spamina recognized in the market guide for secure email ... · pdf filespamina recognized in...
TRANSCRIPT
Welcome
SPAMINASolutions
ResearchfromGartner:MarketGuideforSecureEmailGateways
AboutSPAMINA
Issue32
3
7
15
SpaminarecognizedintheMarketGuideforSecureEmailGateways
2
Welcome
Today’scompaniescommunicationischangingdramatically.Theemailisstillgloballyrecognizedasthemainchannelforcompaniestocommunicate,butnewwaysofmessagingarealsoenteringthisfield.ConsumerInstantMessagingproducts,suchasWhatsApporTelegram,areexpandingtheirpresenceinenterprisesandDPOs,CTOs,CIOsorCISOsarefacingseriousissuestokeepcorporatecommunicationmalware-free,legallycompliantandfullyundercontrol.Emailisthemostcommonlyusedchannelforopportunisticandtargetedattacks,andthisphenomenonisalsoemergingintheInstantMessagingcommunications.
InSpaminawestrivetoprovideaholisticapproachtosecuremessagingthatincludesbothgatewayand
collaborationproductsondesktopandmobile.Wefocusonthreemainareas:ThreatPrevention;InformationProtection,Archive&Compliance;andSecureCollaboration.
TherecentlyaddedAdvancedThreatProtectionproduct(ATP)bolstersdefenseagainsttargetedattacksandadvancedthreats,andincludesfileaswellasURLsandboxing,forbothemailandInstantMessaging.OurvisionandstrongtechnologyinsecuringdigitalcommunicationhasbeenrecognizedbyGartnerinthe2017MarketGuideforSecureEmailGatewayreport.
WhatarethebenefitsthatSpaminaprovidestocompanies?
• HighprotectionagainstadvancedandtargetedthreatsforemailandInstantMessaging.
• Holisticviewforasecureenterprisemessaging.
• Mobilityandend-userusability(includingmobileappandtheSpaminaOutlookAdd-In).
• Flexiblemultitenantplatformwithaunifiedmanagementinterfaceforadmins.
• EU-basedcompanyundertheEUdataprotectionlaws.
Enjoyreading,Enrico RagginiPresident&CEOSpamina
More information:
[email protected]+34913687733
Follow us:
3
SPAMINASolutions
Spaminahasdevelopedsecuritysolutionstoprovidecompanieswithsecuredigitalcommunications,suchasParla,thesecurecloudemailandParlaMI,secureinstantmessagingforbusiness,pluseffectiveprotectionagainstemergingandAdvanced Persistent Threats(APTs)andadditionalsecuritylayers:emailgatewaysecurity,emailarchiving,encryptionanddatalostprevention.
Oursolutionsarefullyintegratedinone single console to manageandcontrolfortheemail,instantmessaging,gatewaysecurity,calendar&collaboration,mobilepoliciesenforcement,datalostpreventionandlegalcompliance.Allthesetoolscanthereforebehandledavoidingoverlappingandscreenswitchover.
Spamina’ssecurityservicesprovideseamlessintegrationwithotherindustryemailservicessuchasMicrosoftOffice365TMorGSuite(byGoogle)andonpremiseemailhostinhservices.
Parla – Secure Cloud Email
Corporateemail,instantmessagingcollaborationwithinasafeenvironment
Key benefits of Parla:
• Emailoutsourcingplatformwithabest-of-breedsecuresolutionmakespossibletoreduce the financial impactofreceivingspamandmalwarewhileenablingatotaloptimizationofemail-relatedtechnologyinfrastructures.
• Scale IT infrastructureneedsascompanygrows.
• Antispamandadvanced threats filteringfeaturesarefullyintegratedintheParlaplatform.
• Webmailaccessensuresemail availabilityintheeventofserveroutage.
• EncryptedEnterpriseInstantMessagingandvideoconferencecallintegrated.
• Secure Instant Messaging,ParlaMI,integrated.
• Mobile Device Management:EmbraceBringYourOwnDevice(BYOD)withthepeaceofmindofensuringemployeesstayproductiveanddonotbreachcorporatepolicies.
• Outlook Plugin(2007,2010,2013,2016).
· ParlaisanalternativeforcompaniesconcersoverjurisdictionandconfidentialitythatarelookingforNonUSAemailserviceproviders.
· IntegrationwithCloudEmailEncryption&DLPandCloudEmailArchivingmodulesfordataprivacyandlegalcompliance
4
Main reasons for choosing ParlaMI, Enterprise Instant Messaging:
• Permanentlyeliminateconsumer-basedinstantmessagingapplicationsfromyourcorporatedevices.
• Protect your conversationsfromanynetworkthreatordataleakage.
• Helpmanagerstomonitorthecompany’sactivity.
• Theencryptedengineensurethatconfidentialityisnotcompromised.
• Canbecombinedwitharchiving,dataleakpreventionandantimalwareadd-ons.
• AppavailableforIOS and Androidforbothtabletandsmartphone.
• AccessiblefromSpamina’sOutlook pluginandwebmail.
Top features of Cloud Email Firewall:
• ProtectionagainstthelatestgenerationofAPTssuchasspearphishingattacksandransomware.
• Minimizeexposuretozero-day threats.
• Prevent your mail servicefrombeingblacklisted.Cloud Email Firewallwillavoidmostjunkemailtobesentfromyouremailservice,preventingyourdomainfrombeingblacklisted.
