What is Integrated Cloud Email Security (ICES)?

Integrated cloud email security, or ICES, was introduced in this year’s Gartner Market Guide for Email Security, promising to transform email security as awareness of cybersecurity threats continues to expand.

Cloud email adoption and increasing BEC (Business Email Compromise)attacks are driving the demand to develop more sophisticated tools that transcend the limits of native email security. ICES solutions augment (rather than replace) native security, providing a much-needed layer of additional cybersecurity protection.

In this article, we’ll take a deep dive into ICES solutions: why they’re needed, what makes an ICES solution, and helpful tips on evaluating the right ICES solution for your business needs.

Integrated cloud email security solutions use APIs to integrate directly into cloud email, examine and evaluate email content, detecting cyberthreats before they reach their intended targets. This helps to improve prevention accuracy and ease deployment when compared to a gateway.

ICES tools use behavioral analytics, natural language understanding (NLU), natural language processing (NLP), and big data analytics to stop phishing attacks, account takeovers and ransomware threats.

The widespread adoption of cloud email providers like Google and Microsoft, who provide built-in email hygiene, is expanding. However, native software capabilities do not catch all cyberattack attempts.

ICES solutions go beyond blocking known threat actors, detecting compromised accounts while providing user prompts to reinforce security awareness.

This combination of cloud email providers’ native security and ICES has shown to be effective enough to replace traditional SEG (secure email gateway) solutions.

Email security is an evolving market. Here are four primary reasons why ICES is a crucial next step in your email security arsenal.

1. Email Attacks Have Changed

Email attacks have become increasingly sophisticated and dangerous. The rise of Business Email Compromise (BEC) has alerted businesses to guard against the full spectrum of email attacks, including invoice and payment fraud, spear phishing and ransomware attempts.

Here are some alarming statistics from the FBI’s Internet Crime Complaint Center(IC3):

• 241,342 complaints of phishing, vishing, smishing and pharming were received in 2020, 12x morethan had been received in 2016.

• 19,369 BEC complaints were received in 2020, resulting in adjusted losses of over $1.8 billion.

• California and people over the age of 60 lead the U.S. in the number of reported cybercrime complaints.

2. Email Delivery Has Changed

More than 70% of organizations are now using cloud or hybrid cloud emailrather than on-premise servers for email delivery. According to Statista, cloud email and collaboration revenue worldwide is expected to reach $93.92 billion in 2025, almost double 2020 revenues.

3. Native Email Security Has Changed

Built-in email security from Microsoft and Google has dramatically improved, now competing in efficiency with secure email gateways. Moving to the cloud has enabled many organizations to drop their SEG investments. However, the native email securityoffered by these tech giants is as yet insufficient to detect and stop all targeted email attacks.

4. Challenges with Secure Email Gateways (SEG)

Enterprise customers are moving away from traditional secure email gateways. Instead, they’re looking to built-in email security augmentations that are easy to use and take a different approach to threat protection.

SEG vulnerability gaps include:

• Weakness against multi-stage attacks. Hackers’ sophisticated, malicious components aren’t easily detected by traditional screening tools, especially when emails appear to originate from trusted sources.

• Reliance on known malware signatures.Cannot stop zero-day threats, compromising sensitive data.

• Inability to detect threats in internal emails. Inability to process internal emails makes organizations vulnerable to insider threats and internal account compromises.

ICES solutions should exhibit the following five traits for maximum effectiveness.

1. Connect Over APIs

ICES solutions connect over APIs without needing MX record modification or email rerouting. This makes deployment much easier than the SEG approach of being inline. ICES solutions are also easy to evaluate because they sit behind existing controls and value can be shown quickly and accurately.

2. Use Advanced Detection Techniques

ICES solutions use advanced detection techniques like content and context analysis, user behavior analytics, deep learning, natural language understanding, and image analysis/computer vision to catch targeted and socially engineered attacks.

3. Learn and Improve Over Time

ICES solutions should:

• Analyze email archives to build behavioral baselines.

• Learn from every threat and manual admin action to reduce false positives.

• Learn at different layers (across customers, per customer, and per user mailbox) to stop highly targeted attacks.
  

4. Integrate With and Augment Microsoft and Google Native Email Security

ICES solutions do not duplicate Microsoft and Google native security features. Instead, they augment and expandthese features to form a comprehensive security shield.

Working hand-in-hand, native email security and an ICES solution can effectively replace SEG.

5. Provide Contextual User Education

ICES solutions should be able to provide warning banners to end users explaining suspicious emails, helping to reinforce or even replace security awareness training.

Download our free Email Security Checklist

What features should an ICES solution have? Here are some tips to consider before selecting an ICES solution for your business.

Quality and Fidelity of Training Data For ML/AI

Since targeted email attacks don’t have any single “red flag” to raise suspicion, the technology to guard against them should consider as many data points as possible for maximum efficiency.

Many ICES solutions claim to be ML/AI (machine learning/artificial intelligence) based, but without a sufficient customer base their solution is largely irrelevant. Armorblox has56,000 customersand a set of models that learns from global attacks.

Our alliances with Intermediaand Fidelityalso give unique threat data encompassing small/medium businesses, financial advisors and brokerage firms.

Communication Insights

ICES solutions can have visibility over external and internal email traffic. Therefore, they should be able to provide communication and workflow insights to your business’ security team.

Relevant insights could include:

• “Did this employee reply to a suspicious email or forward it to someone else in the company?”

• “Who does this vendor commonly interact with in our organization?”

• “Who else in my organization got this suspicious email that one person reported to the phishing mailbox?”

Ease of Use

Apart from deploying over APIs, ICES solutions should also not require a heavy lift in day-to-day operations. Armorblox connects over APIs in minutes without any MX modification or email rerouting. Prebuilt policies eliminate the need for manual creation and maintenance or rules.

Armorblox has out-of-the-box policies, automated remediation actions, and threat insights that surface the right info at the right time for security administrators.

Integrations With Other Downstream Security Solutions

Security teams have many tools they need to monitor. ICES solutions that can integrate with other tools like Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) will save time for security professionals.

Armorblox currently has integrations with Splunk and Microsoft Sentinel, with Cortex XSOAR in the near future.

A Vision Beyond Email

While email is the bedrock of communications, employees also use messaging, collaboration, file-sharing, and video to communicate. Since an ICES solution is API-based, it should aim to go beyond email and secure communications across channels.

Check out our Definitive Guide to Cloud Office Security

Armorblox connects to email providers over APIs to understand the context of communications and protect people and data from compromise. Tens of thousands of organizations use Armorblox to stop BEC and targeted phishing attacks, protect sensitive PII and PCI, and reduce triage and response times for user-reported email threats.