I have been doing some research on Secure Email Gateways. The picture is not that pretty. Below I will summarize what I found.
But to start with, just for fun, I asked ChatGPT what it "thought" of the SEG problem. This was the prompt: Describe the issues of secure email gateways not catching malware and phishing attacks in 300 words.
And this is the unedited quite interesting answer: "Secure email gateways are designed to protect organizations from various types of email-borne threats such as malware and phishing attacks. However, these systems are not foolproof and can sometimes fail to catch malicious emails.One issue with secure email gateways is that they rely on signature-based detection methods, which can be bypassed by attackers who use malware that has not been previously seen, or that is modified to evade detection. Additionally, phishing attacks often use social engineering tactics to trick users into providing sensitive information, which can be difficult for secure email gateways to detect.Another issue is that secure email gateways may not be configured properly, or may not be updated frequently enough to keep up with new threats. This can lead to vulnerabilities that attackers can exploit.Furthermore, secure email gateways are not able to detect all types of malware and phishing attacks, such as spear-phishing or business email compromise. These targeted attacks are often more sophisticated and may use social engineering tactics to trick users into providing sensitive information, which can be difficult for secure email gateways to detect.Additionally, many organizations are using cloud-based email services, and secure email gateways may not be able to protect against threats that originate from outside of the organization's network.In conclusion, while secure email gateways can provide a level of protection against malware and phishing attacks, they are not a complete solution. Organizations should implement a multi-layered security approach that includes employee education and training, as well as regular updates and maintenance of secure email gateways. Furthermore, it's important to have a incident response plan in case of any potential security breaches."
These 5 points are the results of my research
Your Secure Email Gateway and anti-spam filters have a number of problems, causing one out of 10 threats to still make it in your users’ inbox:
- They miss a significant percentage of phishing attacks, average miss rates are between 10 and 20%. For instance 18.8% of phishing emails bypass Microsoft Defender
- SEG’s vary wildly in catching malware, the miss rates are between 1.7% and 30% depending on the product.
- Specifically crafted phishing attacks to bypass Defender get missed more than 40%.
- Despite SOC staff in large businesses, the missed phishing rate is even higher, reaching between 50 and 70 percent.
- The ever-shrinking average lifetime of malware, malicious phishing URLs and phishing campaigns themselves makes them continually harder to catch.
You simply got to work on creating a strong security culture [VIDEO] as your last line of defense.