• Spooling:incaseofuser’smailserviceoutage,emailsarekeptforupto4daysuntiltheconnectionisrestored.Italsopreventsinboundemailstobebouncedbacktothesenderwithanon-deliverymessage.
• Email backup:Spaminakeepscopiesofallmessages,bothlegitimateandspam,forupto5days.Thisenablesrecoveringmessageswhentheyareaccidentallydeletedbyusers,ortomovethemtotheinboxmessagesthatinitiallyweremarkedasspam.
• Emergency webmail:accessyourinboxanytime,anywhereandfromanydeviceincaseofemailserviceoutage.
ParlaMI – Enterprise Instant Messaging
Secureandconfidentialbusinessconversationsfromanydevice
Cloud Email Firewall
Effectiveemailfilteringandbusinesscontinuitysolution
5
Top features of Cloud Email Archiving:
• Seamless data discoveryenabledbypowerfulsearchingengine.Multiplesearchcriterion,includingattacheddocuments.
• CloudEmailArchivingprovideswithaninterfaceformanagingsimultaneouslybothemail and instant messaging.
• Userscanselectivelydownloadmailmessagesindifferentformats,preventingvendorlock-in.
• Audit and control resources:gettoknowwho,when,whatdidtheuserlookfororwhatdidtheuserdownload.
• Spamina’swebinterfaceandOutlook pluginenablesthearchivetobeaccessedanytime,anywhere.
• Intuitiveandfriendlyinterfaceaccesstocorporateemailarchiving,withSpaminaApp
Cloud Email Archiving
Keepcorporateemailarchived,immutableandalwaysavailableforlegalcompliantrequirementsandforbothinternalandexternalaudits
SpaminaATPsolutionisan additional malware protection layerthatsitsoftopoftheSpamina’santispamandantimalwarestack.
Spamina ATP incorporates the following technologies:
• AdvancedPremiumAntivirusEngine
• File&URLSandboxingAnalysis
TheserviceisfullyintegratedintotheSpaminaadministrationpanel,providingITmanagerswithfullconfigurationcontrolandauditing,aswellasreportingandservicestatus(dashboard).Likewise,usersarepromptlynotifiedwhenreceivedemailsaresubmittedforanalysis,andwhenclickingonURLlinksthataredeemedpotentiallydangerous.
SpaminaATPisanadd-inforCloudEmailFirewallandParlaMailbox.
Itincludesgranularsubscriptionsothatacustomermayhavetheservicefor,thewholecompany(alldomainsandusers),specificdomainsorindividualusers.
Advanced Threat Protection
EffectiveprotectionagainstemergingandAdvancedPersistentThreats(APTs)
6
Enhance your email security with Spamina:
• Outbound mail filteringpreventsIPblacklistingensuringthereputationofthecustomer’semailserviceandasolidperformance.
• Providesbusiness continuityintheeventofanO365platformoutage.
• CloudEmailFirewallenablesgranular managementatdifferentlevels(company-wide,domainandend-user).
• CloudEmailArchivingprovideswithupto10yearsofemailretention,legal uphold by turning email immutable.
• CloudEmailEncryption&DLPprovidesadministratorswithapowerfulpolicyengineenablingeffortless email encryption.
• Resellerswillbeabletobetterengagetheircustomerswithabroader portfoliowhileextendingO365security.
Source:Spamina
Spamina for Office O365
Spamina’sOutlookintegrationtakesyourcorporatesecuritytothenextlevel
Main reasons for choosing Cloud Email Encryption & DLP implementation:
• Protectcorporatedigitalassetsfrompreyingeyes.
• Preventsecuritybreachesofcorporatesensitiveinformation.
• Comply with data protectionregulations.
• Writingandreplyingtomessagesensuringend-to-end protected communications. Easy and effortless access to encrypted email.
• EmpoweryouITdepartmentbyenablingthedetectionofsecuritybreachesaccordingtoyourpolicies.Prevent data leakage (DLP)andensureemailsareexchangeconfidentiallyexchanged.
• UsersofCloudEmailEncryptioncannowsendandreceivedencryptedemailsfromanywherewithSpaminaApp.
Cloud Email Encryption & DLP
Ensureemailprivacyandpreventemaildataleakage
7
MarketGuideforSecureEmailGateways
Market Definition
Emailisthemostcommonlyusedchannelforbothopportunisticandtargetedattacks,aswellasasignificantpointofegressforsensitivecontent.Assuch,securityandriskmanagementleaderscontinuetorelyonthesecureemailgateway(SEG)asacriticalcomponentoftheirsecuritystrategyinanevolvingthreatenvironment.Theseproductsareexpectedtoprovideaversatileandbroadrangeofcapabilitiesthat,atminimum,shouldincludethefollowing(alsoseeFigure1):
• Amessagetransferagent(MTA)thatincludessecurityfunctionalitytoconformwiththelatestpublishedstandards
• Anti-spamandsignature-basedanti-malware
• Marketingandgraymailclassification,andpersonalizedcontrolsformanagementofthesetypesofmessages
• Networksandboxingand/orcontentdisarmandreconstruction(CDR)foradvanced,attachment-basedthreatdefense
• Rewritingandtime-of-clickanalysisforadvanced,URL-basedthreatdefense
• Contextinspection,displaynamespoof,cousindomainandanomalydetectionforadvanced,impostor-basedthreatdefense
• Datalossprevention(DLP)andemailencryption(pull/pushmethodsbeyondTransportLayerSecurity[TLS])foroutboundcontenttosatisfycorporateandregulatorypolicyrequirements
• Cloud-baseddelivery
Someproductsmayalsoofferemailcontinuityandarchiving,aswellason-premisesandhybriddeliverymodelarchitectures.
