Online Security and EmailsICTAA
The security industry has provided large businesses with effective email security solutions for many years, helping to address their heightened sensitivity to email risk.
Email gateway security solutions have proven particularly effective because they filter inbound and outbound email traffic at the email gateway, thus ensuring that only emails conforming to corporate policy are allowed in and out of the business. Because these solutions remove unwanted email before it reaches the email gateway, they also reduce bandwidth consumption over networks.
Mid-sized businesses historically have been less aggressive toward email security, due to lower perceived risk and a general lack of full-featured solutions suitable to their budgets and environments. Today, however, these companies face a constant barrage of spam, viruses, and other malware that can cause significant business harm—ranging from impaired productivity to lost business and brand damage.
News headlines frequently tout the proliferation of email-based spam and malware. In 2014, two-thirds of all email traffic was spam. For mid-sized businesses, spam and viruses have traditionally been a nuisance and productivity hindrance, so deploying anti-spam and antivirus solutions that could block most of this traffic was considered good enough.
The Changing Face of Email Threats
More recently, however, the threat landscape has changed. Criminal organizations have evolved from targeting a select number of large businesses to targeting large numbers of businesses of all sizes. Mid-sized businesses are particularly attractive to them, since they tend to have fewer defences than their larger cousins. They are targeting these companies with a broader array of motivations and tools than ever before, including:
- Traditional spam attacks
- Malware attacks: where emails include malware as file attachments or links to malicious websites
- Phishing attacks: to trick recipients into visiting spoofed websites that request personal identity information or download malware onto the computer
- Denial of service attacks,: which can block email capabilities by bombarding email servers with a flood of messages
- Spear phishing attacks: which are targeted attacks on specific people; these attacks are designed either to steal personal identity information or to gain control of their computers so they can be used to penetrate corporate networks
- Directory harvest attacks, where spammers try to identify valid email addresses in an organization; they do this by bombarding it with emails sent to addresses using a variety of common names
The potential damage from these attacks extends beyond impaired productivity. In the early days of email spam, most unwanted mails were marketing messages for products and services, legitimate and illegal alike. As attackers became more sophisticated, their spam content took a more malicious turn. Unwanted email can now also cause more serious problems including data breaches, financial loss, compromised customer information, compliance violations, and brand damage.
In many cases, malware delivered via email is designed to provide criminal organizations with control over the infected computer.
They may use it for any number of purposes, including:
- Stealing personal identity
- Adding the compromised machine to a botnet: where it can be used for anything from sending spam to hosting illegal content
- Siphoning sensitive information: directly from the computer
- Using the computer as a foothold: to gain access to other parts of the network and launch a wide-ranging attack on the network
This last attack can be particularly damaging for large and small companies alike. Once inside a network, attackers can stealthily gather all kinds of corporate data, including customer or employee databases, customer credit card information, negotiating documents, or intellectual property, such as product prototype details. Infiltration of a company’ systems could also allow that organization’s network to launch attacks on the networks of partners or customers to which the company has access.
Outbound email represents another set of risks for mid-sized companies, including compliance violations, legal liability, and general business damage from information leakage and inappropriate email. Today, many companies of this size do not monitor outbound email, nor do they have acceptable use policies in place, so they are virtually unprotected against these risks.
To combat modern email threats, companies need to deploy comprehensive and cost-effective email security solutions that can cleanse both inbound and outbound traffic, to reduce overall risk to the business.
5 Key Features of an Email Gateway Solution
Most email gateway security solutions will include anti-spam and antivirus engines. However, truly reducing email risk requires a number of additional features that address the full spectrum of threats posed by inbound and outbound email.
Key features to consider when evaluating gateway solutions include:
- Configurability: Ease-of-use is important, but it should not come at the expense of configurability. The email security gateway solution should have enough configuration options so that they can be customised to specific business requirements.
- Multiple Antivirus Engines: Defence-in-depth strategies were once only available to large businesses. Today, you should seek similar capabilities. Because no antivirus engine is perfect, you should adopt email gateway security solutions that use multiple such engines to improve overall antivirus effectiveness.
