Having strong email security is absolutely crucial for business. Email security threats are the biggest risks to companies globally, with 90% of hacking attacks coming from email breaches. These attacks can cost companies thousands of dollars and more importantly can damage brand reputation and customer confidence.
But you know all that, and what you want is help with selecting the solution to these problems: a good email security service. The problem is, searching for email security products can be time-consuming and confusing. You want a solution that just works, one that blocks phishing, spam and viruses. These platforms are known as Secure Email Gateways.
You are probably using a hosted email platform like Office 365 or an on-premise mail server like Microsoft Exchange. However, while these platforms offer a basic level of built in security, they don’t provide market leading email security protection. A Secure Email Gateway operates in the cloud and is able to process email before it reaches your email platform. There’s a range of features which come together to create a good service. Multi-layered protection is crucial.
Whether you are a new customer for business email security or just aren’t happy with the features offered by your current provider, this post will tell you everything you need to check off your list when looking for a good email security service.
In no particular order, let’s get into it:
1. Inbound and Outbound Email Logging
Proofpoint Essentials Inbound Logging
Having a log of inbound and outbound emails you can easily search is vital.
A good email security service will offer a full log of emails. This allows you to see who is receiving emails and where they are coming from. This is an important way to see how well your spam filter is working, as it shows how many harmful emails are getting into your inbox.
Outbound email logs are also important as they can show where emails have been sent, and if they were received. This can stop data leaks and provide you with receipts for email communications.
A good vendor will offer a log of 30 days or more, which covers employee vacations.
2. Latency and Email Speed
Symantec Email Security.Cloud.
The speed that emails are sent and received is crucial. Businesses cannot afford to lose time waiting for emails to be sent and received.
Email Gateways will always need some time to check content is safe. However, in most cases, this will only be a few seconds. A longer latency than this will start to become a problem for businesses as they will run behind on communications.
Make sure you find out what the latency is for each product you’re researching and decide what kind of compromise you want to make on speed for the sake of safety.
3. Maximum Message Size
Mimecast Messaging Features
Everyone who has clicked ‘send’ on an email, only to notice later that it’s not been delivered because it was too large knows the importance of this feature. Emails have size limits and Email Gateways can further reduce the size of emails that users can send and receive.
It’s important to know that different components make up an email. This means there is more than just attachments and images which make up the size of an email. Transmission and content coding also take up space. This means if you have a service which allows for sending up to 100MB email sizes you will only be able to send an email of about 60% to 70% of that size.
Office 365 currently supports email sizes of up to 150MB so we’d recommend making sure the product you choose has at least 150MB-200MB email sending sizes, with the bigger the better.
4. Spam Filtering Accuracy
Mimecast ‘On-Hold’ Messages
This may seem obvious, but it can’t be forgotten about. Finding a service that can accurately blocks spam is crucial.
Never commit to buying a product that you haven’t first tested. Some email security products will simply not be right for your organisation and will continue to let in a lot of spam emails. This can be a real threat to your company’s security.
You should trial every product you are considering to find out which is the best at blocking spam. Many vendors will offer a Service Level Agreement (SLA) on the level of spam which will get through.
However, you shouldn’t be fooled into a false sense of security when you hear they block 99.9% of spam. This means for every 10,000 spam emails sent to your business, 10 will still make it past your filter. All it takes is for one employee to fall for a phishing attempt and your business could be breached.
It’s also important that the system blocks emails right out of the box, without needing to be trained, which is a sure sign of an outdated service.
5. False Positive Rate
FuseMail Filtering Controls
Another reason to always try before you buy with email security is the false positive rate.
This is the percentage of genuine emails which are mistakenly marked as spam. They are then blocked from being sent or received.
It’s infuriating to find you are missing legitimate emails, or your contacts aren’t receiving emails you’ve sent. To prevent this make sure the product you go for has a low false positive rate.
Many companies will offer an SLA on the false positive rate which you can use as an indicator as to what products offer a good service. But as with spam filtering, you will still need to trial the service to make sure it works as advertised. If you are using a 3rd party system to send marketing emails, e.g. Hubspot or Mailchimp, be sure to test that the spam filter doesn’t incorrectly block these emails.
6. Phishing Protection Inside the Inbox
Secure Email Gateways can prevent malicious emails from entering your inbox.
However, attackers are getting smart enough to get bypass gateways and reach the inbox of users with Phishing attacks. This involves an attacker impersonating an employee, or outside business and asking for money from your company. This means it’s important your email security solution can remove unsafe messages that have already made it into your inbox.