Market Direction
TheSEGmarketisbothhighlysaturatedandverymature.Marketgrowthhasleveledofftolowsingledigitsanddifferentiationbetweenvendorsboilsdowntojustafewcriteria.Additionally,
Capabilitiestodefendagainstanevolvinglandscapeofadvancedandtargetedthreatsdifferentiateprovidersinanotherwisematureandsaturatedsecureemailgatewaymarket.SecurityandriskmanagementleadersshouldusethisresearchtohelpevaluateandselectSEGproducts.
Key Findings
• Advancedthreats(suchasransomwareandbusinessemailcompromise)areeasilybypassingthesignature-basedandreputation-basedpreventionmechanismsthatasecureemailgateway(SEG)hastraditionallyused.
• Thirty-fivepercentofclientorganizationsthatmovetoOffice365aresupplementingtheoffering’snativelyavailableemailsecuritycapabilitieswithathird-partyproduct.
• Sixty-fivepercentoforganizationshavealreadychosenacloud-baseddeliverymodelfortheirSEG,and95%ofnewandtransitioningbuyersarechoosingcloud-baseddelivery.
Recommendations
Securityandriskmanagementleadersoverseeingnetworkandgatewaysecurityshould:
• ScrutinizeSEGproductcapabilitiesforadvancedthreatdefenseandpostdeliveryprotection,becausethesearetheleadingdifferentiatorsandmostimportantselectioncriteria.
• Consolidateinfrastructurethathasbeenaccumulatedovertheyears,andevaluateleadingproductsthatcansatisfyfuturebusinessneeds,includingDLPandemailencryption.Cloud-deliveredproductscansignificantlyreducecostandcomplexitycomparedtoon-premisesproducts,andshouldbeconsideredbyallbuyers.
• Supplementgaps(ifreplacementisnotanoption)intheadvancedthreatdefensecapabilitiesofanincumbentSEGbyaddingaspecializedproductthatistailoredforthispurpose.
Research from Gartner:
8
thereisalowpercentageofrevenuefromnewbuyers,alownumberofnewentrantstomarket,andalowlevelofvendorconsolidation.1Nevertheless,SEGsarestillofkeeninteresttoGartnerclientsasacriticalprotectiontechnology.Asaresultofthesedynamics,GartnerhasreplacedtheMagicQuadrantforSecureEmailGatewayswiththisMarketGuidetoprovidecontinuedcoverageusingaresearchmethodologythatisbettersuitedforthismarket.
Adjusting to the Shift in Threat LandscapeOneoftheprimarycriteriafordifferentiationamongSEGsisthecapabilitytodefendagainstadvancedandtargetedthreats.Whilethecorecapabilitiesofanti-spamandsignature-basedanti-malwaremayhavebeensufficientinthepast,thethreatlandscapehasshiftedtomoretargetedattacksbyhackerswithincreasingsophisticationandnation-stateconnections,andthosemotivatedbymonetizedcyberintrusions.Multivectorattacksusingevasionthroughencryptionandanti-forensicstechniqueshavebecomeprevalent.ThebaselinecapabilitiesofanSEGhave,therefore,expandedtoincludedefense
againstthreeprimarycategoriesofadvancedthreatsviaemail:
• Attachment-based(suchaspolymorphicmalwareandexploitsembeddedinMicrosoftOffice,andPDFandcompressedarchivefiles)
• URL-based,wheretheexploitisdeliveredbyawebserver
• Impostor-based(suchasbusinessemailcompromise[BEC]attacks,whichtypicallyinvolvemessagesthatdon’thaveanyURLsorattachments,butratherusesocialengineeringtoconvincethehumanrecipienttotakeaspecificaction,suchasmakinganoutboundwiretransfer,payingafakeinvoiceordisclosingsensitivedata)
Improvingprotectionfordrive-bydownloadattacksandadeclineinexploitkitactivitywilllikelyleadtoemailbeingmoreheavilyleveragedforattacks.2Mostmultiproductvendorsinthismarket,distractedbyotherproductsinabroaderportfolio,hadalloweddevelopmentoftheir
MTA=messagetransferagent;CDR=contentdisarmandreconstructionSource:Gartner(May2017)
FIGURE 1SecureEmailGatewayComponentsandCapabilities
Secure Email Gateway
Continuity
Archiving
Email Encryption
Data Loss Prevention
Advanced Threat DefenseNetwork sandboxing/CDRURL rewriting and time-of-click analysisContext inspection, spoof and anomaly detection
MTA/anti-spam/signature-based anti-malware
Anti-spam
File type blacklist/whitelist
Signature-basedanti-malware
Network sandbox
Context inspection, spoof and anomaly
detection
Advanced ThreatsAttachment-basedURL-basedImpostor-based
Legitimate, Spam and Malware
Outboundmessages
Inbound Messages
Legitimate messageswith rewritten URLs, where applicable
© 2017 Gartner, Inc.
9
SEGstowane.Asthethreatlandscapeshifted,theywerecaughtflatfootedandscrambledtoiteratetheirproducts.Incontrast,vendorsthatcontinuedtoinvestintheirSEGproductsallalongwereabletousethisasacompetitiveadvantage.Thiscapabilitiesgapintheareaofadvancedthreatdefensealsocreatesaslimopportunityforemergingplayerstocompeteaswell.Thiswillbeanarearequiringsignificantinvestmentforanyvendorthatwantstobecomeorremaincompetitiveinthismarket.