- Filtering for Email Exploits: Email-exploit engines attempt to detect unknown malware. They do this by analysing suspect code and determining whether or not it has the characteristics of malware. This is a critical capability for email security solutions because it defends against malware exploiting vulnerabilities that have not been publicly revealed or patched. Called a zero-day attack, this type of threat is increasingly common.
- Anti-phishing engine: Anti-phishing engines reveal the true domain names of spoofed websites promoted in phishing emails. This decreases the likelihood of the user falling prey to a phishing attack.
- Intelligent Spam Filtering: Anti-spam vendors are notorious for publicizing inflated effectiveness rates. So you should focus not just on detection rates, but also on the corresponding false positive rate.
Effectiveness and detection rates have a direct correlation: The higher the detection rate, the higher the false positive rate, and vice versa. Since a single false positive can be far more damaging than allowing multiple spam messages to enter the network, it is important to be able to configure the spam filter so it strikes the right balance to protect the business, while enabling fluid communication. The anti-spam engine should also be able to learn from user behaviour, so it does not impede the flow of business communication.
For example, Viagra and painkillers are common in spam solicitations, but in health care organizations, they are also the topic of legitimate email correspondence. A good anti-spam engine should be able to learn the difference between spam and legitimate emails in this type of situation so it does not bog down the business with excessive false positives.
A competent anti-spam engine should also be able to receive updates automatically from the vendor to keep pace with changing spam techniques. This maintains its effectiveness when new forms of spam appear, as we have seen over the years with non-delivery report, attachment, or image-based spam.
- Self-service Spam Quarantine: Maintaining spam quarantines is a tedious, low-value activity for IT administrators. An effective SMB email gateway security solution will provide self-service quarantine administration, so end users can review their own quarantines and unblock or delete messages themselves. This frees you up to focus on more value-added activities, which is especially important for companies with limited support/budgets.
- Data-loss Prevention (DLP): As mentioned earlier, outbound email presents a broad array of risk to SMBs. Employees accidentally or intentionally leaking confidential or inappropriate information can lead to lost business, public embarrassment, compliance violations, and even legal exposure. You should look for DLP functionality in any email gateway security solution so you can mitigate these risks through a combination of attachment and content filtering.
Using Office 365, Gmail or Exchange on-premise?
Three Reasons why you need a third-party Email Security Gateway:
- If your email services go offline which does happen, you will temporally lose access your email. Email security gateways act as a secondary service that sees email before it hits your email service, even if your email service is unavailable your inbound emails won’t bounce and instead are held by the email security gateway until your email server is available. Some email security gateways let end-users login to a dashboard to send/receive emails whilst the main email server is unavailable.
- Your legal and compliance team will tell you that email archiving is a vital part of your information strategy. In many industries you must maintain an archive. However, even if you’re not legally required to, it makes good business sense as it provides insurance for future customer disputes that may escalate to legal action. The archiving capabilities in Office 365 are rudimentary, and unless you have purchased an enterprise level plan you will have to pay extra for any additional features. It doesn’t support other, non-Microsoft platforms, and there is also an inherent danger in storing your archived email with your primary email service provider – don’t put all your eggs in one basket.
- Today’s email service providers give you moderate email security, including the ability to scan emails for files with known malware signatures. However, to get more robust protection, including zero-day scanning and real-time protection from malicious URLs, you’ll need to pay roughly two dollars more per seat for Advanced Threat Protection (ATP) services.
By using a dedicated third-party archiving service, from a solution provider that concentrates on best-in-class email archiving, you will be getting more risk tolerance, along with a highly searchable system that supports different user roles.
Even after you pay extra for what would be considered entry-level features in dedicated email security solution provided, you may find yourself feeling ripped off. ATP doesn’t provide access to other useful security features including ‘grey listing’, which forces the sender’s email server to resend the message, filtering out spam senders who generally don’t comply.
How does it work?
An email gateway security service will provide you with comprehensive protection, using multiple malware scanning services, sandboxing, advanced spam protection, and heuristic scanning to dramatically lower your risk of exposure.