Requirements When Choosing an Email Security Provider
Choosing an email security provider can be daunting. With so many options, and so many things to consider, it can be tough to cut through the noise.
If you are doing an RFP/RFI around email security, here are some key requirements you should consider:
AI Enabled If an email security provider isn't using cutting-edge AI, it's not worth it. Utilizing machine learning and AI, particularly ones that are trained on the most sophisticated attacks, will help prevent malicious emails from coming through. Advanced AI is needed to stop 51% of today's advanced threats. The APIs allow security solutions to better leverage the cloud email environment. And AI/ML is an absolute requirement as the next generation threat has neutralized the legacy signature-based solutions. Further, Avanan's AI is powered byThreatCloud. Twenty years in the making, ThreatCloud is the world's largest threat intelligence database. There are 42 separate machine learning and AI engines that run in concert to detect the most advanced pieces of malware. What does that lead to? By doing seven billion transactions a day, ThreatCloud finds over 6,000 previously unknown malware and zero-day malware daily. Not all of the email security vendors combined can match the magnitude of ThreatCloud.
Architecture In order to fully defend today's modern threats, a few basics are needed. The email security provider should rely on a cloud-based delivery mode; it should run in a monitor-only mode for any POC, as well as "inline" to test end-user workflows; and it should protect the entire suite.
API Enabled By deploying as an API, not only will your email security install quickly, but it can also extend easily to the entire suite.
Ability to Block Inline and Stop Inbox Incursions Inline security means that the solution scans emails after default or advanced security, but before the content reaches the inbox. That means that anything that gets past the first layers, and would've otherwise hit the inbox, can get properly stopped. This type of solution means you can completely get rid of an SEG, because the inline layer scans and remediates before the inbox. With this type of solution, you can stop inbox incursions, which is when a malicious email hits the inbox before being remediated. While there are a number of other API-based solutions on the market, none of them actually prevent inbox incursions. In other words, they don't blocks malicious emails from reaching the inbox. What's the point if end users can still have access to malicious emails? Without prevention you have nothing but a form of remediation.
Leverages existing security layers Default layers, like those from Microsoft or G Suite, do catch a lot of phishing. That's a good thing. But they don't catch everything, which is why it's even better when you layer security. When one layer misses something, the other is there. Some security solutions, upon installation, disable default security. That leaves you more exposed. Beyond that, it should take advantage of advanced telemetry, with data from endpoints, mobile devices, networks, IoTs and more. Standalone email products are no longer enough to stop today's threats. It requires integration with data feeds that encompass the entirety of the networked world.
Extends security to the suite and beyond Business doesn't just happen on email and neither does phishing. Being able to extend the same level of security to collaboration apps and file-sharing services is critical. Further, our security stack includes Data Loss Protection (DLP) scanning to ensure that emails do not violate data protection policies. Combined with encryption, our customers have the choice to encrypt such sensitive information before being transmitted.
Drastically reduces the time the SOC spends managing the email threat A recent study by Avanan found that the SOC spends 22.9%, or about 2-3 hours per day, managing the email threat. In some environments, that can be even higher. Reducing how much time the SOC spends on email will free them up for other, critical tasks.
No Updates to MX Records When you install an SEG, you have to update your MX record to reflect that. That's an open invitation to hackers to know what security you're using, which allows them to customize their attacks. Installing email security without changing MX records keeps you safer.
Search and Destroy If you see an attack on the horizon, the best thing to do is to stop it across all mailboxes—even across all customers. Quickly searching for, and then destroying, any malicious content, is essential.
URL Rewriting Many attacks detonate post-delivery, meaning they easily get by email scanners and are only dangerous after the user clicks on the link. URL rewriting, along with time-of-click analysis, allows the security solution to analyze links and block them, as necessary.
DLP Sensitive data leaking out of the organization can have serious regulatory and financial implications. A SmartDLP program, one that scans emails and files for sensitive information, stops data leakage automatically and generates actionable alerts, can easily prevent large-scale issues.
Integrated Email Encryption A strong encryption solution protects privacy and ensures compliance. Being able to have it integrated directly into the security solution is ideal. But not all can do that.
