Email is typically the channel through which ransomware and malware are unleashed upon the enterprise. Phishing scams use it to compromise networks. Executives are conned by fake emails into sending funds to the wrong places – or worse, giving up their privileged credentials. Employees are duped into clicking on malicious email attachments and links.
A recent HP Wolf Security report found that email now accounts for 89% of all malware. The good news in that is that web and browser security are improving. The bad news is that email security is not.
That makes employee training a critically important defense – see our picks for the best employee cybersecurity awareness training tools.
What is a Secure Email Gateway?
Another critically important line of defense is a secure email gateway – and not surprisingly, analysts forecast double-digit growth for the secure email gateway market for years to come.
These gateways are either devices or software that monitor emails being sent and received. They spot unwanted traffic such as spam, phishing expeditions, malware, and scams.
Generally speaking, secure email gateways are a specialized form of email server that filters incoming and outgoing traffic. In some cases, in-depth analysis is done on outgoing messages to detect and block the transmission of sensitive data. Some gateways are hardware appliances or servers, some are software-based or virtual appliances, and others are cloud services.
Regardless of the mode of deployment, email gateways protect organizations against malware and ransomware by providing robust scanning layers to identify and reject emails that contain malicious payloads delivered either by URLs or attachments. Heuristics and behavioral analysis are often applied to enhance detection capabilities if no file signature is present. Files found to be containing malware are held and suspicious files can be passed to a cloud-based sandbox for full detonation.
Key Features of Secure Email Gateways
A good email gateway will contain most of the following features:
- Identify and filter spam, viruses, phishing and malware from URLs or attachments
- Scan inbound, outbound and internal emails
- Look for authentication checks such as SPF, DKIM and DMARC to counter domain and sender spoofing.
- Protection regardless of email service platform (Microsoft 365, Exchange on-premises, Google, or hybrid)
- Provide IT and security teams with an easy way to manage quarantine queues, rejection queues, message tracking, and metadata to make informed decisions when investigating incidents
- As ransomware can shut down operations, the gateway should provide archiving and recovery protection in case email servers are affected
Buying Tips for Secure Email Gateways
There are several issues to consider when selecting a secure email gateway. These include:
- Whether deployment should be in the cloud or on-premises
- Effectiveness of any proposed product in detecting spam and malware
- Some companies have their own dedicated threat intelligence tools; others lacking such tools may wish to consider a secure email gateway tool that includes threat intelligence features
- Some products focus only on inbound traffic; others include both inbound and outbound
- Integration with other security tools is important: Those invested in a specific platform such as Azure, Google, Amazon, Dell-EMC, or Cisco, for example, are advised to favor products that most closely align with those platforms.
The Best Secure Email Gateways
eSecurity Planet editors reviewed a number of secure email gateway tools for a variety of use cases in arriving at this list. Here are our picks for the secure email gateways that stood out from the pack.
Perception Point is a Prevention-as-a-Service company, offering interception of any content-borne attack across email and additional cloud collaboration channels, such as cloud storage, cloud apps, messaging platforms and API. The service prevents phishing, BEC, ATO, spam, malware, zero-days, and N-days before they reach enterprise users.
Perception Point’s key features
- The cloud-native solution identifies and intercepts any content-borne cyber-attack entering the organization through any cloud channel and is run on all files, URLs, and free text
- Average scan time of 10 seconds
- Low false positive rates due to 7-layer platform, which includes anti-phishing engines, prevention of file-based attacks, BEC (business email compromise) capabilities to prevent text-based impersonation
- Its Hardware-Assisted Platform (HAP) is a sandbox with a scanning engine
- Zero-day prevention using CPU-level data
- Anti-evasion engines to uncover any attempt to hide or conceal malicious intent, including algorithms and architecture that allow scanning of all content in various forms and methods to ensure that the malicious intent is discovered
- Cross-channel protection including cloud storage, collaboration apps, in-house APIs
- The company’s Incident Response team is designed into the service at no extra charge
Proofpoint stops attacks such as credential phishing, BEC, email account compromise (EAC), and multi-stage malware. Its multi-layered threat detection continuously learns from threats analyzed. That’s billions of emails and thousands of malware samples per day and millions of cloud accounts.
Proofpoint’s key features
- Proofpoint Attack Index reveals Very Attacked People (VAPs) to help you assess and mitigate your risk
- The Proofpoint Attack Index is a weighted composite score of threats based on volume, type, level of targeting, and attacker sophistication
- Automatically removes unsafe emails from inboxes, such as emails with a URL that is weaponized after delivery
- The company earns a customer satisfaction rate of more than 95% and a yearly renewal rate of more than 90%
- Customers include more than half of the Fortune 100, top banks, global retailers, and research universities
- Cloud-based platform
The Barracuda Email Security Gateway manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. It is equipped with Barracuda Advanced Threat Protection (ATP), which combines behavioral, heuristic, and sandboxing technologies to protect against zero hour and targeted attacks.