The Impact of Mainstream Cloud Office AdoptionEnterpriseadoptionofcloudofficesystems—forwhichcloudemailisakeysellingpoint—isnowmainstream(seeNote1).Gartnerpredictsthat,by2021,morethan70%ofbusinessuserswillbesubstantiallyprovisionedwithcloudofficecapabilities.ThemaincloudofficesystemsGartnerclientsaskaboutareMicrosoftOffice365,followedbyGoogleGSuite.Theplanningstagesofacloudofficeinitiativeoftenbecomeacatalystfororganizationstore-evaluateeveryproductintheemailchainagainstthenativecapabilitiesthesecloudofficevendorsclaimtoprovide.
MicrosoftOffice365includesExchangeOnlineProtection(EOP)withallplans.EOPisananti-spamandsignature-basedanti-malwareservice.MicrosoftalsooffersAdvancedThreatProtection(ATP)toaddressadvancedattachmentandURL-basedthreats.ATPisincludedinsomepricingplansandavailableforothersasanextracostoption.Furthermore,DLPandemailencryptionareavailableinsomepricingplanstoenableanorganizationtomonitor,encryptorblockmessagesbasedonpolicy.
However,GartnerclientshavefoundtheemailsecuritycapabilitiesofOffice365tobelaggingcomparedtootherSEGmarketleaders.Asaresult,35%ofclientorganizationsthatmovetoOffice365aresupplementingitsnativelyavailableemailsecuritycapabilitieswithathird-partyproduct.ImprovingthesecapabilitiesisapriorityforMicrosoft.Indoingso,Microsoftbecomesathreattoless-focusedSEGvendorsinthismarket.
GoogleGSuitenativelyprovidesanti-spam,signature-basedanti-malware,andabasicDLPcapabilityinGmailforinboundandoutboundemail.GSuitedoesnothaveadvancedthreatdefensecapabilities,althoughthisisonGoogle’sproductroadmap.
Someorganizationsarefindingthatthenativeanti-spamandsignature-basedanti-malwarecapabilitiesofcloudofficesystemsare“goodenough”andareseekingaproducttosupplementweakadvancedthreatdefense.Inthiscase,theyaren’tlookingforanSEG,butratheraspecializedproductthathasshownstrongefficacyagainstadvancedthreats,suchasransomwareorBEC(seeNote2).
Reaching the Tipping Point for Cloud DeploymentHistorically,ITorganizationshavebeenreluctanttoembracethecloudasadeliverymodelforSEGduetoconcernsaboutsecurityandcontrolcomparedtoon-premisesdeploymentoptions.AccordingtoGartner’sSecurityandRiskSurvey(seeEvidencesectionformethodology),thishaschanged—65%arenowusingcloud-basedSEGproducts.Furthermore,Gartnerclientinteractionsindicatethat95%ofnewandtransitioningbuyersarechoosingcloud-baseddelivery.Theadvantagesofthisdeploymentoption(suchasdecreasedcostandcomplexity)outweighthedrawbacks.Organizationsthathavemigratedtocloudemailandthosethatareplanningamigrationareoverwhelminglychoosingcloud-deliveredSEGs.Vendorsareabletoharnesstheprocessingpowerofacloud-deliveredSEGforbetterdefenseagainstadvancedthreats,whilealsoincorporatingproperduediligenceandnumerouscontrolattestationstosatisfymostregulatoryandprivacyconcerns.Ofcourse,someorganizationswillcontinuetokeepSEGimplementationson-premisesduetoresidualprivacy,datasovereignty,legal,integrationsupportandnetworkdesignconcerns.
Market Analysis
Differentiating CapabilitiesManyofthecapabilitiesthatanSEGisexpectedtoprovidehavebecomecommoditizedandareverysimilarbetweenvendors.Forexample,basicanti-spamiscurrentlymorethan99.7%effectiveacrossalmostallvendorsandiswithinacceptablelimitsformostorganizations.InthecontextofGartner’sadaptiveprotectionarchitectureframework,anSEGistypicallycategorizedas“preventive”sinceitisputinplacetoblockmaliciousmessagesbeforetheycanimpacttheenterprise.
Advancedthreatseasilybypassthesignature-basedpreventionmechanismsthatanSEGhastraditionallyused.Whilevendorshaveaddedadvancedthreatdefensecapabilitiestobolsterthis,organizationsshouldneverbelievethat100%preventionispossible,orbecomeoverly
10
reliantonblocking-basedmechanismsforprotection.Instead,organizationsshouldassumethattheywillbecompromisedandfocusonadditionalcapabilitiestodetectandrespondtobreaches.SeveralSEGscanprovidemoreintelligenceintosecurityoperations,analyticsandreportingplatforms.Somehavealsoaddedinteroperabilitywithotherdetection,responseandpredictivetechnologies(suchasendpointdetectionandresponse[EDR]anduserandentitybehavioranalytics[UEBA])toenablemorecomprehensiveprotection.
ThefollowingcapabilitiescanbeusedasprimarydifferentiatorsandselectioncriteriaforSEGproducts.
For attachment-based advanced threats:
Network sandbox—AnetworksandboxisusedtoinspectattachmentsandURLsthattheSEGcannotidentifyasbenignormalicioususingothermethods.Thenetworksandboxshouldcoveranextensivesetoffiletypes(includingzip,wsf,jsandmacrosthatarecommonlyusedinattacks)andembeddedURLs.Additionally,itshouldhavestronganti-evasioncapabilitiesandshouldaccuratelyidentifymalwarethatattemptstodetectthatitisbeingruninavirtualizedsandboxenvironment.
