urlscan.io logo urlscan.io
SecurityTrails logo

blog.cloudflare.com Open in urlscan Pro
2606:4700:4400::ac40:9252  Public Scan

Back to summary
Submitted URL: https://go.area1security.com/NjQ2LUFURy04MzUAAAGFeWX0yXZEtSCQj7Kc3BPVN-lTYNDVWTivG3t8fO6NqP1YY9Ct4aprGdtMquitutnDvnbzQyw=
Effective URL: https://blog.cloudflare.com/replace-your-email-gateway-with-area-1/?mkt_tok=NjQ2LUFURy04MzUAAAGFeWX0yV52tpp_hl3YJ9INMOwY3iv-...
Submission: On July 08 via api from US — Scanned from DE

Form analysis 2 forms found in the DOM

<form id="mktoForm_1653" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 261px;">
  <style type="text/css">
    .mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
      color: #fff;
      border: 1px solid #75ae4c;
      padding: 0.4em 1em;
      font-size: 1em;
      background-color: #99c47c;
      background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
      background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
      background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
      background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
    }

    .mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
      border: 1px solid #447f19;
    }

    .mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
      outline: none;
      border: 1px solid #447f19;
    }

    .mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
      background-color: #75ae4c;
      background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
      background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
      background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
      background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
    }
  </style>
  <div class="mktoFormRow">
    <div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
      <div class="mktoOffset" style="width: 10px;"></div>
      <div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;">
          <div class="mktoAsterix">*</div>Email Address
        </label>
        <div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired"
          aria-required="true" style="width: 150px;" placeholder="Email Address"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
        <div class="mktoClear"></div>
      </div>
      <div class="mktoClear"></div>
    </div>
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="CloudFlare_POP__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="CountryCode__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="Lead_Source_Detail__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="[ACQ] WEB - GBL - Blog Subscriber" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="LeadSource" class="mktoField mktoFieldDescriptor mktoFormCol" value="Inbound - Blog Subscriber" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="GCLID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="utmcampaign" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="utmsource" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="utmmedium" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="Accept_Language__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="GACLIENTID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="GATRACKID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="GAUSERID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="GOX__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="botManagementrv1" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Subscribe</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
    value="1653"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="713-XSC-918">
</form>

<form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;">
</form>

Text Content

Contact Sales: +1 (888) 274-3482


THE CLOUDFLARE BLOG

Subscribe to receive notifications of new posts:

*
Email Address


















Subscribe

Subscription confirmed. Thank you for subscribing!

Product News
Speed & Reliability
Security
Serverless
Zero Trust
Developers
Deep Dive
Life @Cloudflare
Product News
Speed & Reliability
Security
Serverless
Zero Trust
Developers
Deep Dive
Life @Cloudflare


HOW TO REPLACE YOUR EMAIL GATEWAY WITH CLOUDFLARE AREA 1

06/20/2022

June 20, 2022 2:14PM

 * Shalabh Mohan
 * Tarika Srinivasan

Leaders and practitioners responsible for email security are faced with a few
truths every day. It’s likely true that their email is cloud-delivered and comes
with some built-in protection that does an OK job of stopping spam and commodity
malware. It’s likely true that they have spent considerable time, money, and
staffing on their Secure Email Gateway (SEG) to stop phishing, malware, and
other email-borne threats. Despite this, it’s also true that email continues to
be the most frequent source of Internet threats, with Deloitte research finding
that 91% of all cyber attacks begin with phishing.

If anti-phishing and SEG services have both been around for so long, why do so
many phish still get through? If you’re sympathetic to Occam’s razor, it’s
because the SEG was not designed to protect the email environments of today, nor
is it effective at reliably stopping today’s phishing attacks.

But if you need a stronger case than Occam delivers — then keep on reading.


WHY THE WORLD HAS MOVED PAST THE SEG

The most prominent change within the email market is also what makes a
traditional SEG redundant – the move to cloud-native email services. More than
85% of organizations are expected to embrace a “cloud-first” strategy by 2025,
according to Gartner®. Organizations that expect cloud-native scale, resiliency,
and flexibility from their security controls are not going to get it from legacy
devices such as SEGs.

