Requirements When Choosing an Email Security Provider

Choosing an email security provider can be daunting. With so many options, and so many things to consider, it can be tough to cut through the noise.

If you are doing an RFP/RFI around email security, here are some key requirements you should consider:

    1. AI Enabled
      If an email security provider isn't using cutting-edge AI, it's not worth it. Utilizing machine learning and AI, particular ones that are trained on the most sophisticated attacks, will help prevent  malicious emails from coming through.


    2. API Enabled
      By deploying as an API, not only will your email security install quickly, but it can also extend easily to the entire suite.


    3. Ability to Block Inline
      Inline security means that that the solution scans emails after default or advanced security, but before the content reaches the inbox. That means that anything that gets past the first layers, and would've otherwise hit the inbox, can get properly stopped. This type of solutions means you can completely get rid of an SEG, because the inline layer scans and remediates before the inbox


    4. Leverages existing security layers
      Default layers, like those from Microsoft or G Suite, do catch a lot of phishing. That's a good thing. But they don't catch everything, which is why it's even better when you layer security. When one layer misses something, the other is there. Some security solutions, upon installation, disable default security. That leaves you more exposed.


    5. Extends security to the suite and beyond
      Business doesn't just happen on email and neither does phishing. Being able to extend the same level of security to collaboration apps and file-sharing services is critical. 


    6. Easy to install
      Installing email security doesn't have to be difficult. Especially with API solutions, in one click you can be good to go.


    7. Drastically reduces threat from phishing
      Phishing emails have the potential to overwhelm a company and cause large-scale financial damage. There is a way to manage the phishing problem. Avanan's solution is proven to reduce the phishing threat by 99.2%


    8. Drastically reduces the time the SOC spends managing the email threat
      A recent study by Avanan found that the SOC spends 22.9%, or about 2-3 hours per day, managing the email threat. In some environments, that can be even higher. Reducing how much time the SOC spends on email will free them up for other, critical tasks. 


    9. No Updates to MX Records
      When you install an SEG, you have to update your MX record to reflect that. That's an open invitation to hackers to know what security you're using, which allows them to customize their attacks. Installing email security without changing MX records keeps you safer.


    10. Search and Destroy
      If you see an attack on the horizon, the best thing to do is to stop it across all mailboxes—even across all customers. Quickly searching for, and then destroying, any malicious content, is essential. 


    11. URL Rewriting
      Many attacks detonate post-delivery, meaning they easily get by email scanners and are only dangerous after the user clicks on the link. URL rewriting, along with time-of-click analysis, allows the security solution to analyze links and block them, as necessary.


    12. DLP
      Sensitive data leaking out of the organization can have serious regulatory and financial implications. A SmartDLP program, one that scans emails and files for sensitive information, stops data leakage automatically and generates actionable alerts, can easily prevent large-scale issues. 

    13. Integrated Email Encryption
      A strong encryption solution protects privacy and ensures compliance. Being able to have it integrated directly into the security solution is ideal. But not all can do that. 


    14. Malware Scanning
      Malware can enter environments now easier than ever, whether it's email or file-sharing services. Being able to scan every message, file and application for malware—and to do so automatically—is essential.


    15. Anomaly Detection
      Abnormal behavior, or anomalies, are often a sign that an account is compromised. By detecting the anomaly when it happens, you can prevent widespread damage. Utilizing machine-learning that builds a profile based upon historical event information like login locations, data-transfer behavior and email message partners can help instantly identify these breaches. 


    16. Re-scans emails post delivery
      Recognizing that no security is perfect is a key to being more secure. That means your solution will have a layered, defense-in-depth approach. One way to do that is to re-scan emails after delivery. Utilizing a combination of AI and human experts, this re-checks the email to ensure that nothing is missed. If a malicious email is discovered, analysts can do a global block action across all customers. 


    17. Customized workflow
      Every organization has different needs and operates in unique ways. Applying a one-size-fits-all approach to security will leave gaps. Allowing flexibility to tailor security policies to an organization's specific needs is critical. 


    18. Shadow IT
      Shadow IT refers to when employees work with unsanctioned software, hardware or application on company devices. Without realizing it, employees could be putting information and data at risk by using insecure services. Being able to monitor, identify and remedy insecure usage is critical. 


    19. Unified quarantine
      Many customers utilize multiple layers of security. But it can be difficult to know which one has done what. A unified quarantine, a digest that includes all quarantines and actions of every layer involved in scanning the email, reduces complexity and makes reporting a breeze. 


    20. Integrates with O365 encryption
      Default, O365 encryption can be a good solution for outgoing emails. Being able to easily integrate that into your existing solution allows for greater flexibility, increased reported and better security. 


    21. Integrates with Report as Phishing
      O365 allows users to report emails they suspect to be phishing, harnessing the power of end-users in the fight against malicious email. Being able to integrate that ability into your security solution centralizes data and can incorporate that information into the AI. 


    22. Incident Response as a Service
      SOC teams are incredibly overwhelmed these days. One way to alleviate that is to utilize an Incident Response as a Service, whereby highly-trained experts respond, often in as few as five minutes, to request to restore from quarantine. The experts will either approve or deny the request, and for malicious emails, can instantly search and destroy similar emails across all customers



If the email security solution you're looking at doesn't meet these requirements, it may be time to look at one that does.