Content disarm and reconstruction (CDR)—CDRbreaksdownfilesintotheirdiscretecomponents,stripsawayanythingthatdoesn’tconformtothatfiletype’soriginalspecification,InternationalOrganizationforStandardization(ISO)standardorcompanypolicy,andrebuildsa“clean”versionthatcontinuesontotheintendeddestination.Thisreal-timeprocessremoveszero-daymalwareandexploits,whileavoidingthenegativebusinessproductivityimpactthatistypicallycausedbysandboxdetonationandquarantinedelays.CDRcanbeusedasasupplementorreplacementfornetworksandboxing,dependingontheusecase.Manyrecipientsdon’tmindreceivingacopyofadocumentthatisvisuallyidenticaltotheoriginal,butthatdoesnotcontainanycode.However,thatisnotthecaseforeveryuser.
For URL-based advanced threats:
URL rewriting and time-of-click analysis—RewriteURLsbeforetheyaredeliveredtotheuserforstrongerprotectionthantime-of-deliveryURLinspection.Thiscanbeusedto:
• DisarmtheURL(turnitintoanonclickableversionoftheURL)
• Replacewithtext(suchas“embeddedURLremovedforsecurityreasons”)
• RedirecttheURLtotheURLinspectionservicefortime-of-clickanalysisprotection
URLsinattachmentsaregenerallyleftuntouchedbymostSEGs,althoughseveralhavethisontheirproductroadmap.
For impostor-based advanced threats:
Display name spoof detection —Detectspoofedmessagesbasedonemailheadersandthesendernames.Someproductssupportthefuzzymatchingofsendernameswithalistofnamesthattheemailsecurityadministratorcansetup.ThisistypicallyalistofVIPusers.
Domain-based message authentication, reporting and conformance (DMARC) on inbound email —EnforceDMARConinboundemailtraffictoprotectinternalusersfromreceivingspoofedexternalmessagesfromdomainsthathaveimplementedDMARCinrejectionmode.ThisalsochecksthealignmentofthedomainsusedinFROMandMAILFROMemailaddresses.
Cousin domain detection—Detecttheuseofcousindomains.Most,ifnotall,SEGsallowadministratorstoincludealistofcousindomainsthatshouldbeflagged.SomeSEGvendorsdofuzzymatchingondomainstodetectsuchscams,whereasothersrequirethecustomertouploaditsownlistofcousindomains.
Anomaly detection—Detectanomalousmessagesbasedonsender,recipient,envelope,content,historyandothercontexttothwartBECattacks.
Additional differentiating capabilities:
Graymail handling —ThisisanareawheremanySEGsrequirefurtherinvestment.Mostproductsarecapableofidentifyinggraymail(thatis,solicitedbulkemailmessagesthattherecipient“opted-in”foratsomepointinthepast),butmanylackmethodsforenduserstoconfigurethehandlingofthesemessagesbasedontheirindividualandsubjectivepreferences.Considerproductswithasecureunsubscribefeature.SomeattacksmasqueradeasgraymailandhideamaliciousURLinaseeminglyinnocuousunsubscribelink.Productsmayofferasafeunsubscribecapabilitythateffectivelyreplacesthelinksinsuchmessageswithasecureone.
11
DLP and email encryption —OutboundemailsecurityfeaturessuchasDLPandemailencryptionarecriticalforintellectualproperty(IP)protectionandregulatorycompliance(suchasPCIandHealthInsurancePortabilityandAccountabilityAct[HIPAA]data).Thesecapabilitiesshouldbeweighedheavilyinbuyeranalyses.Althoughtheycanbeusedseparately,DLPandencryptionaretypicallyusedinacomplementaryapproach.Usersshouldbeprovidedwithreadilyavailableemailencryptionoptionsthatempowerthemtomaketherightdecisionwhenhandlingsensitivedataviaemail.However,iftheyinadvertentlyorintentionallyfailtodoso,thentheDLPinspectionengineforoutboundmessagescanblockorremediatethisasafail-safe.Morethan50%oforganizationsleveragetheDLPandemailencryptioncapabilitiesofanSEG.SeetheGartnerRecommendedReadingsectionforthelatestresearchcoveringbothofthesetechnologiesandthebroadermarketstheyarein.
Postdelivery protection—OrganizationsshouldconsidervendorsthathaveaddeddetectionandresponsecapabilitiestoaddressthreatsthatwerenotinitiallycaughtbytheSEGandwereallowedtolandinauser’sinbox.UsingAPIintegrationswithcloudemailsystems(suchasOffice365)orplug-insforemailclients(suchasOutlook),thesevendorscanattemptto“clawback”amaliciousmessagebyremovingitfromtheuser’sinboxafterinitialdelivery.Sincethismessagemayhavealreadybeenopenedbytheuser,theproductshouldalsobeabletoalertrelevantpersonnelandproducts(suchasanadministrator,securityoperationscenter,EDRorsecurityinformationandeventmanagement[SIEM])aboutthispotentialcompromiseforremediationorrecovery.Asinteroperabilitygetsbetterbetweenproducts,remediationactionscanbetakeninrealtimetodecreasebothincidentresponsetimeandthelevelofhumaneffortrequired.
Representative Vendors
ThevendorslistedinthisMarketGuidedonotimplyanexhaustivelist.Thissectionisintendedtoprovidemoreunderstandingofthemarketanditsofferings.Itisnot,norisitintendedtobe,alistofallvendorsorofferingsonthemarket.Itisnot,norisitintendedtobe,acompetitiveanalysisofthevendorsdiscussed.
BAE SystemsLondon,U.K.(www.baesystems.com)
BAESystemsisalargeglobalproviderofdefenseandITproducts.Itacquiredacloud-basedSEGthroughtheacquisitionofSilverSkyin2014.Asanexperienceddefensecontractor,BAESystemshasdevelopedtradecraftforaddressingadvancedthreats,andoffersdetectionandresponsecorrelationofdatafromgateways,SIEMtools,andoperationaltechnology(OT)monitoringtools.Ithasgoodvisibilityintosophisticatedattacksviaitsmanagedsecurityservicesandadvancedthreatdetectionserviceofferings.TheSEGisintegratedwithBAESystems’othermanagedcybersecurityofferings,makingitagoodfitfororganizationswithaprimaryfocusonsecurity(suchasgovernment,industrialandfinancialservices)ororganizationslookingtooutsourcetheentireemailinfrastructuretoamanagedserviceorganization.
Barracuda NetworksCampbell,California,U.S.(www.barracuda.com)
BarracudaNetworksisalong-establishedsecurityandstoragevendorthatprovidesarangeofeconomical,easy-to-useproductsthatareaimedprimarilyatmidsizeenterprises.BarracudaNetworks’productportfolioincludesstorageandapplicationdeliveryproducts,alongwithanarrayofsecurityproducts,whichcoverSEGs(includingadvancedthreatdefense),securewebgateways(SWGs),webapplicationfirewalls(WAFs),firewallsandSSLVPN.BarracudaNetworks’emailsecurityproductsareshortlistcandidatesfororganizationsthatareseeking“set-and-forget”functionalityatareasonableprice.
CiscoSanJose,California,U.S.(www.cisco.com)
Ciscohasabroadsecurityportfolioacrossmanymarketsbeyondemailsecurity,suchasfirewall/intrusionpreventionsystem(IPS),websecurityandendpointsecurity.Cisco’semailsecurityappliancesandcloudservicecanintegratewithCisco’sAdvancedMalwareProtection(AMP)ThreatGridtoprovideadvancedthreatdefensecapabilities.ThestrengthofAMPThreatGridisprimarilyderivedfromCisco’sacquisitionofSourcefirein2013andThreatGRIDin2014,aswellasitslargethreatresearchgroup.Ciscoenjoysstrategicvendorstatuswithmanyofitscustomers,andiswell-respectedinthecorenetworkbuyingcenters.ItisagoodshortlistcandidateforexistingcustomersalreadyusinganotherCiscosecurityproductandotherorganizationsseekinganattractivepriceforperformance.
12
ClearswiftTheale,Reading,U.K.(www.clearswift.com)
Clearswifthasalong-establishedpresenceintheSEGmarket,primarilyintheU.K.,EuropeandAsia/Pacific.InJanuary2017,ClearswiftwasacquiredbyRUAGandispartofitsDefenceCyberSecuritybusinessunit.Thecompanyhasexpandeditsfocustothedataprotectionandinformationgovernancemarkets.Itsproductportfoliocanalsocovermultiplecommunicationschannels(email,webandendpoint),inconjunctionwithcentralizeddatasecuritygovernancefunctionality,totrackandtracethemovementofinformationacrosstheenterprise.IntheSEGmarket,Clearswiftisareasonableshortlistcandidatefororganizationsinsupportedgeographieslookingfordataprotectionandinformationgovernanceproductswithbidirectionaladvancedredactioncapabilities.
MicrosoftRedmond,Washington,U.S.(www.microsoft.com)
MicrosoftoffersaSaaS-basedproductcalledExchangeOnlineProtection(EOP).Microsoft’sdominanceintheemailmarketandlicensingschememakesitastrategicproviderofSEGcapabilities.MicrosoftaddedAdvancedThreatProtection(ATP)inanattempttoreachfeatureparitywithotherplayersinthemarket.ItseaseofdeploymentandcompetitivestreetpricingmakeitadefactoshortlistcontenderforallOffice365customers.
MimecastLondon,U.K.andBoston,U.S.(www.mimecast.com)
MimecastistheonlyvendorinthisMarketGuidethatissolelydedicatedtoemailsecurityandmanagementissues,includingemailcontinuity,archivingande-discovery.Thecompanyismoreend-user-focusedthanothersinthissection,withsecurityoptionsmadeavailabletoendusersthroughanOutlookplug-in.ImprovementsinadvancedthreatdefenseandservicedeliveryinfrastructurehaveseenMimecastgainmarketandmindsharefromotherplayers.Mimecastisagoodfitfororganizationslookingforafocusedproviderofemailproductsinatightlyintegratedcloud-basedplatform.
ProofpointSunnyvale,California,U.S.(www.proofpoint.com)
ProofpointcontinuestoleadthemarketwithR&Dinvestmentsininnovativefeaturesandcorporateacquisitionstocomplementitsenterprisecapability(forexample,theacquisitionofthefrauddivisionofReturnPath,aswellastheacquisitionsofFireLayers,Sendmail,ArmorizeTechnologiesandNetCitadel).Ithasthesharpestfocusonemailsecurityissues,particularlyadvancedthreatdefense,resultinginoneofthehighestgrowthratesinthismarket.InadditiontoSEGcapabilities,thecompanyoffersemailcontinuity,archiving,e-discovery,socialmediarisk,largefiletransferandincidentresponse.Proofpointisaverygoodshortlistcandidatefororganizationslookingforafullrangeofbest-of-breedSEGfunctionalityinsupportedgeographies.
