Home » Uncategorized  »  RIP-SEG

Legacy Secure Email Gateway (SEG) unable to catch latest Phishing Attach

SEG customers might be susceptible to email attacks that other Office 365 and Gmail customers are not. 

Mimecast and Proofpoint were the premier email security solutions for legacy on-premises email platforms, such as Exchange or Lotus Notes. But using them for cloud-based Office 365 or Gmail actually blinds Microsoft and Google's default security. In some cases, you are better off without these email gateways.

Mimecast and Proofpoint Blind Built-In Security for Office 365

Introducing an MTA (a Mail Transfer Agent that changes your MX record) will blind Microsoft and Google's default security to incoming threats.

As a security company, we observe many phishing attacks. Among these, one of the most persistent threats is also the most ironic: deploying a secure email gateway from Mimecast or Proofpoint allows emails that would have been blocked by Office 365 or Gmail to bypass all security. 

This boils down to spending money on a security solution that actually worsens your security posture.

When you double-stack your security with a secure email gateway, you must disable Microsoft and Google's spam filters — which play a key role in anti-phishing. This is why upon deployment, you will often be advised by Proofpoint or Mimecast to disable your default spam filtering and rely solely on the gateway.

Email security solutions like Mimecast and Proofpoint change certain indicators in the email's header, blinding some critical aspects of the default security layers in Office 365 and Gmail.

This would not be a problem if the MTA caught 100% of attacks, but this is not always the case, especially in the first hours or days of an event. From a ‘defense-in-depth’ perspective, it is disheartening to know that in order to deploy a second layer of security, you must essentially disable the first.

Mimecast and Proofpoint Don't Stop Internal Threats in Real-Time

Secure email gateways deploy outside of cloud email to scan inbound and (for an extra price) outbound threats. By default, Mimecast and Proofpoint don't scan internal email, but they offer it — just not in real-time.

Recently, they have introduced a separate product for internal email. Secure email gateways rely on a Rube Goldberg-ian system of tools to quarantine malicious email after they've reached the inbox and have been opened by the victim.

Why Securing Email from inside The Cloud Is Important

Our solution is uniquely positioned to measure the effectiveness of Microsoft's email security. Because we connect via API, we are able to scan email in the line of email traffic — after it has been scanned by Microsoft, but before it arrives in the inbox.

This is true across all of our customers — regardless of if they use only Microsoft's default security, Advance Threat Protection (ATP), or Mimecast and Proofpoint. This allows us to compare the effectiveness of each email provider's security during large phishing or malware outbreaks.

Our anti-phishing solution is different than Proofpoint and Mimecast in a few key ways:

It Enables One-Click Deployment

Because our solution is deployed internally, we are uniquely positioned inside of cloud email. We scan internal threats with no additional, cumbersome configuration, as is the case with gateways.

  • Approve our app from your admin account and in minutes, The solution connects directly to the native API of your Office 365 or Gmail environment—completely out of band, with no need for a proxy, appliance, or endpoint agent.
  • We see everything that Google and Microsoft can, and catch threats that were specifically engineered to bypass them.

To get the full story on how you can test the solution on your life environment feel free to contact us and see for yourself the difference.