With the drastic increase of sophisticated cyberattacks and email remaining the number one threat vector for these attacks, email security gateways have become even more of a necessity for every organization. As more people access email on multiple devices from numerous locations outside the traditional corporate network, this can leave users vulnerable to security gaps and creates more opportunity for attacks. Spear-phishing has now become hyper-focused with attackers no longer simply sending mass emails; today it’s not uncommon for attackers to research targets within an organization through their social media presence in order to better tailor email messages and increase the chance of a malicious email being delivered.
While there are several secure email gateway products and services available, selecting the one that addresses your needs best isn’t that easy. To evaluate secure email gateway solutions, you need to ask yourself a few questions about their features and capabilities. You can find answers to these questions by talking to the vendor, trying the solutions out, and from online forums or network discussions with people that have experience with the service providers you’ve shortlisted.
To help simplify things for you, we’ve listed down four of the most pertinent features we’d ask about to select an email security gateway for our business. Let’s take a look at them.
1. Protection from Evolving Threats
To counter today’s data security threat landscape, you need an email gateway that has more advanced antivirus, anti-phishing, and anti-spam technologies as the older ones are utterly ineffective against current threats. For example, web reputation tools that provide a wealth of metrics to allow security administrators to analyze if the URLs mentioned in emails have been malware free for a specified period, and grant access accordingly. Reputation filtering can stop up to 90% of spam before it enters your network.
Email security solutions should also offer protection against new emerging threats, such as snowshoe spam, by providing contextual analysis and automatic classification capabilities. Another emerging email-borne threat is attackers mimicing the unsubscribe links in marketing, social networking and bulk messages (Graymail) as a phishing technique, so Graymail is also important to protect against.
2. Customization & Integration
You may think customizing an email security gateway isn’t that important, but doing so can strengthen the management process significantly by letting you generate customized reports, develop custom administrator dashboards, and improve detection capabilities.
Most high-risk organizations look for a higher degree of customizability and flexible deployment options to make the threat detection process as advanced as possible. Solutions should offer multiple options that include on-premise hardware, cloud, virtual and hybrid options.
Theft or loss of confidential data can significantly damage your business. So look for solutions with robust DLP capabilities that allow you to customize policies and severity levels to suit your organization’s needed.
3. False Positive and False Negative Rates
One key problem with email security gateways is that they sometimes identify emails inaccurately. The number of emails that are incorrectly identified determines how well the solution can protect your organization’s communications. The higher the rate of false positives or negatives, the less reliable the system is. If a client’s email is incorrectly identified as spam or a threat, you might not see the email in time, and end up losing the client.
Similarly, if a malicious email isn’t flagged properly, you might end up compromising your whole network. Ideally, both these rates should be as low as possible.
Because detection techniques vary, the rates for each threat type such as phishing detection and malware detection should be provided separately. You should be able to “fine tune” the gateway’s detection technologies to lower or raise the rates as well.
4. Advanced Threat ProtectionAttackers are constantly evolving their approaches in order to bypass email security, so an ideal email security gateway should also leverage up-to-date threat intelligence backed by real-time security research. That includes being aware of the current and recent threats such as malicious IPs and URLs of malicious domains. Real-time threat intelligence and research can provide a continuous view into global traffic activity, analyze anomalies, uncover new threats, and monitor traffic trends in order to help prevent zero-hour attacks. By continually generating rules that feed updates to your email security solution, definitions and policies are updated regularly and as quickly as possible.
Also critical is the ability to provide dynamic malware analysis and sandboxing and file retrospection for the continuous analysis of advanced threats, even after they have traversed the email gateway. With these features, you can block more attacks, track suspicious files, mitigate the scope of an outbreak, and remediate quickly. Even with high block rates, no solution provides 100% protection and attacks that pass an initial inspection may later start to behave maliciously, so the ability to continuously track files and emails from the moment they hit the network is imperative.
So how secure is your email gateway? Have you evaluated it based on the above criteria? Let us know in the comments below.