Email is one of the largest communication methods available, so it is no wonder it’s among the favorite attack vectors to target. Organizations rely on email to keep their businesses running, but very few place the importance on properly securing it. Email security refers to the collective measures used to secure the access and content of an email account or service and data from hackers – at rest and in transit. The solutions submitted this month use multiple techniques from encryption to advanced threat protections to weed out dangerous emails.
According to multiple studies, one of the primary sources for the spread of malware – responsible for large numbers of network intrusions – is email through malicious attachments or users clicking on links contained in the email body. The products highlighted in this month’s review provide protections across many phases of an attack. Some tools provide filtering to catch malicious payload prior to it hitting a user’s inbox while others offer disaster recovery options.
While there is no silver bullet in the security space, allocating the resources to protect your email system will trim the “low hanging fruit” and protect your users from themselves.
Group test discussion
This month the SC Labs team looked at a variety of email security solutions designed to protect on premise exchange servers, Office365 Exchange Online and G-Suite Gmail for business solutions. Since this was the first time in a while the SC Labs team looked at this category, we sat down with each vendor’s technical team to gain a greater understanding of the problems each solution solved and the features separated them from the pack.
In years past, the focus was on spam protection and email encryption. These tools have evolved as the threat landscape has changed and continue to add features, creating more of a product suite.
One item that really stood out to the SC Labs team was how easily these tools integrated with the major cloud platforms. Previously, most of the solutions targeted on-premises exchange servers and the online protections were very limited. With the industry shift to the cloud, it’s refreshing that this space can keep pace and continue to protect inboxes wherever they may reside.
Ranking high on our list was the ability to protect users from malicious attachments and web links, which often slips through the cracks of the built-in protections. A few tools will allow you to track user activity and provide follow up training for users who tried to access these malicious objects. Not only does this help organizations track down problem users, it also improves security awareness content.
Another attractive feature available in most of the enterprise tools evaluated was the ability to protect users from internal threats. While this may not seem like a “must have” feature, a compromised user account often will try to spread to other internal users. Studies show that users often will almost completely trust emails from internal sources so spreading malicious content this way can be both successful and devastating. By protecting internal communications, companies can better contain further contamination.
While there is no one-stop-shop or magic solution, protecting inboxes will go a long way safeguarding an organization from the great unknown of end user behavior. Once a malicious payload arrives inside a mailbox on an endpoint, organizations rely on your next layers of protection catching the threat and the behavior of the userbase to report and help prevent the spread of the email. The tools that offer phishing and end user training help reinforce these principles and allow you to use real world examples.
Pick of the Litter
Scrutinizing several innovative cloud-based email security options this month, we were pleased with the advancements that have been made to mitigate email-borne threats. EdgeWave impressed us with its versatile and intuitive ePrism platform. We found that the solution addressed every major feature of this category while maintaining its cost-effectiveness, which is why we are making Edgewave ePrism our SC Labs “Best Buy” award-winner. Symantec’s Email Security.cloud was packed full of useful and innovative features, including several we were not expecting. The incorporation of threat visibility and response, as well as embedded security awareness training, enhanced the platforms capabilities. Considering the additional tools and options available within a broader Symantec portfolio, it’s no mystery why we selected it as our SC Labs “Recommended” award-winner. --
Pick of the litter written by Matthew McMurray
To read all the reviews:
Barracuda Total Email Protection
BitDam ATP for Email
EdgeWave EdgeWave ePrism
Mimecast Secure Email Gateway
SonicWall Hosted Email Security
Sophos Email Advanced
Symantec Email Security.cloud
Vade Secure for Office 365