Requirements When Choosing an Email Security Provider
Choosing an email security provider can be daunting. With so many options, and so many things to consider, it can be tough to cut through the noise.
If you are doing an RFP/RFI around email security, here are some key requirements you should consider:
AI Enabled If an email security provider isn't using cutting-edge AI, it's not worth it. Utilizing machine learning and AI, particular ones that are trained on the most sophisticated attacks, will help prevent malicious emails from coming through.
Architecture In order to fully defend today's modern threats, a few basics are needed. The email security provider should rely on a cloud-based delivery mode;' it should run in a monitor only mode for any POC, as well as "inline" to test end-user workflows; and it should protect the entire suite,
API Enabled By deploying as an API, not only will your email security install quickly, but it can also extend easily to the entire suite.
Ability to Block Inline Inline security means that that the solution scans emails after default or advanced security, but before the content reaches the inbox. That means that anything that gets past the first layers, and would've otherwise hit the inbox, can get properly stopped. This type of solutions means you can completely get rid of an SEG, because the inline layer scans and remediates before the inbox
Leverages existing security layers Default layers, like those from Microsoft or G Suite, do catch a lot of phishing. That's a good thing. But they don't catch everything, which is why it's even better when you layer security. When one layer misses something, the other is there. Some security solutions, upon installation, disable default security. That leaves you more exposed.
Extends security to the suite and beyond Business doesn't just happen on email and neither does phishing. Being able to extend the same level of security to collaboration apps and file-sharing services is critical.
Drastically reduces the time the SOC spends managing the email threat A recent study by Avanan found that the SOC spends 22.9%, or about 2-3 hours per day, managing the email threat. In some environments, that can be even higher. Reducing how much time the SOC spends on email will free them up for other, critical tasks.
No Updates to MX Records When you install an SEG, you have to update your MX record to reflect that. That's an open invitation to hackers to know what security you're using, which allows them to customize their attacks. Installing email security without changing MX records keeps you safer.
Search and Destroy If you see an attack on the horizon, the best thing to do is to stop it across all mailboxes—even across all customers. Quickly searching for, and then destroying, any malicious content, is essential.
URL Rewriting Many attacks detonate post-delivery, meaning they easily get by email scanners and are only dangerous after the user clicks on the link. URL rewriting, along with time-of-click analysis, allows the security solution to analyze links and block them, as necessary.
DLP Sensitive data leaking out of the organization can have serious regulatory and financial implications. A SmartDLP program, one that scans emails and files for sensitive information, stops data leakage automatically and generates actionable alerts, can easily prevent large-scale issues.
Integrated Email Encryption A strong encryption solution protects privacy and ensures compliance. Being able to have it integrated directly into the security solution is ideal. But not all can do that.
Anomaly Detection Abnormal behavior, or anomalies, are often a sign that an account is compromised. By detecting the anomaly when it happens, you can prevent widespread damage. Utilizing machine-learning that builds a profile based upon historical event information like login locations, data-transfer behavior and email message partners can help instantly identify these breaches. Any solution should make it easy for admins to receive alerts about anomalies.
Re-scans emails post delivery Recognizing that no security is perfect is a key to being more secure. That means your solution will have a layered, defense-in-depth approach. One way to do that is to re-scan emails after delivery. Utilizing a combination of AI and human experts, this re-checks the email to ensure that nothing is missed. If a malicious email is discovered, analysts can do a global block action across all customers. Further, the solution must be able to demonstrate the ability to quickly trace email analysis and actions taken by Avanan; there should also be the functionality for emails to be removed from quarantine and placed back in a user's mailbox quickly.
Customized workflow Every organization has different needs and operates in unique ways. Applying a one-size-fits-all approach to security will leave gaps. Allowing flexibility to tailor security policies to an organization's specific needs is critical.
Shadow IT Shadow IT refers to when employees work with unsanctioned software, hardware or application on company devices. Without realizing it, employees could be putting information and data at risk by using insecure services. Being able to monitor, identify and remedy insecure usage is critical. Any solution should make it easy for admins to receive Shadow IT alerts.
Unified quarantine Many customers utilize multiple layers of security. But it can be difficult to know which one has done what. A unified quarantine, a digest that includes all quarantines and actions of every layer involved in scanning the email, reduces complexity and makes reporting a breeze.
Email quarantine and purge Being able to quickly and efficiently quarantine and email or group of emails, on demand, is essential. The same applies for quickly deleting emails from a user's inbox.
Integrates with O365 encryption Default, O365 encryption can be a good solution for outgoing emails. Being able to easily integrate that into your existing solution allows for greater flexibility, increased reported and better security.
Integrates with Report as Phishing O365 allows users to report emails they suspect to be phishing, harnessing the power of end-users in the fight against malicious email. Being able to integrate that ability into your security solution centralizes data and can incorporate that information into the AI.
Incident Response as a Service SOC teams are incredibly overwhelmed these days. One way to alleviate that is to utilize an Incident Response as a Service, whereby highly-trained experts respond, often in as few as five minutes, to request to restore from quarantine. The experts will either approve or deny the request, and for malicious emails, can instantly search and destroy similar emails across all customers.
BEC/Impersonation Any cybersecurity solution needs to be able to detect and stop impersonation and Business Email Compromise (BEC) attacks. To do so, it requires internal context, including role-based, contextual analysis of previous conversations; a trusted reputation network; scanning and quarantining of internal email and files; account takeover protection beyond email.
Allow and Block ListsAny solution needs to be able to easily enable Allow or Block Lists of email senders by domain and IP.
User/Group Management Flexibility is essential. Your solution must be able to provide the functionality to apply specific policies per user or Active Directory group membership. It should also be able to bypass or turn off analysis for a particular user or group, in case of any concerns.
Custom Reporting Your email security solution should be able to create the reports you want, when you want it.
If the email security solution you're looking at doesn't meet these requirements, it may be time to look at one that does.