Barracuda’s key features
- Lets organizations encrypt messages and leverage the cloud to spool email if mail servers become unavailable
- Available as a hardware appliance, virtual appliance or SaaS
- ATP automatically scans email attachments in real-time; suspicious attachments are detonated in a sandbox environment to observe behavior
- In addition to blocking the attachment, the results are integrated into the Barracuda Real Time Intelligence System, providing protection for all other customers
- ATP and Real Time Intelligence System are updated with the latest threat data, including email, network, and web-threat data
- Integrated with a web-based management portal, allowing organizations to centrally manage all their devices through a single interface
- Gateway defense is augmented by AI-based inbox defense to protect organizations against all 13 email threat types
Mimecast uses multi-layered detection engines to identify and neutralize threats, stopping malware, spam and targeted attacks before they reach the network. Administrators have granular control to establish data security protection policies globally, with the ability to make changes easily and apply them in real-time throughout the organization. In addition to ransomware protection, it can defend against malware, spam, and targeted attacks like CEO fraud, spear phishing email threats and advanced persistent threats.
Mimecast’s key features
- The Mimecast Email Security service is delivered as a single cloud solution with all functions integrated and engineered to work together
- Includes a secure email gateway with data leak protection & content control and targeted threat protection, which includes URL, attachment, impersonation, and internal email protection
- Capabilities, such as email continuity, sync & recover, large file send, secure messaging, and awareness training can be incorporated to provide expanded protection
- Services such as DMARC and Brand Exploit Protection protect against brand and domain reputation
- 100% email uptime SLA
- Point-in-time backup and recovery of contacts, email, calendars and files
- Low impact on daily operational process but high on configurability
- Fast onboarding of the service – no hardware, updates, maintenance
- An open API incorporates Mimecast into the broader ecosystem
- Mimecast sees over five billion business emails every day and adapts based on a vast amount of data for threat, virus and spam intelligence
The Secure Email Gateway from Clearswift by HelpSystems has a set of hygiene features to protect against cyberattacks. It integrates data loss prevention functionality to minimize the risk of data breaches. The Clearswift solution incorporates inbound threat protection (Avira, Sophos or Kaspersky antivirus), an optional sandbox feature, data loss prevention technology to remove threats from messages and files, a multi-layer spam defence mechanism (including SPF, DKIM, DMARC), multiple encryption options, and advanced content filtering features.
Clearswift’s key features
- Deep content inspection in real time to remove cyber threat or sensitive data from an email message or attachment
- Data redaction permits the automatic modification of messages and attachments, replacing keywords and phrases with asterisks “*”. Redaction of text in images is also available through optical character recognition (OCR). In this case the redacted text is “black-boxed” from the image (rather than a separate object being overlayed) to ensure it cannot be recovered.
- Data redaction can be applied to both incoming and outgoing emails.
- Document sanitization automatically removes document properties such as author, subject, status, etc. and change tracking comments.
- File data, such as data classification labels, can be excluded from the sanitization process.
- Ensures that hidden data cannot be exfiltrated and hidden malware cannot enter the organization.
Avanan, a Check Point company, catches attacks using invisible, multi-layer security for cloud collaboration solutions such as Office 365, G-Suite, and Slack.
Avanan’s key features
- The platform deploys in one click via API to prevent BEC and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise
- Replaces the need for multiple tools to secure a cloud collaboration suite
- Multi-vendor, open platform solution with customized protection from preconfigured components selected from security providers
- In-line scanning
- Learns from attacks other technologies miss
- Blocks attacks that evade traditional scans before they reach the inbox
- Artificial Intelligence (AI) learns from relationships between employees, historical emails, and communication patterns to build a custom threat profile that blocks attacks specific to each organization
- No change to MX records means that it is impossible for hackers to see if an organization is using Avanan to secure their cloud
- Maps the user, file, and permission conditions of each cloud into a single threat management interface
FortiMail delivers multi-layered protection against the spectrum of email-borne threats. Powered by FortiGuard Labs threat intelligence and integrated into the Fortinet Security Fabric, FortiMail helps organizations prevent, detect, and respond to email-based threats, including spam, phishing, malware, zero-day threats, impersonation, and Business Email Compromise (BEC) attacks.
Fortinet’s key features
- Anti-spam and anti-malware complemented by techniques like outbreak protection, content disarming and reconstruction, sandbox analysis, impersonation detection to stop unwanted bulk email, phishing, ransomware, business email compromise, and targeted attacks
- FortiMail earned a AAA rating from SE Labs and a 99.78% Spam Capture Rate from Virus Bulletin
- Integration with Fortinet products as well as third-party components
- Complementary email security protection for Microsoft 365 environments through API-level integration
- Checks include IP, domain, sender, SPF, DKIM, DMARC and geographical restrictions
- Identify and block 99.7% of spam in real-world conditions
- Integrated data loss prevention and email encryption
TitanHQ’s SpamTitan and WebTitan address email and DNS filtering for the SMB and MSP market. They offer multiple integration options via APIs, policy controls, a reporting suite, and web protection.
TitanHQ’s key features
- Identifies more than 100,000 new malware sites every day via a threat intelligence database of 650 million users
- Used by more than 12,000 businesses and 2,750 MSPs
- Blocks malware, ransomware, viruses, and phishing
- Real time threat updating
- Blocks 99.9% of malware and spam
- Sandboxing protection
- Can archive and search emails rapidly
- Legally compliant with Sarbanes Oxley, HIPPA, GDPR, and other regulatory standards
Further reading: How to Set Up and Implement DMARC Email Security