SpaminaMadrid,Spain(www.spamina.com)
SpaminaoffersregionalspecializationsinEMEAandLatinAmericaforabroadportfolioofcloudandon-premisesproductsthatincludeSEG,archiving,securecollaborationandmobilemessaging.Spaminaprovidesasingleadmininterfaceforallofitscloud-basedproducts,withsecurityoptionsmadeavailabletoendusersthroughanOutlookadd-inormobileapp.Spaminarecentlyaddedadvancedthreatdefensecapabilitiesthatcustomerscanbuyasanoptionaladd-ontoitsSEG.Spaminaisareasonableshortlistcandidatefororganizationsinsupportedgeographieslookingforaholisticapproachtosecuremessagingthatincludesbothgatewaysandcollaborationproductsondesktopandmobile.
SymantecMountainView,California.U.S(www.symantec.com)
Symantechasabroadsecurityportfoliothatcoversemail,data,endpointandwebsecurity.SymantecisoneofthelargestSEGvendorsbymarketshare,withmatureSEGcapabilitiesavailableinavarietyofformfactors.Symantec’sSEGcustomerscanbenefitfromdeepintegrationwithitsAdvancedThreatProtectionoffering(whichhasbeenbolsteredbytheadditionofthethreatintelligencenetworkfromthe2016BlueCoatSystemsacquisition)oritspowerfulenterpriseDLPproduct.Symantecisareasonableshortlistcandidateformostorganizations.
13
Trend MicroTokyo,Japan(www.trendmicro.com)
TrendMicroisamajorproviderofthreatanddataprotectionproducts,andwasanearlyentrantintheSEGmarket.ItsSEGproductisofferedinabroadrangeofdeliveryformfactors.TrendMicroalsooffersrobustmailserversecurity,whichprovidestoolsforsecuritytasksthatcan’tbeaccomplishedatthegateway.TrendMicroisprimarilyfocusedonbuildingoutitsoverallenterprisebusinessbygrowingitsresellerandchannelpresencesinNorthAmericaandEuropetobettercomplementitsverystrongpresenceinitshomeregion,APAC.TrendMicroisashortlistcandidateprimarilyfororganizationsthatalreadyhaveastrategicrelationshipwiththevendor.
Market Recommendations
Securityandriskmanagementleadersoverseeingnetworkandgatewaysecurityshould:
• ScrutinizeSEGproductcapabilitiesforadvancedthreatdefenseandpostdeliveryprotection,becausethesearetheleadingdifferentiatorsandmostimportantselectioncriteria.
• Consolidateinfrastructurethathasaccumulatedovertheyears,andlookforleadingproductsthatcansatisfyfuturebusinessneeds.Cloud-deliveredproductscansignificantlyreducecostandcomplexity,andshouldbeconsideredbyallbuyers.Inthelongerterm,organizationsshouldconsideropportunitiestoconvergetheentireemailstack,frommailboxestoarchiving,intoasinglevendor’scloud-deliveredsolutionoracombinationofon-premisesandclouddeliverymodels.
• SupplementgapsintheadvancedthreatdefensecapabilitiesofanincumbentSEGbyaddingaspecializedproducttailoredforthispurpose,ifreplacementisnotanoption.NotallSEGvendorsincludebest-of-breedadvancedthreatdefensecapabilities.Furthermore,manyorganizationsarenotabletopursuea“ripandreplace”approachduetotheimplicationsforDLPandemailencryption.Thesearetypicallyseparateinitiativesthataretiedtobusinessprocessesandstakeholders,sotheyaddadditionaltimetoatechnologymigration.ShouldthisbethecaseforyourincumbentSEG,considercomplementingitwithaproductthatprovidesadditional
protection.Mostsecurityandriskmanagementleaderswouldprefernottochaintogethermultiple,fullSEGs.Theywillconsidereitherreplacingtheircurrentproductoraddingaspecializedproductthathasshownstrongefficacyagainsttargetedphishingattacks,suchasBEC,thatincludescousindomainandanomalydetection(seeNote2).
• MakeanefforttounderstandbusinessrequirementsforDLPandemailencryptionoverthenextthreeyearsandevaluateproductsaccordingly.Althoughitisnotoptimal,SEGDLPcapabilitycanbeimplementedindependentlyofenterpriseDLPtosatisfyemail-specificaspectsofregulatorycompliance,enforceacceptableusageorenableautomaticemailencryption.ForIPprotection,however,buyersofSEGDLPmustunderstandhowitwillintegrateintoamore-holisticenterprisedatamanagementstrategy.
• Understandthateffectivemitigationofinboundmaliciousmessages(suchasphishingattacks)requiresCISOstotakeamultiprongedapproachthatspanstechnical,proceduralandeducationalcontrols.SeetheGartnerRecommendedReadingsectionforthelatest“fightingphishing”researchthatdiscussesthefullscopeoftheinboundphishingthreatandidentifieseffectivemitigationstrategies.
Evidence1IntelSecurityannouncedtheendofsaleforitsMcAfeeEmailSecuritySolutionsinOctober2015.
2See“ExploitKit-BasedAttacksDeclineDramatically”and“TrackingtheDeclineofTopExploitKits.”
Thefindingsandrecommendationsinthisresearchwerederivedfrommorethan700GartnerclientinteractionssinceJuly2015onthetopicofemailsecurity,aswellasfromGartner’sAnnualSecurityandRisksurvey.
