Check Point Email Security | Blog

Defense-in-Depth: Why the Legacy Model Doesn't Hold Up

Written by Jeremy Fuchs | November 4, 2021

One of the things that Avanan really believes in is defense-in-depth. It's not enough to have just one layer of defense. Enterprises need multiple layers. If an attack gets past one later, there's another layer behind it for support.

That's why our patented inline system catches the advanced attacks that Microsoft and Google miss. If they stop an attack, great. If not, we're there.

One of the things we've noticed is what we'd call the legacy mindset. When email was on-premise, legacy gateways played a crucial role. Your Exchange server did not have every capability needed. For example, features like archiving, secure messaging and large file send were not on the Exchange server—therefore, a gateway that could offer that was crucial.

Now, though, in your O365 license, you have these features baked in. So when you use an SEG, you're now paying twice to use the same features.

That's not defense-in-depth. That's just more of the same.

Further, SEGs don't, by their very architecture, subscribe to the defense-in-depth theory.

When you double-stack your security with a Secure Email Gateway, you must disable Microsoft and Google's spam filters — which play a key role in anti-phishing. This is why upon deployment, you will often be advised by Proofpoint or Mimecast to disable your default spam filtering and rely solely on the gateway.

 

This would not be a problem if the SEG caught 100% of attacks, but this is not always the case, especially in the first hours or days of an event. From a ‘defense-in-depth perspective, it is disheartening to know that in order to deploy a second layer of security, you must essentially disable the first.

Legacies played their role. Now, with so many switching from SEGs, the new model has taken over.