Subscribe to receive notifications of new posts:

What is an Integrated Email Security solution? And is it right for your organization?

2020-11-10

3 min read

This blog originally appeared in November 2020 on the Area 1 Security website, and was issued in advance of Cloudflare's acquisition of Area 1 Security on April 1, 2022. Learn more.

On Sept. 8, Gartner published its latest Market Guide for Email Security (Gartner Doc ID: G00722358). Given the continued increase of phishing and advanced attacks, ongoing enterprise migration to cloud email providers and the recent transition to remote work for many organizations, we at Area 1 Security believe this is an aptly-timed update.

One new item of particular note in the report is Gartner’s new category of Integrated Email Security Solutions (IESS). While Area 1 Security was also recognized as a Representative Vendor in the Gartner 2019 Market Guide for Email Security, Gartner has now named Area 1 Security as a Representative Vendor for IESS. According to Gartner: “They [IESSs] often include other capabilities such as machine-learning-based detection trained on existing emails, image analysis, account takeover detection and image recognition of URLs to identify phishing attacks as well providing protection for internal emails and M-SOAR functionality.”

We believe, Area 1 Security, as an IESS, provides the core functionalities of a SEG, but has the advantage of being very quick and easy to deploy, without requiring changes to the email flow at the gateway through direct integrations with Office 365 and Google G Suite.

As an increasing number of threats bypass legacy Secure Email Gateways (SEGs), Area 1 Security’s customers and prospects have increasingly expressed that traditional SEGs don’t adequately address their security needs. In fact, we are often brought in to either replace or supplement SEGs such as those from Proofpoint, Agari and Mimecast.

With SEGs missing over 30 percent of phishing campaigns, IESS solutions like Area 1 Security offer an attractive SEG replacement.

Additional Highlights from the Market Guide for Email Security

  • Per our understanding, Gartner advises security and risk management leaders responsible for email security to “Address gaps in the advanced threat defense capabilities of an incumbent secure email gateway (SEG) by either replacing them or supplementing them with complementary capabilities via API integration.” Some customers may decide to address these gaps by replacing an incumbent SEG with an IESS.

  • Also, as noted in the report, “Integrated protection, because it has historical data on communication patterns, can use its social graph to flag anomalous messages as suspicious” and integrated solutions also “increasingly using natural language processing and understanding to identify account takeover attacks.”

  • The Market Guide highlights differentiating capabilities for next-generation email security products:

Network SandboxContent Disarm and ReconstructionURL Rewriting and Time-of-Click AnalysisRemote Browser IsolationDisplay Name Spoof DetectionDomain-Based Message Authentication, Reporting and Conformance on Inbound EmailLookalike Domain DetectionAnomaly Detection

  • Per our understanding, Gartner also lists additional differentiating email security capabilities such as graymail handling, data protection, and post-delivery protection and M-SOAR.

Area 1 Security believes it provides coverage across all the above differentiating capabilities (seven fully, and one in prototype / planned phase as of this quarter). The table below is a quick analysis of the key capabilities outlined within the 2020 Email Security Market Guide and how our technology fulfills each criteria. Where relevant, the matrix highlights capabilities that we believe are unique to our Area 1 Horizon™  service.

Differentiating Capabilities Matrix - Area 1 Analysis

Capabilities referenced in the 2020 Market Guide for Email Security* Area 1 Coverage Area 1 Capabilities
Network Sandbox Yes UNIQUE: Dual sandboxing. In-the-wild sandboxing for preemptive campaign identification; inline sandboxing as messages flow through the service
Content Disarm and Reconstruction Yes Area 1 deconstructs content into discrete pieces and reconstructs as needed to make an assessment on the attachment
UNIQUE: Encrypted payload scanning; including the ability to unscramble inline passwords (either as text or as an image) to open up the payload for analysis.
UNIQUE: Image assessments and reconstruction using advanced computer vision techniques for brand impersonation detection.
URL Rewriting and Time-of-Click analysis Yes Ability to defang
Ability to rewrite
UNIQUE: Invokes instant crawl on links that need escalated assessments
UNIQUE: Assessing nested URLs within attachments, especially PDFs and archives
Display Name Spoof Detection Yes Simple and complex matches
Header and body matches
UNIQUE: Exact and fuzzy matches using configurable Levenshtein distance algorithms
UNIQUE: Non-directory based matches
UNIQUE: Multivariate matches based on message analytics and sentiment
UNIQUE: Conversation / thread analysis for Type 3 & 4 BECs
UNIQUE: Partner social graph for auto-discovery of business partners
UNIQUE: Verdict escalations for active fraud campaigns
Domain-Based Message Authentication, Reporting and Conformance on Inbound Email Yes Automated spoof detection
Automated SPF / DKIM / DMARC based analysis
Envelope-From and Mail-From mismatch detection
Lookalike Domain Detection Yes Automated cousin domain detections
UNIQUE: Automated new domain registration detections; cousin or non-cousin based
Anomaly Detection Yes Metadata analysis
Content analysis
Historical / trend analysis
APBC (Anti-Phishing Behavioral Conditioning / Training) N/A Area 1 currently does not focus on end user education or training use cases
Graymail Handling Yes Spoof and spam detections
New domain detections also trigger marketing messages detections, with the ability to mark or notify the user of such messages
Data Protection N/A Area 1 currently does not focus on outbound email delivery and DLP use cases but integrates quickly and seamlessly with many DLP solutions and partners
Postdelivery Protection and M-SOAR (Mail Security Orchestration, Automation and Response) Yes UNIQUE - Integrated, cloud-scale automated triage and detection search, cluster wide
UNIQUE - Integrated, cloud-scale message trace, cluster wide
Detection details reports
API-based JSON access to detections and full messages
Integrated message retraction and post-delivery actions
SIEM integrations, SOAR hooks
NOTE: No additional license or products needed, unlike other vendors.
Integration Into Security Tools Yes Integration with DNS for protected web browsing as part of service
Integration with data analysis tools, SIEMs, SOARs, identity platforms, firewalls, network security tools and proprietary systems

*Bolded capabilities are part of Gartner’s key selection criteria for next-generation email security

According to Gartner, “As organizations migrate to cloud email, the need to reevaluate email security is even greater.” The rise of malware, Business Email Compromise (BEC) attacks and other sophisticated email threats also means organizations should revisit their email security architecture.

To assess whether Area 1 Security can help address gaps in your current email security defenses, contact us for a free Phishing Risk Assessment, here.- Gartner, “Market Guide for Email Security,” Mark Harris, Peter Firstbrook, Ravisha Chugh, 8 September 2020.

Gartner Disclaimer:

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Email SecurityCloud Email SecuritySecurity

Follow on X

Cloudflare|@cloudflare

Related posts

October 08, 2024 1:00 PM

Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One

The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. ...