Cloud email security encompasses a broad range of services and technologies designed to safeguard email communications in cloud environments. It includes various solutions that protect against email-borne threats, such as spam, phishing, malware, and ransomware.

Integrated cloud email security (ICES) is a type of email security solution that supplements cloud-based email services, such as Microsoft Office 365, Google Workspace, or Amazon WorkMail. An ICES solution provides advanced email protection against a wide range of threats, including spam, phishing, malware, and ransomware.

Integrated Cloud Email Security (ICES) is a cloud-based approach to email security that enhances and complements traditional Secure Email Gateways (SEGs). ICES solutions provide advanced threat protection, including the detection and remediation of sophisticated threats that traditional SEGs might miss. Here’s an overview of how ICES works and its key components:

Cloud-based Aarchitecture

Scalability: Leveraging the cloud allows ICES to scale seamlessly with an organization’s email traffic.

Accessibility: Because ICES is cloud-based, it can be easily integrated with cloud email services like Office 365 and G Suite.

Scanning

When an email is sent to a user's email address, it is routed through the ICES system, which scans the email for spam, viruses, and other email-based threats using a combination of signature-based and behavior-based threat detection techniques. This includes analyzing the email's content, attachments, and sender reputation to determine if it contains malicious content to identify known and unknown threats.

Remediation

Some ICES systems, like Darktrace, can block the email from reaching the recipient's inbox or flag the email, alerting the security team to take further analysis.

Similarly, ICES systems can take remediation actions, such as removing malicious content from an email or blocking the sender's email address to prevent future emails from reaching the recipient's inbox.

Autonomous

ICES is updated in real time to detect and protect against emerging threats, such as new strains of malware or phishing attacks. Using machine learning and AI, ICES is able to update automatically and in real time to respond to new threats and vulnerabilities. This means businesses do not need to manually update the system or worry about falling behind on the latest threat protection.

ICES does not take the place of existing email security measures. Instead, it augments these systems, increasing the effectiveness of email security. These solutions provide advanced protections that traditional email security measures may miss, and they supplement cloud-based email services such as  Microsoft Office 365, Google Workspace, and Amazon WorkMail.

ICES has several benefits including:

1. Advanced Threat Detection
   • Machine Learning and AI: ICES uses machine learning algorithms and artificial intelligence to identify and block advanced threats. These algorithms continuously learn and adapt to new attack patterns.
   • Behavioral Analysis: This involves monitoring the behavior of email content and attachments to identify malicious intent. It can detect anomalies that deviate from normal behavior.
   • Heuristic Analysis: Analyzing email content and attachments for suspicious patterns and characteristics indicative of threats.
2. Sandboxing
   • Dynamic Analysis: Suspicious attachments and links are executed in a virtual environment to observe their behavior. If malicious activity is detected, the email is quarantined or blocked.
   • Isolation: By isolating potential threats, sandboxing prevents malware from reaching the end user’s environment.
3. Content Disarm and Reconstruction (CDR)
   • Sanitization: ICES removes potential threats by stripping active content (such as macros in documents) and delivering a sanitized, safe version of the attachment to the user.
   • Reconstruction: After disarming the content, the email is reconstructed to retain its original appearance without the embedded threats.
4. Anti-Phishing Mechanisms
   • URL Protection: Scanning and rewriting URLs in emails to point to safe browsing environments where the links are analyzed before allowing access.
   • Brand Impersonation Detection: Using AI to recognize attempts to impersonate trusted brands and flagging or blocking such emails.
   • User Training and Awareness: Providing in-line warnings and training to users about phishing attempts.
5. Post-Delivery Protection
   • Continuous Monitoring: ICES solutions continuously monitor delivered emails for new threat intelligence updates. If a threat is detected post-delivery, automated actions can be taken.
   • Retrospective Analysis: Analyzing previously delivered emails when new threat intelligence becomes available, ensuring ongoing protection even after delivery.
   • Automated Remediation: Automatically removing or quarantining emails found to be malicious after they have been delivered to users’ inboxes.
6. Integration with Existing Security Infrastructure
   • APIs and Connectors: ICES can integrate with other security tools and platforms through APIs and connectors, providing a cohesive security environment.
   • SIEM and SOAR Integration: Sending alerts and logs to Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems for centralized monitoring and automated response.
7. Data Loss Prevention (DLP)
   • Sensitive Data Scanning: ICES scans outgoing emails for sensitive information and enforces policies to prevent unauthorized data exfiltration.
   • Policy Enforcement: Applying predefined DLP policies to block, quarantine, or encrypt emails containing sensitive data.
8. Threat Intelligence
   • Real-Time Updates: Leveraging global threat intelligence feeds to stay updated with the latest threats and attack vectors.
   • Collaborative Intelligence: Sharing threat intelligence across different organizations and platforms to improve detection capabilities.

SEG

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email sent to and from an organization passes through this gateway to ensure its contents are not malicious or evidence of a data leak. It prevents unwanted emails in user inboxes, such as spam, phishing emails, and emails containing malware. In many ways, email gateways are the first line of defense for email security.