When it comes to email specifically, Gartner® notes that, “Advanced email
security capabilities are increasingly being deployed as integrated cloud email
security solutions rather than as a gateway” - with at least 40% of
organizations using built-in protection capabilities from cloud email providers
instead of a SEG, by 2023. Today, email comes from everywhere and goes
everywhere – putting a SEG in front of your Exchange server is anachronistic;
and putting a SEG in front of cloud inboxes in a mobile and remote-first world
is intractable. Email security today should follow your user, should be close to
your inbox, and should “be everywhere”.

Apart from being architecturally out of time, a SEG also falls short at
detecting advanced phishing and socially engineered attacks. This is because a
SEG was originally designed to stop spam – a high-volume problem that needs
large attack samples to detect and nullify. But today’s phishing attacks are
more sniper than scattergun. They are low volume, highly targeted, and exploit
our implicit trust in email communications to steal money and data. Detecting
modern phishing attacks requires compute-intensive advanced email analysis and
threat detection algorithms that a SEG cannot perform at scale.

Nowhere is a SEG’s outdated detection philosophy more laid bare than when admins
are confronted with a mountain of email threat policies to create and tune.
Unlike most other cyber attacks, email phishing and Business Email Compromise
(BEC) have too many “fuzzy” signals and cannot solely be detected by
deterministic if-then statements. Moreover, attackers don’t stand still while
you create email threat policies – they adapt fast and modify techniques to
bypass the rules you just created. Relying on SEG tuning to stop phishing is
like playing a game of Whack-A-Mole rigged in the attacker’s favor.


TO STOP PHISHING, LOOK AHEAD

Traditional email security defenses rely on knowledge of yesterday’s active
attack characteristics, such as reputation data and threat signatures, to detect
the next attack, and therefore can’t reliably defend against modern phishing
attacks that continually evolve.

What’s needed is forward-looking security technology that is aware not only of
yesterday’s active phishing payloads, websites, and techniques — but also has
insight into the threat actors’ next moves. Which sites and accounts are they
compromising or establishing for use in tomorrow’s attacks? What payloads and
techniques are they preparing to use in those attacks? Where are they prodding
and probing before an attack?

Cloudflare Area 1 proactively scans the Internet for attacker infrastructure and
phishing campaigns that are under construction. Area 1’s threat-focused web
crawlers dynamically analyze suspicious web pages and payloads, and continuously
update detection models as attacker tactics evolve – all to stop phishing
attacks days before they reach the inbox.

When combined with the 1T+ daily DNS requests observed by Cloudflare Gateway,
this corpus of threat intelligence enables customers to stop phishing threats at
the earliest stage of the attack cycle. In addition, the use of deep contextual
analytics to understand message sentiment, tone, tenor and thread variations
allows Area 1 to understand and distinguish between valid business process
messages and sophisticated impersonation campaigns.

While we are big believers in layering security, the layers should not be
redundant. A SEG duplicates a lot of capabilities that customers now get bundled
in with their cloud email offering. Area 1 is built to enhance - not duplicate -
native email security and stop phishing attacks that get past initial layers of
defense.


PLANNING FOR YOUR SEG REPLACEMENT PROJECT

The best way to get started with your SEG replacement project is deciding
whether it’s a straight replacement or an eventual replacement that starts with
augmentation. While Cloudflare Area 1 has plenty of customers that have replaced
their SEG (more on that later), we have also seen scenarios where customers
prefer to run Cloudflare Area 1 downstream of their SEG initially, assess the
efficacy of both services, and then make a more final determination. We make the
process straightforward either way!

As you start the project, it’s important to involve the right stakeholders. At a
minimum, you should involve an IT admin to ensure email delivery and
productivity isn’t impacted and a security admin to monitor detection efficacy.
Other stakeholders might include your channel partner if that’s your preferred
procurement process and someone from the privacy and compliance team to verify
proper handling of data.

Next, you should decide your preferred Cloudflare Area 1 deployment
architecture. Cloudflare Area 1 can be deployed as the MX record, over APIs, and
can even run in multi-mode deployment. We recommend deploying Cloudflare Area 1
as the MX record for the most effective protection against external threats, but
the service fits into your world based on your business logic and specific
needs.

