[Ache In the Head] The Problems With Your Not-So-Secure Email Gateway

Phishing for FedsI have been doing some research on Secure Email Gateways. The picture is not that pretty.  Below I will summarize what I found.
But to start with, just for fun, I asked ChatGPT what it "thought" of the SEG problem. This was the prompt: Describe the issues of secure email gateways not catching malware and phishing attacks in 300 words.
And this is the unedited quite interesting answer: "Secure email gateways are designed to protect organizations from various types of email-borne threats such as malware and phishing attacks. However, these systems are not foolproof and can sometimes fail to catch malicious emails.
One issue with secure email gateways is that they rely on signature-based detection methods, which can be bypassed by attackers who use malware that has not been previously seen, or that is modified to evade detection. Additionally, phishing attacks often use social engineering tactics to trick users into providing sensitive information, which can be difficult for secure email gateways to detect.
Another issue is that secure email gateways may not be configured properly, or may not be updated frequently enough to keep up with new threats. This can lead to vulnerabilities that attackers can exploit.
Furthermore, secure email gateways are not able to detect all types of malware and phishing attacks, such as spear-phishing or business email compromise. These targeted attacks are often more sophisticated and may use social engineering tactics to trick users into providing sensitive information, which can be difficult for secure email gateways to detect.
Additionally, many organizations are using cloud-based email services, and secure email gateways may not be able to protect against threats that originate from outside of the organization's network.
In conclusion, while secure email gateways can provide a level of protection against malware and phishing attacks, they are not a complete solution. Organizations should implement a multi-layered security approach that includes employee education and training, as well as regular updates and maintenance of secure email gateways. Furthermore, it's important to have a incident response plan in case of any potential security breaches." 
These 5 points are the results of my research
Your Secure Email Gateway and anti-spam filters have a number of problems, causing one out of 10 threats to still make it in your users’ inbox:
  1. They miss a significant percentage of phishing attacks, average miss rates are between 10 and 20%. For instance 18.8% of phishing emails bypass Microsoft Defender
  2. SEG’s vary wildly in catching malware, the miss rates are between 1.7% and 30% depending on the product.
  3. Specifically crafted phishing attacks to bypass Defender get missed more than 40%.
  4. Despite SOC staff in large businesses, the missed phishing rate is even higher, reaching between 50 and 70 percent.
  5. The ever-shrinking average lifetime of malware, malicious phishing URLs and phishing campaigns themselves makes them continually harder to catch.

You simply got to work on creating a strong security culture [VIDEO] as your last line of defense.

Do you know what's getting through your mail filters?

KnowBe4’s  Mailserver Security Assessment (MSA) helps you assess your organization’s mailserver configuration settings and check the effectiveness of your email filtering rules. With email still the #1 attack vector used by threat actors, you want to see what types of messages may make it through your filters from the outside.

MSA gives you a quick insight at how your mailserver handles test messages that contain a variety of different message types including email with attachments that contain password-protected, macro zipped, and .exe files or have spoofed domains.

msa-screen3Here's how MSA works:

  • 100% non-malicious packages sent
  • Select from 30+ automated email message types to test against
  • Saves you time! No more manual testing of individual email messages using MSA's automated send, test, and result status
  • Validate that your current filtering rules work as expected
  • Results in an hour or less!

Find out now if your mail server is configured correctly, many are not!

Test My Mailserver!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews