There are a vast number of names and descriptions for a rapidly growing number of add-on services generically known as "Email Security" that are used interchangeably across vendors and marketing campaigns. These include:
- email security
- email security gateway
- spam and virus firewall
- email spam firewall
- spam filter
- web security gateway
- spam fighter
What do these products and services claim to do?
These products are marketed primarily to those who have a spam and phishing email problem. In other words: everyone. They are either cloud-based, meaning they are not a physical device but rather a service we'd log into that's hosted somewhere else. These kinds require a monthly or yearly-based subscription fee. They can also be physical devices called 'appliances' that are either rented or purchased outright, intended to be attached to your network or email server to assist with additional protection, filtering out phishing and other malicious types of email messages.
In either case, the additional service/device requires someone to configure, manage, and maintain it, including keeping it up-to-date with the latest malware and phishing attempt lists, patched with security updates, and as securely configured as possible or else it becomes additional risk and liability, like attaching any additional service or device to our private network does.
The list of these are long and include both open source and proprietary versions:
Here are some common open source choices:
- e.f.a. email filter appliance
- Open AS Communication Gateway
- Spam Assassin
Some of the more common proprietary versions include:
- Barracuda Email Security Gateway
- Cisco Email Security
- Office 365 Advanced Threat Protection
- Sophos Email Appliance
- Forcepoint (Raytheon)
Of course, there are dozens upon dozens more. Each is available in a version that will work with your existing system, regardless of what you're currently using, even custom solutions in AWS and Azure. Each of these is willing to claim they can offer "additional email security" on top of your existing setup for a premium.
Do they work? To a degree, some are successful in offering at the very least some peace of mind.
What do they do?
Most of these service offerings and devices are what we call "black box solutions" meaning we don't know exactly how they work, we just set them up and go forward with them. Some others can be more fully managed, which still means more time and attention, but what they do and how they do it is more clear to whoever is administrating it.
Spam is remarkably rare these days. Very little of it gets through our email servers and services. What's pesky, though, are the more malicious emails that are insidiously engineered to get us to click on something nasty, like phishing and spear-phishing attacks that target an organization's leadership and decision-makers, trying to get them to engage in bogus activities that can lead to wire fraud and other loss-inducing behaviors that are getting easier and easier to fall for.
While many technology-type folks would love to sell us on these additional services, the truth is each offering is more a mental peace of mind than something that is usually worth all the effort and expense. All the cloud-based email service providers are already doing all the same things these services and products are offering to do, including heuristic analysis, checking inbound messages against known malicious IP and domain address lists, reverse DNS lookups, scanning for known malware, checking for spoofing attempts, and in some cases, verifying SPF, DKIM, and DMARC configurations intended to reduce these and more attempts to impersonate our own email addresses and otherwise trick us into falling for some nefarious attempt or another.
Why doesn't any of it work 100% of the time?
Malware, and the phishing and spear-phishing methods criminals are using to deliver it, are changing fast enough to slip through all of these protections some or even most of the time. This is a situation where more technology isn't much help.
The only solution we've ever seen solve for this 100% of the time is regular awareness training that ensures you and your team has the latest information on the latest trends and some friendly tools and strategies to help minimize their chances of becoming the next victim.
Even if you choose to subscribe to any of the above product offerings, you will still need to stay sharp. Something is always going to get through and there is no better guard against trickery than our good, old-fashioned common sense. The machines can't do all the thinking for us, just yet. Stay sharp out there!