According to Gartner, only 7% of organizations inspect their internal email. This is despite the fact that the last five years have seen a rise in internal threat actors: growing from 20% of corporate breaches in 2015 to 35% today. Worse, Business Email Compromise is now the fastest growing threat to cloud-based suites like Microsoft 365 and G-Suite, allowing external threat actors to send emails to anyone in your organization from a compromised inbox. 

Why doesn’t my vendor monitor internal email?

Legacy Email Gateway architecture was designed in an era of perimeter security, at a time when all threat actors were ‘outside’ while everyone ‘inside’ was considered a trusted entity. 

Email gateways are designed to monitor inbound messages. You may have even configured yours to monitor outbound email, but the gateway architecture makes it impossible for them to monitor and quarantine internal email before it reaches the inbox. 



If they are blind to an internal email, your vendor cannot protect against the insider threat and cannot prevent data leakage between individuals and departments.

What about vendors that offer an internal email product?

While they realize that this is a very serious and difficult problem, all gateway vendors are handicapped by the legacy proxy architecture.

Some do offer an additional product to monitor internal email, but none of them can block a malicious message before it reaches the inbox.

Avanan has a specialized AI model for scanning internal traffic, with indicators relevant for an internally-originated attack. As hackers infiltrate internal accounts to send malicious content to partners, customers, and other employees Avanan identifies those emails as phishing and blocks them.  By scanning and quarantining internal emails and files in real-time, Avanan is best positioned to prevent east-west attacks and internal threats.