The final piece of preparation involves mapping out your email flow. If you have
multiple domains, identify where emails from each of your domains route to.
Check your different routing layers (e.g. are there MTAs that relay inbound
messages?). Having a good understanding of the logical and physical SMTP layers
within the organization will ensure proper routing of messages. Discuss what
email traffic Cloudflare Area 1 should scan (north/south, east/west, both) and
where it fits with your existing email policies.


EXECUTING THE TRANSITION PLAN

Step 1: Implement email protection
Here are the broad steps you should follow if Cloudflare Area 1 is configured as
the MX record (time estimate: ~30 minutes):

 * Configure the downstream service to accept mail from Cloudflare Area 1.
 * Ensure that Cloudflare Area 1’s egress IPs are not rate limited or blocked as
   this would affect delivery of messages.
 * If the email server is on-premises, update firewall rules to allow Cloudflare
   Area 1 to deliver to these systems.
 * Configure remediation rules (e.g. quarantine, add subject or message body
   prefix, etc.).
 * Test the message flow by injecting messages into Cloudflare Area 1 to confirm
   proper delivery. (our team can assist with this step.)
 * Update MX records to point to Cloudflare Area 1.

Here are the steps if Cloudflare Area 1 is deployed downstream from an existing
email security solution (time estimate: ~30 minutes):

 * Configure the proper look back hops on Cloudflare Area 1, so that Cloudflare
   Area 1 can detect the original sender IP address.
 * If your email server is on-premises, update firewall rules to allow
   Cloudflare Area 1 to deliver to the email server.
 * Configure remediation rules (e.g. quarantine, add subject or message body
   prefix, etc.).
 * Test the message flow by injecting messages into Cloudflare Area 1 to confirm
   proper delivery. (our team can assist with this step.)
 * Update the delivery routes on your SEG to deliver all mail to Cloudflare Area
   1, instead of the email servers.

Step 2: Integrate DNS
One of the most common post-email steps customers follow is to integrate
Cloudflare Area 1 with their DNS service. If you’re a Cloudflare Gateway
customer, good news – Cloudflare Area 1 now uses Cloudflare Gateway as its
recursive DNS to protect end users from accessing phishing and malicious sites
through email links or web browsing.

Step 3: Integrate with downstream security monitoring and remediation services
Cloudflare Area 1’s detailed and customizable reporting allows for at-a-glance
visibility into threats. By integrating with SIEMs through our robust APIs, you
can easily correlate Cloudflare Area 1 detections with events from network,
endpoint and other security tools for simplified incident management.

While Cloudflare Area 1 provides built-in remediation and message retraction to
allow customers to respond to threats directly within the Cloudflare Area 1
dashboard, many organizations also choose to integrate with orchestration tools
for custom response playbooks. Many customers leverage our API hooks to
integrate with SOAR services to manage response processes across their
organization.


METRICS TO MEASURE SUCCESS

How will you know your SEG replacement project has been successful and had the
desired impact? We recommend measuring metrics relevant to both detection
efficacy and operational simplicity.

On the detection front, the obvious metric to measure is the number and nature
of phishing attacks blocked before and after the project. Are you seeing new
types of phishing attacks being blocked that you weren’t seeing before? Are you
getting visibility into campaigns that hit multiple mailboxes? The other
detection-based metric to keep in mind is the number of false positives.

On the operational front, it’s critical that email productivity isn’t impacted.
A good proxy for this is measuring the number of IT tickets related to email
delivery. The availability and uptime of the email security service is another
key lever to keep an eye on.

Finally, and perhaps most importantly, measure how much time your security team
is spending on email security. Hopefully it’s much less than before! A SEG is
known to be a heavy-lift service deployment to ongoing maintenance. If
Cloudflare Area 1 can free up your team’s time to work on other pressing
security concerns, that’s as meaningful as stopping the phish themselves.


YOU HAVE LOTS OF COMPANY

The reason we are articulating a SEG replacement plan here is because many of
our customers have done it already and are happy with the outcomes.

For example, a Fortune 50 global insurance provider that serves 90 million
customers in over 60 countries found their SEG to be insufficient in stopping
phishing attacks. Specifically, it was an onerous process to search for “missed
phish” once they got past the SEG and reached the inbox. They needed an email
security service that could catch these phishing attacks and support a hybrid
architecture with both cloud and on-premises mailboxes.

