ESG Blogs

Introducing ESG’s Modern Email Security Video Series

As part of my ongoing research around modern email security, I am shooting a series of video interviews with leaders from several email security solution providers, talking about the current email threat landscape and strategies to defend against them. My goal is to make these educational, explaining what’s happening on both the attacker side and the defender side.

As part of the ESG annual IT spending intentions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills. Cybersecurity topped the list of problematic skills shortage areas, just as it has for the past 9 years.

ESG research shows that cybersecurity training can help reduce cyber-attacks. Our research also shows that awareness training is not considered as effective as many other security services.

Join Jon Oltsik and Christina Richmond for a discussion on why we must continue training our non-technical employees how to spot phishing and business email compromise (BEC) attacks and how we must strive to engage the entire company culture in the belief that cybersecurity is all of our responsibility. 

Accenture announced today that it has agreed to acquire Symantec's Cyber Security Services (CSS) business from Broadcom. This is big news for both Accenture and Symantec. 

Today’s announcement of Mimecast acquiring Segasec should help companies close another important gap in the race against the rampant phishing and credential theft attacks.

As Mimecast builds out their Email 3.0 strategy, the acquisition of Segasec will put the heat on bad actors who are busy stealing credentials by impersonating many of the world's biggest companies. With so many phishing attacks attempting to lead users to fake or impersonated web sites where they unknowingly give up login credentials and other sensitive information, many of the largest online companies become the biggest targets.

Mimecast continues to extend their email security platform to protect against the growing email-led threat vector. While many email security companies have implemented filtering techniques to detect and slow down url and domain spoofing, impersonation sites have been left unattended. Segasec’s subscription service proactively hunts down impersonation sites and shuts them down. This is kind of like going after the drug dealer’s home instead of the drug user. To accomplish this, Segasec continuously monitors domain name registrations, certificates, social networks, and more, looking for indications of impersonation. And when they find them, they have several methods of blocking access or taking down the impersonated sites.

ESG recently completed an interesting study where, rather than surveying IT buyers and practitioners as is normally the case, we targeted employees in non-IT roles like sales, human resources, marketing, and finance. This provided a view of how the typical worker thinks about technology and the impact it has on their professional life. While a lot of the survey focused on end-user focused processes and technologies (mobile devices, applications, voice assistants), respondents were also asked for their perspectives on cybersecurity.

Folks come to cybersecurity services for a lot of reasons, complexity and compliance being two of the top ones. In fact, 40% of respondents to a recent ESG cybersecurity services study state that they need advice on dealing with the complexity from multi-cloud and hybrid architecture. And another 26% specifically call out that they need help rearchitecting their security posture during cloud migration and digital transformation efforts.

The set of announcements at AWS’s annual re:Invent is always impressive, albeit a bit of a firehose for which AWS’s own Amazon Kinesis data streaming processing engine would be helpful. At last week’s AWS re:Invent, a seminal annual IT event only AWS can get away with scheduling the week after Thanksgiving, the company announced a number of important security capabilities, some small, some big, all customer-driven. Thematically, in addition to a clear focus on identity and access management features designed to help customers rein in their AWS identities and secure S3 buckets, AWS is clearly focused on enabling enterprise-class use cases.

Getting Email Security Right Is More Important than Ever Before

With business email compromise racking up some of the largest financial theft associated with cyber-crime, and the relentless use of phishing as a means to trick users into handing over user credentials and other personal and sensitive data to bad actors, security organizations need to take a hard look at how their email security solutions are protecting against these issues.

In a previous blog, I discussed the multi-channel coverage of the elastic cloud gateway (ECG) architecture. In short, ECGs consolidate the functionality of multiple point products to improve centralized visibility and control over an organization’s traffic – be it network, web, or cloud application-based. A key enabler of this consolidation is the microservices architecture of ECGs and the inherent scalability that comes from a cloud-native approach.