GartnerconducteditsAnnualSecurityandRisksurveyinfivecountriesbetween24Februaryand22March2017inordertobetterunderstandhowriskmanagementplanning,operations,budgetingandbuyingareperformed,especiallyinthefollowingareas:
• Riskandsecuritymanagement
• Securitytechnologiesandidentityandaccessmanagement(IAM)
14
• Businesscontinuitymanagement
• Securitycomplianceandauditmanagement
• Privacy
Theresearchwasconductedonlineamong712respondentsinfivecountries:theU.S.(141respondents),Brazil(143respondents),Germany(140respondents),theU.K.(144respondents),andIndia(144respondents).
Qualifyingorganizationshaveatleast100employeesand$50million(USDequivalent)intotalannualrevenueforfiscalyear2016.Allindustrysegmentsqualified,withtheexceptionofITservices,andsoftwareandIThardwaremanufacturing.
Further,eachofthefivetechnology-focusedsectionsofthequestionnairerequiredtherespondentstohaveatleastsomeinvolvementorfamiliaritywithoneofthetechnologydomainsweexplored.
Note 1. Cloud Office Systems
Cloudofficesystemsincludecreative,collaboration,communication,social,coordinationanddataservices,alongwithAPIsthatenableintegrationwithothersystems.MicrosoftOffice365andGoogleGSuitearetheprimaryexamples.Ataminimum,cloudofficeproductsincludecapabilitiesforemail,socialnetworking,filesynchronizationandsharing,documentcreationandediting,screensharing,IM,audioconferencing,andvideoconferencing.Mostbuyersstartwithasubsetthatincludesemail.Thebroadterm“cloudofficesystems”isagenericlabel.Theterm“MicrosoftOffice”referstoaspecificrangeofproductsfromMicrosoft.
Note 2. Specialist Products for Advanced Threat Defense Capabilities
SamplevendorswiththistypeoffocusedofferingincludeAgari,Area1Security,FireEye,GlasswallSolutions,GreatHorn,Ironscales,VadeSecureandVotiro.Whenconsideringthisoption,securityandriskmanagementleadersshouldcarefullyassessthesevendors’productsbecausetheirfeaturesanddeploymentoptionsvarygreatly.BecausenotallorganizationswillwantanadditionalMTAintheemailflow,manyvendorsinthisspacewillofferdetectiononly,andonlyrequiretheforwardingoftraffic(throughBCCorjournaling,forexample).OtherswillintegratewithcloudemailprovidersthroughAPIs.
Source:GartnerResearchNoteG00320003,NeilWynne,03May2017
15
AboutSPAMINA
SPAMINA,isaEuropean-basedsecuritycompanythatdevelopsandprovidescorporationswithflexibleandSecureDigitalCommunications.Managingandmitigatingcyber-crimerelatedriskiscritical.Widelyknownelectroniccommunicationsmeanssuchasemail,aswellastheincreasinglyusedinstantmessaging,arechannelswherethecorporatedigitalassetscanbejeopardized.SimileFingerprintFilter®proprietarytechnologyprotectscorporatenetworksfromadvancedandzero-daythreats.Spaminaprovideswithasafecommunicationenvironmentwherebusinesscontinuity,servicescalabilityandcost-effectivenessareensured.
Ourcloudservicesrangefromenterprisesecureemailplatform,enterprisemobilemanagement,email&IMgatewayprotectiontoarchivingandencryption&DLPsolutionsforlegalcompliance.
Acloudenvironmentinvolvesstorageandtransferofdigitalinformation.SpaminaissubjecttothemostdemandingEUregulationsintermsofdataprotectionandiscommittedtoensuringthehighestsecuritystandardsfordigitalsafeguard.
SpaminarecognizedintheMarketGuideforSecureEmailGatewaysispublishedbySpamina.EditorialcontentsuppliedbySpaminaisindependentofGartneranalysis.AllGartnerresearchisusedwithGartner’spermission,andwasoriginallypublishedaspartofGartner’ssyndicatedresearchserviceavailabletoallentitledGartnerclients.©2017Gartner,Inc.and/oritsaffiliates.Allrightsreserved.TheuseofGartnerresearchinthispublicationdoesnotindicateGartner’sendorsementofSpamina’sproductsand/orstrategies.ReproductionordistributionofthispublicationinanyformwithoutGartner’spriorwrittenpermissionisforbidden.Theinformationcontainedhereinhasbeenobtainedfromsourcesbelievedtobereliable.Gartnerdisclaimsallwarrantiesastotheaccuracy,completenessoradequacyofsuchinformation.Theopinionsexpressedhereinaresubjecttochangewithoutnotice.AlthoughGartnerresearchmayincludeadiscussionofrelatedlegalissues,Gartnerdoesnotprovidelegaladviceorservicesanditsresearchshouldnotbeconstruedorusedassuch.Gartnerisapubliccompany,anditsshareholdersmayincludefirmsandfundsthathavefinancialinterestsinentitiescoveredinGartnerresearch.Gartner’sBoardofDirectorsmayincludeseniormanagersofthesefirmsorfunds.Gartnerresearchisproducedindependentlybyitsresearchorganizationwithoutinputorinfluencefromthesefirms,fundsortheirmanagers.ForfurtherinformationontheindependenceandintegrityofGartnerresearch,see“GuidingPrinciplesonIndependenceandObjectivity”onitswebsite.
More information:
Phone:+34913687733