ICES

The difference between ICES and SEG is that ICES solutions protect cloud environments that can be on-premise or hybrid. ICES uses machine learning and natural language processing (NLP) and connects via API to understand an organization's email activity and protect against advanced phishing attacks. Unlike SEGs, which use a database of known threats, ICES has the capability to identify never-before-seen threats and socially engineered phishing emails.

Integrated Cloud Email Security (ICES) solutions are designed to catch a wide array of email-based attacks, including sophisticated and emerging threats that traditional email security measures might miss. Here are some of the key types of attacks that ICES can detect and mitigate:

Phishing and spear phishing

Phishing is a form of email fraud where a victim receives fraudulent communications and is tricked into taking some action, such as revealing their passwords, banking details, or other sensitive information. Unsuspecting recipients may respond to cyber criminals posing as legitimate senders, resulting in security breaches.

Spear phishing is a focused cyber-attack that targets a specific user or organization rather than a broad audience. These attacks usually come in the form of email messages. 'Spear-phishing' is a targeted socially engineered phishing attempt.

Account takeover

Account takeover fraud, or account compromise, refers to a cyber criminal gaining control of a legitimate account. This can happen when a threat actor obtains an individual's login credentials successfully. Account takeover can be detrimental to business operations at any organization because attackers can operate covertly with a legitimate account and have a stamp of credibility and authority depending on who's account is compromised.

BEC

BEC stands for Business Email Compromise. BEC involves attackers gaining unauthorized access to a company's email account or impersonating a trusted individual to carry out fraudulent actions such as transferring money or obtaining sensitive information through social engineering tactics.

CEO fraud

CEO fraud is a form of impersonation where a threat actor will falsify their identity, acting as a CEO (or other executive) at an organization. They then attempt to communicate with other employees, such as finance department staff. They trick using falsified versions of a high-ranking official's credentials. These attacks are specifically focused on financial gain and often involve urgent requests for money transfers.​

Whaling

Whaling is a heavily targeted phishing attack in which an attacker attempts to phish a high-ranking official, often a chief executive. These social engineering cyber-attacks contain highly personalized information to the intended target to encourage them to click a link that will download malware, transfer funds to the attacker, or share details that can facilitate further attacks. The effects of a successful whaling attack can be devastating, including data loss, financial loss, and reputational damage.

Zero-Day Exploits

Unknown Threats: ICES can identify and block zero-day exploits—attacks that exploit previously unknown vulnerabilities—using advanced techniques such as:

• Sandboxing: Executing suspicious attachments in an isolated environment to observe their behavior.
• Machine Learning: Leveraging AI to detect anomalous behavior indicative of zero-day exploits.
• Behavioral Analysis: Monitoring the behavior of email content and attachments for signs of malicious activity.

How does ICES catch these email attacks?

These attacks use social engineering tactics to deceive users and solicit sensitive information. For example, a spear phishing attack might involve a cyber criminal targeting a specific individual at an organization and messaging them via email. The email might be from a legitimate email address and will seem like a genuine request for information. An SEG does not have the capability to identify this as a strange request. However, an ICES develops an understanding of everyday activity in the digital estate and can potentially detect suspicious behavior such as this.

Robust cloud security is critical for all organizations. As cloud-based computing becomes increasingly popular, partnering with a company that provides advanced cloud security solutions is essential. Organizations can proactively manage their security posture using Darktrace's cloud-native AI security platform, which offers centralized visibility across multicloud environments.

Key considerations when evaluating cloud security include:

• Integration with existing infrastructure: Cloud security solutions are more effective when they integrate seamlessly with current security measures.
• Overall cloud security: Cloud email security platforms must continuously monitor for compliance violations, misconfiguration, and other concerns.
• Automated response operations: Cloud security must be able to respond to threats immediately to minimize the impact of potential cyber-attacks.

Darktrace / EMAIL ticks all these boxes and delivers a complete cloud-native email security solution that proactively monitors and protects against evolving risks. The use of self-learning AI technology ensures that security measures are continuously adapting to the ever-changing cyber landscape.

Darktrace provides leading solutions to strengthen email security while also ensuring compatibility with existing infrastructure. Our solution achieves these goals by:

• Using APIs and connectors to manage threats across various systems.
• Integrating with SIEM and SOAR systems to centralize threat intelligence.
• Focusing on enhanced early threat detection within existing email services.
• Incorporating self-learning AI to identify and adapt to new threats.
• Collaborating with third-party security controls for a comprehensive overview of the threat landscape.

‍

Darktrace has developed a fundamentally different approach to email security, one that doesn’t learn what’s dangerous from historical data but forms an in-depth understanding of each organization and its users.

Darktrace / EMAIL focuses on individuals - how each person uses their inbox and what constitutes “normal” for each user - in order to detect what’s not normal. Our AI technology builds profiles for every email user, including their relationships, tone and sentiment, content and link sharing patterns, and thousands of other signals.

To learn more about Darktrace / EMAIL read our Solution Brief.