Anomaly Detection Abnormal behavior, or anomalies, are often a sign that an account is compromised. By detecting the anomaly when it happens, you can prevent widespread damage. Utilizing machine-learning that builds a profile based upon historical event information like login locations, data-transfer behavior and email message partners can help instantly identify these breaches. Any solution should make it easy for admins to receive alerts about anomalies.
Re-scans emails post delivery Recognizing that no security is perfect is a key to being more secure. That means your solution will have a layered, defense-in-depth approach. One way to do that is to re-scan emails after delivery. Utilizing a combination of AI and human experts, this re-checks the email to ensure that nothing is missed. If a malicious email is discovered, analysts can do a global block action across all customers. Further, the solution must be able to demonstrate the ability to quickly trace email analysis and actions taken by Avanan; there should also be the functionality for emails to be removed from quarantine and placed back in a user's mailbox quickly.
Customized workflow Every organization has different needs and operates in unique ways. Applying a one-size-fits-all approach to security will leave gaps. Allowing flexibility to tailor security policies to an organization's specific needs is critical.
Shadow IT Shadow IT refers to when employees work with unsanctioned software, hardware or application on company devices. Without realizing it, employees could be putting information and data at risk by using insecure services. Being able to monitor, identify and remedy insecure usage is critical. Any solution should make it easy for admins to receive Shadow IT alerts.
Unified quarantine Many customers utilize multiple layers of security. But it can be difficult to know which one has done what. A unified quarantine, a digest that includes all quarantines and actions of every layer involved in scanning the email, reduces complexity and makes reporting a breeze.
Email quarantine and purge Being able to quickly and efficiently quarantine and email or group of emails, on demand, is essential. The same applies for quickly deleting emails from a user's inbox.
Integrates with O365 encryption Default, O365 encryption can be a good solution for outgoing emails. Being able to easily integrate that into your existing solution allows for greater flexibility, increased reported and better security.
Integrates with Report as Phishing O365 allows users to report emails they suspect to be phishing, harnessing the power of end-users in the fight against malicious email. Being able to integrate that ability into your security solution centralizes data and can incorporate that information into the AI.
Incident Response as a Service SOC teams are incredibly overwhelmed these days. One way to alleviate that is to utilize an Incident Response as a Service, whereby highly-trained experts respond, often in as few as five minutes, to request to restore from quarantine. The experts will either approve or deny the request, and for malicious emails, can instantly search and destroy similar emails across all customers. If you encourage your end users to report suspicious phishing emails, you are not alone. And if you are like most, you don't have enough time or people to review all of the alerts. We found that 23% of the SOC's team time is dedicated to this task. AvananIRaaS will offload this task and review all your end user requests within an SLA of 30 minutes for each request.
Additionally,Check Point’s Incident Response Serviceshas a 24x7x365 security incident handling service with a dedicated hotline. Immediately, experts are there to help contain the threat, minimize its impact and keep your business up and running. Check Point is the only company to offer insight and remediation for several different types of threats, from malware to firewalls to data loss and botnets.
BEC/Impersonation Any cybersecurity solution needs to be able to detect and stop impersonation and Business Email Compromise (BEC) attacks. To do so, it requires internal context, including role-based, contextual analysis of previous conversations; a trusted reputation network; scanning and quarantining of internal email and files; account takeover protection beyond email.
Allow and Block ListsAny solution needs to be able to easily enable Allow or Block Lists of email senders by domain and IP.
User/Group Management Flexibility is essential. Your solution must be able to provide the functionality to apply specific policies per user or Active Directory group membership. It should also be able to bypass or turn off analysis for a particular user or group, in case of any concerns.
Custom Reporting Your email security solution should be able to create the reports you want, when you want it.
Ransomware Prevention Phishing is the number one cause of breaches; it is also the number one cause of ransomware. By preventing phishing from reaching the inbox, you will stop the majority of ransomware attacks. Adding on advanced malware protection will snuff it out entirely.
Believe it or not, not every solution provides 24/7 support. We've been doing this since day one. With support locations around the world, as well as 800 professionals there for every need, no email security company can match this dedicated network of customer support. Whenever there is an issue, or wherever you have a question, no matter when it is, someone will be able to help.
If the email security solution you're looking at doesn't meet these requirements, it may be time to look at one that does.