BEC and credential theft, bypassing secure email gateways (SEGs), built-in email security is no longer enough to protect organizations. As threat actors continue to evolve tactics that bypass traditional email security, it’s imperative that you deploy an automated solution powered by relevant data, that evolves in real-time, to identify, protect, detect and respond to all email threats.
2. Gartner Market Recommendation:
“Ensure that the solution has multifaceted protection for credential theft, as well as computer vision to analyze URLs that are impersonating common log-on pages.”
Cofense Insights: Your email security solution must have a computer vision component to automatically identify and quarantine email threats across your organization in real-time. With the increase in Artificial Intelligence (AI) and Machine Learning (ML), email security programs not utilizing this technology are falling behind. In fact, thanks to our Cofense Vision solution, our intelligence team detected 569% more malicious phishing emails and 595% more phishing campaigns inside enterprise inboxes that slipped past traditional SEGs.
3. Gartner Market Recommendation:
“Look for email security solutions that use ML- and AI-based anti-phishing technology for BEC protection to analyze conversation history to detect anomalies.”
Cofense Insights: Business Email Compromise (BEC) increased 65% from 2016 to 2021, and is now one of the costliest cyberattacks. If your email security solution does not address BEC, you have a major gap in your security. ML and AI-based technologies are key to addressing this growing threat, but utilizing real-time crowdsourced insights to share and remove these threats will give companies an edge against BEC attacks.
4. Gartner Market Recommendation:
“Use email security solutions that include anti-phishing technology for targeted BEC protection that use AI to detect communication patterns and conversation-style anomalies, as well as Computer Vision for inspecting suspect URLs.”
Cofense Insights: Email security solutions should provide BEC protection based on the analysis of email conversations. Computer Vision-enabled technology inspects visuals like landing pages, as a human being would, to identify and flag potential threats.
5. Gartner Market Recommendation:
“Invest in solutions that can use their API integrations into collaboration platforms to filter malicious content or suspicious interactions.”
Cofense Insights: If your email security solution cannot easily integrate with other solutions, you need a new solution. Always ask how a solution integrates with SIEMs, SOARs, TIPs, etc., before selecting a vendor.
For the February 2023 Gartner Market Guide for Email Security, read the full report here.
Gartner,Market Guide for Email Security, Ravisha Chugh, Peter Firstbrook, Franz Hinner, 13 February 2023.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner is registered trademark and service mark of Gartner, Inc and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.