After deploying Cloudflare Area 1 downstream of their Microsoft 365 and SEG
layers, our customer was protected against more than 14,000 phishing threats
within the first month; none of those phishing messages reached a user’s inbox.
A one-step integration with existing email infrastructure meant that maintenance
and operational issues were next to none. Cloudflare Area 1’s automated message
retraction and post-delivery protection also enabled the insurance provider to
easily search and remediate any missed phish as well.

If you are interested in speaking with any of our customers that have augmented
or replaced their SEG with Cloudflare Area 1, please reach out to your account
team to learn more! If you’d like to see Cloudflare Area 1 in action, sign up
for a Phishing Risk Assessment here.

Replacing a SEG is a great project to fit into your overall Zero Trust roadmap.
For a full summary of Cloudflare One Week and what’s new, tune in to our recap
webinar.

-

1Gartner Press Release, “Gartner Says Cloud Will Be the Centerpiece of New
Digital Experiences”, 11 November 2021
2Gartner, “Market Guide for Email Security,” 7 October 2021, Mark Harris, Peter
Firstbrook, Ravisha Chugh, Mario de Boer
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its
affiliates in the U.S. and internationally and is used herein with permission.
All rights reserved.

Discuss on Twitter Discuss on Hacker News Discuss on Reddit
Cloudflare Zero Trust Cloudflare One Week Email Security Phishing Cloud Email
Security

Follow on Twitter

Cloudflare |Cloudflare

Related Posts

June 20, 2022 3:02PM


INTRODUCING BROWSER ISOLATION FOR EMAIL LINKS TO STOP MODERN PHISHING THREATS

As part of our exciting journey to integrate Area 1 into our broader Zero Trust
suite, Cloudflare Gateway customers can soon enable Remote Browser Isolation for
email links. With Email Link Isolation, gain an unmatched level of protection
from sophisticated multi-channel email-based attacks...

   By 
 * Shalabh Mohan
 * ,  Tarika Srinivasan

Cloudflare One Week ,  Product News ,  Zero Trust ,  Phishing ,  Cloudflare Area
1

March 17, 2022 12:59PM


CLIENTLESS WEB ISOLATION IS NOW GENERALLY AVAILABLE

Today, we’re excited to announce that Clientless Web Isolation is generally
available...

   By 
 * Tim Obezuk

Security Week ,  Remote Browser Isolation ,  RBI ,  Clientless ,  CASB

March 04, 2022 4:46PM


SHIELDS UP: FREE CLOUDFLARE SERVICES TO IMPROVE YOUR CYBER READINESS

Whether you’re a seasoned IT professional or a novice website operator, these
free Cloudflare resources are available for you today. Beyond these free
resources, there are a few simple steps that you can take to help stay protected
online...

   By 
 * James Allworth

Cyber Readiness ,  Free ,  Security ,  Project Galileo ,  Athenian Project

July 30, 2021 3:00PM


THE CLOUDFLARE STARTUP ENTERPRISE PLAN: HELPING NEW STARTUPS BOOTSTRAP

To help early stage startups get going, Cloudflare is giving away one year of
the Startup Enterprise plan to all early stage startups in participating
accelerator programs....

   By 
 * Jade Q. Wang

Impact Week ,  Product News ,  Startup Enterprise Plan ,  Cloudflare Workers , 
Cloudflare Stream
 * Sales
 * Enterprise Sales
 * Become a Partner



Contact Sales:

+1 (888) 99 FLARE

+1 650 319 8930



 * Getting Started
 * Pricing
 * Case Studies
 * White Papers
 * Webinars
 * Learning Center

 * Community
 * Community Hub
 * Blog
 * Project Galileo
 * Athenian Project
 * Cloudflare TV

 * Developers
 * Developer Hub
 * Technical Resources
 * Cloudflare Workers
 * Integrations

 * Support
 * Support
 * Cloudflare Status
 * Compliance
 * GDPR

 * Company
 * About Cloudflare
 * Our Team
 * Press
 * Analysts
 * Careers
 * Internet Summit
 * Logo
 * Network Map

© 2022 Cloudflare, Inc. | Privacy Policy | Terms of Use | Trust & Safety |
Trademark