What is Integrated Cloud Email Security (ICES)?

ICES definition

Integrated cloud email security is a type of email security solution that supplements cloud-based email service, such as Microsoft Office 365, Google Workspace, or Amazon WorkMail. An ICES solution will provide advanced email protection against a wide range of threats, including spam, phishing, malware, and ransomware.

How does ICES work?

When an email is sent to a user's email address, it is routed through the ICES system, which scans the email for spam, viruses, and other email-based threats using a combination of signature-based and behavior-based threat detection techniques. This includes analyzing the email's content, attachments, and sender reputation to determine if it contains malicious content to identify known and unknown threats.

Some ICES systems like Darktrace, can block the email from ever reaching the recipient’s inbox or flag the email, alerting the security team to take further analysis.

Similarly, ICES systems can take remediation actions, such as removing malicious content from an email or blocking the sender's email address to prevent future emails from reaching the recipient's inbox.

ICES is updated in real-time to detect and protect against emerging threats, such as new strains of malware or phishing attacks. Using machine learning and AI, ICES is able to update automatically and in real-time to respond to new threats and vulnerabilities. This means that businesses do not need to manually update the system or worry about falling behind on the latest threat protection.

Benefits of ICES

ICES does not take the place of existing email security measures. Instead, it augments these systems, increasing the effectiveness of email security. ICES has several benefits including:

Simplified deployment: Integrated cloud email security is easy to deploy and configure, as it is built into the email service and does not require any additional hardware or software.

Seamless integration: It seamlessly integrates with the cloud email service, providing a consistent user experience and reducing the risk of compatibility issues. 

Real-time protection: ICES provides real-time protection against email-based threats, preventing data breaches and other security incidents.

Advanced threat detection: It uses advanced threat detection techniques, such as machine learning and artificial intelligence, to identify and block emerging threats that may be missed by traditional security measures.

Types of email attacks

Phishing: Phishing is the process of sending fraudulent emails, while posing as legitimate sender, to convince people to reveal sensitive information such as passwords, social security numbers, bank account information, and more. 

Spear phishing: is a type of phishing cyber-attack that targets a specific individual or organization rather than a broad audience. This usually involves an attacker conducting a significant amount of research on an organization or individual to make their attack seem more credible by contextualizing their message with relevant personal or corporate information. These attacks usually come in the form of email messages but ‘spear-phishing’ is a more specific way to describe a socially engineered phishing attempt that is targeted. The goal of a spear phishing attack is to gain access to sensitive information such as credentials or compromise valuable data. This can be done purely through solicitation or through further methods of compromise such as embedding malware into a targeted system.

Account takeover: account takeover fraud, or account compromise refers to a cyber-criminal gaining control of a legitimate account. This can happen when a threat actor successfully obtains an individual’s login credentials. Account takeover can be detrimental to business operations at any organization because with a legitimate account, attackers can operate covertly, have a stamp of credibility, and authority depending on who’s account is compromised.

BEC: BEC stands for Business Email Compromise. BEC involves attackers gaining unauthorized access to a company's email account or impersonating a trusted individual for the purpose of carrying out fraudulent actions such as transferring money or obtaining sensitive information through social engineering tactics.

CEO Fraud: CEO fraud is a form of impersonation where a threat actor will falsify their identity, acting as a CEO (or other executive) at an organization and attempt to communicate with other employees, such as members of the finance department. They trick using falsified versions of a high-ranking official’s credentials. These attacks are specifically focused on financial gain and often involve urgent requests for the transfer of money.​ 

Whaling: This is a heavily targeted cyber-attack where the attacker attempts impersonate themselves as a high ranking official. The term whaling references their victim as a “whale” because of their massive influence or high level of importance at an organization.

AI email security

AI Email solutions: Darktrace’s AI email security uses artificial intelligence and machine learning algorithms to prevent, detect, respond to, and heal from email attacks. Through its unique understanding of you, rather than knowledge of past attacks, Darktrace/Email stops the most sophisticated and evolving email security risks like generative Al attacks, BEC, account takeover, human error, and ransomware.

In a Self-Learning AI model, the AI has the ability to understand the business from the inside out. That way when activity within the business deviates from ‘normal', the AI can identify this behavior and alert the security team. 

AI can also use real-time data to identify and respond to threats quickly, minimizing the potential damage and saving time for security teams who usually have to parse through a high number of flagged emails. 

One of the key benefits of AI email security is that it can detect threats that may go unnoticed by traditional security systems, which often rely on pre-defined rules and patterns to identify threats. With AI, email security can continuously learn and adapt, providing more comprehensive protection against previously unknown email-based attacks.

Related glossary terms