GET A DEMO
See why 9,000+ companies trust Darktrace
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Oops! Qualcosa è andato storto durante l'invio del modulo.

What is a secure email gateway?

SEG definition

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email that is sent to and from an organization passes through this gateway to ensure that its contents are not malicious or a sign of a data leak. It prevents unwanted emails in user inboxes like spam, phishing emails, emails containing malware, and more. In many ways email gateways are the first line of defense for email security. 

A timeline infographic illustrating different levels of email cyber attacks and security coverage.

How does SEG work?

While SEGs are popular, they have their drawbacks. SEGs can only detect known forms of suspicious emails. In other words, if an email contains malicious content that is recognizable, it can filter this content. However, cyber-attacks are becoming more complex, making new techniques like social engineering and spear phishing difficult for SEGs to identify.

SEG uses a combination of techniques like content filtering and virus scanning making it adept to handling wide spread attacks. SEG can be useful against the following threats: 

Spam/graymail

Spam is unsolicited emails that are sent in bulk to email lists. These emails likely have no value to an individual and can sometimes contain malicious content. Similarly, graymail is widespread outbound email that comes in the form of marketing, newsletters, or other promotional offers that might clutter the inbox. SEGs are particularly good for filtering through these messages and quarantining them before they reach an inbox because they have similar contents that make them identifiable.

Data loss

Outbound emails also pass through an SEG and those that contain sensitive information can be detected. This will stop any form of data leakage by accidental human error like entering the wrong recipient credentials or sending sensitive content to an unauthorized account.

Malicious content

An SEG can detect malicious links or files that are known to its systems. While many cyber threats are new or unknown to the gateway and can pass through, an SEG can be programmed to stop known threats.

What are the benefits of using a SEG?

A SEG is useful for protecting information against cyber-attacks that may come in the form of spam, malicious email content, known malware strains, and it is often a requirement to comply with cyber security regulations. Organizations may benefit from having a SEG to filter their email content, but it is not the end all for email security.

People checking their phones while standing in line on the street.

What are the challenges facing SEGs?

Nuanced attacks

Cyber-attackers are evolving their methods and SEGs are a defense mechanism that fails to keep up with the increasing sophistication of nuanced threats. Targeted attacks like spear phishing or other attacks that use social engineering tactics will not be identified by a SEG. Native capabilities can detect traditional indicators of compromise, while ICES products can detect nuanced attacks.

Compliance

While SEGs can help organizations with compliance regulations, it can be difficult to manage and generate reports through an SEG, making this a time consuming and tedious process. 

Risorse

SEGs require significant amount of skilled labor to manage and maintain.

Email focus

SEGs are designed to protect email and do not have the capacity to gather data from or protect other aspects of the digital ecosystem such as threats that might occur in OT, SaaS, or the network layer.

ICES vs Secure Email Gateway (SEG)

SEG

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email that is sent to and from an organization passes through this gateway to ensure that its contents are not malicious or a sign of a data leak. It prevents unwanted emails in user inboxes like spam, phishing emails, emails containing malware, and more. In many ways email gateways are the first line of defense for email security. 

ICES

The difference between ICES and SEG is that ICES solutions provide protection for cloud environments that can be on-premise or hybrid. ICES uses machine learning and natural language processing (NLP), and connects via API to understand an organizations email activity and protect against advanced phishing attacks. Unlike SEGs, which use a database of known threats, ICES has the capability to identify never before seen threats and socially engineered phishing emails. 

Darktrace's approach to email security

Darktrace’s AI email security uses artificial intelligence and machine learning algorithms to prevent, detect, respond to, and heal from email attacks.

Through its unique understanding of you, rather than knowledge of past attacks, Darktrace/Email stops the most sophisticated and evolving email security risks like generative Al attacks, BEC, account takeover, human error, and ransomware.

In a Self-Learning AI model, the AI has the ability to understand the business from the inside out. That way when activity within the business deviates from ‘normal', the AI can identify this behavior and alert the security team. 

AI can also use real-time data to identify and respond to threats quickly, minimizing the potential damage and saving time for security teams who usually have to parse through a high number of flagged emails. 

One of the key benefits of AI email security is that it can detect threats that may go unnoticed by traditional security systems, which often rely on pre-defined rules and patterns to identify threats. With AI, email security can continuously learn and adapt, providing more comprehensive protection against previously unknown email-based attacks.