The advancing sophistication of cybersecurity threat campaigns have brought legacy cybersecurity tools into sharp focus. Built for an on-premise world, these manual, rule-based approaches to cybersecurity are unable to ward off adaptive and increasingly intelligent attack methods.
On the other side of the coin are security leaders who are overwhelmed and overworked. This is largely due to the proliferation of threats, juxtaposed against managing their IT environments from a tooling and staff resource perspective.
Tool sprawl is reaching excessive levels that are simply impossible to manage. The average enterprise now has in excess of 45 cybersecurity tools deployed. Research shows excessive tools deployed leads to a decline of security effectiveness.
The bottom line: Increasing complexity warrants tool rationalization.
Keep reading to learn:
- Why Secure Email Gateways (SEGs) have become redundant
- The powerful capabilities (and shortcomings) of Microsoft
- The benefits of replacing your SEG with Tessian + Microsoft
The effectiveness of legacy Secure Email Gateway (SEG) solutions is starting to receive due attention as email related breaches continue to snowball. Depending on the statistic cited, the email threat vector accounts for anywhere between 80-96% of cybersecurity attacks.
Replacing SEGs represents a high return, low risk optimization opportunity, due to declining security effectiveness and the high degree of redundancy in the enterprise.
SEG security effectiveness is declining for two reasons:
- The majority of enterprises have adopted cloud hosted productivity suites such as Microsoft 365, which natively provide SEG capabilities including malware, phishing and URL protection.
- SEGs rely on static, rule-based approaches that are ineffective in safeguarding email users and data from advanced threats.
Once a threat actor is able to bypass the SEG, they effectively have unmitigated access to carry out their threat campaign. This can (and often does) include Account Takeover (ATO), deploying exploit kits or more damagingly, delivering ransomware. And little protection is offered against insider threats – a growing concern.
The powerful capabilities (and shortcomings) of Microsoft
Microsoft 365, which includes Exchange Online Protection (EOP) and Microsoft 365 Defender, provides a reasonable degree of email security that effectively makes the legacy SEG redundant.
M365 on E5 licensing provides the following capabilities:
- Anti-malware protection
- Anti-phishing protection
- Anti-spam protection
- Insider risk management
- Protection from malicious URLs and files in email and Office documents (Safe Links and Safe Attachments)
- Message encryption via issued PKI
- Audit logging
- Exchange archiving
Microsoft 365 and a traditional SEG
Microsoft alone, however, does not guarantee against advanced email threats. Significant gaps remain in Microsoft’s ability to protect against advanced social engineering campaigns that can result in business email compromise (BEC), ATO, or zero day exploitation. And this is why these shortcomings are also reflected in Microsoft’s Service Level Agreement (SLA) exclusions, for example excluding guarantees against zero day exploits and phishing in non-English languages.
Microsoft + Tessian = Comprehensive security
This is where a next-gen behavioral cybersecurity solution like Tessian comes into play, providing advanced automated email threat detection and prevention capability.
With Tessian, no mail exchange (MX) records need to be changed. Tessian is able to construct a historical user email pattern map of all email behavior in the organization. The best-in-class algorithm is then able to detect and prevent threats that Microsoft or SEGs have failed to detect within 5 days of deployment.
This dynamic protection improves with each threat that is prevented, and unlike the in-line static nature of SEGs, it ensures 24/7 real time protection against all attack vectors, including insider threats. That is why the leading enterprises are opting for displacing their legacy SEG and augmenting Microsoft’s native security capabilities with Tessian.
Tessian Defender’s capabilities include:
- Advanced Spear Phishing Protection
- Advanced Attachment and URL Protection
- Internal Impersonation & CEO Fraud
- Advanced Spoof Detection
- Counterparty & Vendor Impersonation
- Brand Impersonation
- External Account Takeover
- Invoice FraudBulk Remediation
- Automated Quarantine
- Threat Intelligence
“We were having trouble with rule-based solutions and identifying email threats. You could spend hours trying to configure them to their optimal level and still have an issue with false positives. We needed an intelligent solution that could identify and pinpoint these threats without bombarding the users with false positive alerts.
No black box threat visibility and intelligent risk mitigation
Beyond the cost and resource optimization realized by removing SEGs, Tessian clients see significant efficiency gains in the SOC due to the high degree of automating triage and the enablement of a distilled view on the threats that matter – finding that needle in the haystack, in real time and in context.
For example, with one-click, SOC analysts can bulk remediate high volume phishing campaigns (aka burst attacks) that are targeting the organization as they happen. Suspicious emails are also automatically quarantined, with threat remediation context provided.
The platform provides a single pane of glass, giving security and risk leaders visibility of how cybersecurity risk is trending in their organization and the types of threats thwarted, down to individual employee-level risk scoring.
Context aware security awareness training
The context-aware security capability of Tessian extends to providing in-the-moment security awareness training to employees. The real-time security notifications flag suspicious and malicious emails received, offer a clear explanation, and provide education to employees in real time. Most enterprises experience a 30% click through rate (CTR) on simulated phishing exercises – including our clients prior to deployment. Tessian clients see simulated phishing exercises returning a less than 5% CTR after deployment – illustrating the effectiveness of Tessian’s security awareness training.
Stopping threats, reducing complexity
Tessian enables security teams to focus on mission critical tasks rather than manually and retroactively triaging already occurred security events. Legacy email security approaches relying on SEGs simply no longer have a place in an increasingly crowded cybersecurity stack. By leveraging Microsoft 365’s native capability together with Tessian, presents an opportunity for security leaders to improve security while reducing complexity.
“After so many years using Mimecast, we knew its strengths and weaknesses and we had identified a clear gap. We wanted to fill that gap in the least intrusive way possible. After evaluating various tools, Tessian was a no-brainer
This is why according to a Tessian commissioned Forrester study, 58% of cybersecurity leaders are reevaluating legacy email security tools and approaches, and why 56% will be investing in behavioral email security solutions with automated detection capabilities.