These are AI Email Security services which are usually powered by machine learning algorithms. These algorithms scan inboxes for malicious emails and then delete them. Some Email Secure Gateway vendors such as Barracuda can add on these products, or you can integrate another third-party platform such as IronScales.
7. Link and URL Rewriting
Vade Secure Identifying a Spoofing Attempt
Link Rewriting is an important feature which can help prevent Phishing attacks.
Email Secure Gateways scan URLs in emails to determine if they are safe or not. Sometimes a link will be scanned and categorized as safe for an email sent in the middle of the night. However, afterwards, an attacker may inject this URL with malware. This means when the employee opens the email link in the morning, they could be compromised.
A good email security platform will use Link Rewriting to determine if the URL is safe in real time. If a URL is safe it should take the user to the page and if not, it should be blocked in their browser.
You should make sure this feature is offered when researching email security services. Advanced Threat Protection products will scan links in inboxes and automatically remove them if they are deemed unsafe, which is a good option for additional multi-layered security.
8. Email AntiVirus Scanning
Cisco Email Security
Email security services need to be adept at blocking viruses and malware. Many vendors offer an SLA on their threat protection. This is a good indicator of how well a product will perform at stopping viruses from entering your inbox.
Equally important though is the research and development a company invests into their email security products. This informs how well they will be able to protect your network against new and emerging email threats. These are Zero Day threats.
Zero Day threats are the most important for you to be protected against. You should make sure you choose a vendor with a large intelligence and research department working to keep ahead of attackers.
9. End User Spam Reports and Controls
A good email security vendor will offer end user spam reports.
These reports allow you to see where an email has been labelled as spam. If you can see that a genuine email has been labelled as spam, you are able to open it. If it really is spam, you can delete it.
This is useful to reduce the burden on IT departments, but it can be a security risk. At some point, an end user with little technical experience could let a malicious email into the system.
To prevent this you should choose an email security platform which offers different privileges to different groups of users. This allows some users to have unrestricted controls, while others cannot have access to controls over more dangerous emails.
For this functionality, it is important the service you choose features LDAP, Active Directory or Azure integration.
This means that the account you use to access reports and controls would be the same as the one that you use to log into your work computer. This makes it easy for end users to get access to spam reports and makes it easy for admins to govern policies for individual users.
10. Administrator Features
Mimecast Admin Policies
A good range of administrator features is a crucial thing for you to look for in an Email Secure Gateway.
Admin features help to customise the service and allow it to fulfil the specific needs of your organisation.
Important things for you to look out for are controls, like a sliding scale of how strict the spam filter is, which can increase or decrease the False Positive rate. Another feature you should look out for is pre-built policies and custom rules on email filtering. This allows you to block emails containing profanity and personal information. You may also want to set a signature which is present on all emails. This can display company information, or disclaimers about the sharing of email content.
Other important features for you to look out for is data centre locations and privacy policies. Data security should be a top priority for a vendor, so make sure you know where your data is and how it’s being kept safe.
11. Additional Services
Barracuda Essentials offers security, archiving backup and recovery
Good email security involves you having a range of services. These work alongside your Secure Email Gateway and help your business stay secure and meet legal requirements.
To make sure you have rounded protection check what other services each vendor offers. A good add-on service is Email Encryption, which protects against data loss.
One service you should look out for is Email Archiving, which allows you to store emails for legal reasons.
Another popular service is Security Awareness Training. This involves vendors providing training to help your organisation become more security aware.
Make sure the vendor you choose for email security has a good range of other products available. Some vendors will offer you an ‘Essentials’ package which bundles multiple services at a lower cost for small businesses.
12. Admin Interface
Fusemail Admin Dashboard
Last but certainly not least we have the admin interface.
Having an admin interface which is easy and simple to use is crucial and so important to a demo or trial before you buy a service.
Admins will spend a lot of time with a product, fine-tuning policies, looking at logs and fixing issues. If an interface is clunky, difficult to use or outdated, an otherwise great product becomes very frustrating.
Alongside being easy to use, there is a range of features which make a user interface great. Single Sign-On is an important feature for you to look for. This streamlines the process as it means admins only need one account.
Mobile access is another important feature for you to look for so you can troubleshoot on the go.
Security for this interface is crucial, as it is a portal to access a wealth of your company’s data. When you talk to vendors, make sure that their product offers two-factor authentication.
I hope you found this guide a useful tool. There’s a lot to digest here, but an email security solution is not just for Christmas and you may be with one provider for the next few years. This means it’s hugely important to get the product which fits your business best and meets all 12 of the points outlined in this blog.
You can read expert reviews of the leading Email Security Gateway products for Office 365 and on-premise mail servers at www.expertinsights.com.