Even when a small company suffers a data breach, it can be the subject of viral news stories because protecting sensitive and confidential information is considered an essential task for all businesses. As a result, the need for security professionals continues to outpace the number of qualified candidates. With email services being one of the more specialized fields of IT security, a large number of businesses are turning towards email security services to assist them with this need. Finding the right partner isn’t always easy, but asking the right questions will help evaluating email security services go much easier.
What technologies do you use to guard against malicious emails?
If you have a conversation with three different email security companies, the odds are good that you will hear about three different technologies that are going to best protect your email systems. The problem is that some of these vendors are relying on older technologies, like Bayesian filtering, to identify malicious emails. Others don’t employ technologies such as DMARC, SPF or DKIM to help protect against inbound and outbound email address spoofing. In addition to these three technologies your, vendor’s offering should include:
- Zero-hour anti-virus protection
- STMP challenge/response
- Real-time message scanning
- The ability to block email attachments using S/MIME
Together, these technologies keep end users protected.
Do you engage the end-users?
Passive security measures no longer work: users have been taught to report all suspicious activity they see, and your email security company leverages that tendency. Your email security solution should, at a minimum, allow end-users to whitelist and blacklist emails they know are legitimate or harmful. Products that go even further to leverage input from the users and their contact lists will help reduce false positives and help the right people know where there is a possible threat. Engaging end users reinforces the message that good email security is everyone’s job.
Do you employ technologies that challenge email senders?
Instead of exclusively looking at email content, good email security companies also look at context in the form of email senders. This breaks out in two ways:
Delaying Email Receipt
Spammers and phishers employ armies of compromised computers to send hundreds of thousands of harmful emails to the addresses on the lists they harvest. Generally, when a server sends an email it receives a reply that the message was successfully delivered. If the response is not sent, the server will try again. Since computers sending illegitimate emails are sending so many messages, this process would slow things down so if they don’t receive notification of a successful delivery, they just move along to the next address on the list.
When this technique, your email security system delays the delivery of an email just long enough to make the sending server question the success of the delivery and resend the message. When that message is resent, your security solution trusts that the sender is a legitimate email system and delivers the message.
Sender Address Verification
Another form of challenge/response is sender address verification. This technique actually sends a message to the original sender asking them to click a link or a button to verify that they did in fact send an email. While this may seem a bit burdensome, it also helps protect against compromised or spoofed emails.
How do you protect against malware delivered via email?
It is highly unlikely that you will find an email security company that does not have some type of anti-virus technology built into their email security system. Many vendors even partner up with well-known anti-virus companies and rely on their engines to help spot malware being delivered via email. However any true security expert will tell you that anti-virus protection often gives people a false sense of security. They think that since they are running this software, their computers are impenetrable.
Providing anti-virus software is just the beginning. The right email security company will also make sure that the virus definition are constantly being updated so that your systems are protected against even the newest forms of malware. You should also look for a solution that will block attachments containing certain file types. Not only this, but make sure they block these file types based on the S/MIME content in the message header. It is far too easy for an attacker to change the file extension on an attachment to trick a less sophisticated security solution.
How do you reduce false positives?
Legitimate emails that are identified as spam are known as false positives and can cause enormous problems for companies who miss out on important emails because something was accidentally sent to the junk mail folder. Any email security companies you work with should take care not to be too aggressive in how they block incoming email, as is often the case for solutions that rely solely on whitelisting and blacklisting. Instead, look for a company that gathers input from other systems within your organization that collect and store legitimate email addresses as well as your end-users. By knowing which email addresses are legitimate, you greatly reduce the risk that an important message will be flagged as spam.
Finding the right email security company is all about asking the right questions and making sure that the vendor supplies you with complete answers. If they are unsure about a question you are asking, make sure to get one of their sales engineers on the call as well as they will have a bit more technical knowledge than your sales representative.
Not all email security companies are alike. Check out how Sendio’s Opt-Inbox and Email Security Gateway solutions compare to other security products and request a demo to see just how easy protecting the inbox can be.
