member sign-in
Forgot password? Create new account Close

Secure E-mail Gateway

Definition

Secure E-mail Gateway provides protection against inbound and outbound e-mail threats such as phishing, spam and malware.  It also offers content-aware data loss prevention and encryption.

User Benefits

Secure E-mail Gateway uses the following technologies in order to help organizations fight against e-mail threats:

- Anti spam filtering – minimizes the impact of spam messages for users and IT infrastructure;

- Malware filtering for e-mail traffic – minimizes the exposure to malware threats;

- Ability to detect phishing emails – minimizes the risk of disclosure confidential information;

- Content-aware data loss prevention – minimizes the risk of disclosure confidential information and fulfills compliance regulations;

- Encryption – protects confidential data.

Business Impact

E-mail is one of the top five attack vectors faced by midsize business. Protecting your e-mail systems (and employees who depend on e-mail) should be part of a total security solution that also addresses the other critical vectors you must defend: the web, systems, networks, and data. But whether you address all five areas in a unified approach or concentrate on strengthening your e-mail protection, a Secure Email Gatewayis a mandatory solution to be considered in a security strategy for any organization.

E-mail is an indispensible tool for businesses today, but it’s also a favorite vehicle for spammers and cybercriminals. Not only does spam drain productivity, it can also lure employees to visit inappropriate or malicious websites, putting both the company and the user at risk. Around 90% from the total number of email that hits the gateway is spam. Spam has a great impact on the IT infrastructure because usually contains viruses and other malware, and also because useless inbound traffic.

Unfiltered outbound e-mail can be just as damaging. Unintentional or not, sensitive or regulated information can easily leak out of the organization via e-mail, subjecting the company to substantial regulatory or financial penalties. Your e-mail filter needs to stop all spam and e-mail-based threats, but it must also be able to scan outbound messages and ensure company policy is always enforced.

Since e-mail is considered by many organizations as a business critical tool, measures to mitigate the risks associated with the e-mail traffic have to be taken.

E-mail security technology must support a corporation’s compliance needs regarding email content.

Specific compliance requirements vary from organization to organization, but many industries have to be compliant with major standards as Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act (SOX), and the Gramm-Leach-Bliley Act (GLBA).

A Secure E-mail Gateway provides protection, cost reduction, increase productivity and helps organizations to be compliant with standard regulations.


Products supporting this technology

Forcepoint McAfee Zscaler

Secure E-mail Gateway technology empowers businesses, enabling them to:

  • Push back all inbound threats—Identify and block spam; protect against viruses, malware, phishing, directory harvest, denial of service, and zero-hour threats;
  • Protect investments—Prevent malicious threats from damaging e-mail servers or infecting systems;
  • Stop outbound data loss and stay compliant with regulation and standards—Inspect incoming and outgoing e-mail traffic for sensitive or regulated data;
  • Improve efficiency—Maintain employee productivity and reduce wasted e-mail server storage by blocking messages that contain specific words in the subject line, body, or attachments;
  • Stay ahead of threats— Many modern solution take advantage of cloud computing system that analyze a great amount of messages for new patterns of spam and new malware attacks.

As a minimum requirement, a Secure E-mail Gateway must include:

  • Anti-virus from one of the top tier anti-virus vendors;
  • Multiple detection techniques, including deep content analysis and reputation. Signature detection and at least one additional technique should be included.
  • Both inbound and outbound e-mail content inspection should be included
  • TLS as a minimum encryption option
  • Possibility to create policies based on sender/recipient domains and attachment type/size should
  • At minimum administrator and read-only or auditor roles should be supported
  • The solution should support multiple policies based on user groups
  • Solutions should support both on-box reporting and off-box reporting for longer term storage of data.
  • Individual quarantines should be accessible by users without administrator assistance
  • DLP capabilities to stop the loss of sensitive information via email at the gateway level.
  • The solution at minimum should provide alerts to system-related events such as failures or resource thresholds. Additionally, the solution should include alerting capabilities for policy violations and user-related activities
  • manufacturer
  • Messages/Hour
  • more