MSP Cybersecurity

Why MSPs Should Move Away from Secure Email Gateways

Adrien Gendre

June 27, 2019

3 min

An opportunity for growth awaits MSPs that deliver strong cybersecurity protections for SMBs. A recent study by Continuum Managed Services found that 93 percent of SMBs that do not use an MSP would consider taking the MSP route if the MSP offered the right cybersecurity solution. Eighty-four percent of SMB clients would consider switching to a new MSP for the right solution.

Email protection is emerging as a top area for growth and a profitable add-on for Office 365—the #1 cloud email service on the market. With 180 million users, Office 365 is a top target for phishing, spear phishing, and malware attacks, leaving SMBs vulnerable and looking to MSPs for solutions.

While this creates substantial business opportunities for MSPs, 69 percent of SMB customers would hold their MSP accountable for a cyberattack, and 74 percent would take legal action. To protect Office 365 customers, MSPs need to move away from traditional email protection and offer advanced solutions.

Email Security and MSPs: The Risks and Limitations of Secure Email Gateways

The ability to provide advanced protection against Office 365-borne threats is a strong business differentiator, but MSPs need to be selective about the solutions they offer. Traditional methods of threat detection, including Secure Email Gateways (SEG), are no match for the email attacks being launched at Office 365.

SEG works by placing malicious emails into quarantine or by blocking senders. A reputation and signature-based method of threat detection, SEGs rely on known malware signatures and IT and domain blacklists to identify threats. This approach works well when the attacker and their methods are known to the SEG, but it is inadequate for blocking unknown attacks like low-volume phishing and spear phishing attacks. In a 2019 report by Cofense, of more than 34,400 email threats reported by end users, more than 90 percent were in environments running SEGs.

Because a SEG also requires an MX (Mail Exchange) record change, a SEG is publicly visible to hackers, making it vulnerable to an MX record bypass, according to an IDC report sponsored by Vade Secure. SEGs are also known to generate a high rate of false positives when configured too tightly, and they don’t layer effectively with native Office 365 security. Architecturally, a SEG is outside the email flow, rendering Exchange Online Protection (EOP) useless and providing no protection for threats that are flowing internally within the Office 365 organization. This is a serious problem because many Office 365 attacks are from hackers posing as insiders after taking over an existing Office 365 account via a phishing attack.

Finally, maintaining a SEG can be complex and time-consuming, requiring an MX record update, quarantine management, and continual threat monitoring, which could be burdensome and even impractical. For MSPs looking to expand their cybersecurity business, the complexity could present a barrier to entry.

[Infographic] Cloud Email: The Bigger the Target, the Easier the Aim

The Potential for AI/ML Email Protection for MSPs

To combat sophisticated, low volume phishing and spear phishing attacks, a solution that uses artificial intelligence (AI), including machine learning (ML), is a better option than SEGs. Vade Secure for Office 365 uses ML to perform real-time behavioral analysis of the entire email, including any URLs and attachments. Overall, it scans for 47 unique features to identify phishing attacks. It can detect threats in seemingly innocuous messages by comparing syntax and essentially invisible details to billions of messages examined previously.

Vade Secure for Office 365 gives MSPs a powerful countermeasure for email security. Its time-of-click anti-phishing protection crawls embedded URLs in real time and tracks suspicious redirects, a common obfuscation technique in phishing emails. The tool can also determine whether the final webpage is fraudulent by analyzing the structure, content, and context of the page. Vade also builds an anonymous profile that establishes normal communication patterns for employees. From this baseline, the AI-driven tool can spot anomalies triggered by attacks like spoofing and the use of “cousin domains,” e.g. vs.

Finally, unlike a SEG, Vade Secure for Office 365 is API-based and fully integrated with Office 365. This simplifies configuration and maintenance for the MSP and requires no MX record changes or rerouting of traffic to an external platform. Because email traffic is not disrupted, there’s no risk of losing or blocking emails.

MSPs who want to build their SMB businesses need to tackle the challenge of email security, especially for Office 365. Regular SEG and comparable, rules-based email filtering tools will not suffice. To avoid the downside of engaging with SMB clients who will hold the MSP accountable, it makes sense to provide the most advanced possible emails security measures, especially for the popular but vulnerable Office 365 email service.