MSP Cybersecurity

Why MSPs Should Move Away from Secure Email Gateways

Adrien Gendre

June 27, 2019

13 min

An opportunity for growth awaits MSPs that deliver strong cybersecurity protections for SMBs. A recent study by Continuum Managed Services found that 93 percent of SMBs that do not use an MSP would consider taking the MSP route if the MSP offered the right cybersecurity solution. Eighty-four percent of SMB clients would consider switching to a new MSP for the right solution.

Email security is emerging as a top area for growth and a profitable add-on for Office 365—the #1 cloud email service on the market. With 180 million users, Office 365 is a top target for phishing, spear phishing, and malware attacks, leaving SMBs vulnerable and looking to MSPs for solutions.

While this creates substantial business opportunities for MSPs, 69 percent of SMB customers would hold their MSP accountable for a cyberattack, and 74 percent would take legal action. To protect Office 365 customers, MSPs need to move away from traditional email protection and offer advanced solutions.

Email security and MSPs: The risks and limitations of secure email gateways

The ability to provide advanced protection against Office 365-borne threats is a strong business differentiator, but MSPs need to be selective about the solutions they offer. Traditional methods of threat detection, including Secure Email Gateways (SEG), are no match for the email attacks being launched at Office 365.

SEG works by placing malicious emails into quarantine or by blocking senders. A reputation and signature-based method of threat detection, SEGs rely on known malware signatures and IT and domain blacklists to identify threats. This approach works well when the attacker and their methods are known to the SEG, but it is inadequate for blocking unknown attacks like low-volume phishing and spear phishing attacks. 

Because a SEG also requires an MX (Mail Exchange) record change, a SEG is publicly visible to hackers, making it vulnerable to an MX record bypass. SEGs are also known to generate a high rate of false positives when configured too tightly, and they don’t layer effectively with native Microsoft 365 security.

Architecturally, a SEG is outside the email flow, rendering Exchange Online Protection (EOP) useless and providing no protection for threats that are flowing internally within the Office 365 organization. This is a serious problem because many Office 365 attacks are from hackers posing as insiders after taking over an existing Microsoft 365 account via a phishing attack.

Finally, maintaining a SEG can be complex and time-consuming, requiring an MX record update, quarantine management, and continual threat monitoring, which could be burdensome and even impractical. For MSPs looking to expand their cybersecurity business, the complexity could present a barrier to entry.

The potential for AI/ML email protection for MSPs

To combat sophisticated, low-volume phishing and spear phishing attacks, a solution that uses artificial intelligence (AI), including machine learning (ML), is a better option than SEGs. Vade for M365 uses ML to perform real-time behavioral analysis of the entire email, including any URLs and attachments. Overall, it scans for 47 unique features to identify phishing attacks. It can detect threats in seemingly innocuous messages by comparing syntax and essentially invisible details to billions of messages examined previously.

Vade for M365 gives MSPs a powerful countermeasure for email security. Its time-of-click anti-phishing protection crawls embedded URLs in real time and tracks suspicious redirects, a common obfuscation technique in phishing emails. It can also determine whether the final webpage is fraudulent by analyzing the structure, content, and context of the page.

Vade also builds an anonymous profile that establishes normal communication patterns for employees. From this baseline, the AI-driven tool can spot anomalies triggered by attacks like email spoofing and the use of “cousin domains,” e.g. att.co vs. att.com.

Finally, unlike a SEG, Vade for M365 is API-based and fully integrated with Microsoft 365. This simplifies configuration and maintenance for the MSP and requires no MX record changes or rerouting of traffic to an external platform. Because email traffic is not disrupted, there’s no risk of losing or blocking emails.

MSPs who want to build their SMB businesses need to tackle the challenge of email security, especially for Microsoft 365. Regular SEG and comparable, rules-based email filtering tools will not suffice. To avoid the downside of engaging with SMB clients who will hold the MSP accountable, it makes sense to provide the most advanced possible emails security measures, especially for the popular but vulnerable Microsoft 365 email service.