Companies use email security gateways to prevent email messages that violate an organization’s policies — particularly ones with malicious intent — from reaching their destinations.
All email security gateways have the ability to quarantine or block email that contains detected malware, phishing attacks, spam, as well as other malicious content. This prevents most attacks from reaching their intended recipients, which, in turn, reduces the number of successful compromises of hosts, user credentials and sensitive data.
Some security gateways also offer data loss prevention capabilities that thwart inadvertent or intentional leakage of sensitive information via email messages. This is mainly a concern for outbound traffic — email messages sent from within the organization.
There are many products available. It is not feasible to exhaustively capture the characteristics of every single one, so this article focuses on the most widely used types of gateway products.
The architecture of email security gateways
There are several possible architectures for hosting email gateways, including the following:
- The email server. Some gateway products are email server-specific — e.g., for Exchange servers only or for Domino servers only — and these products are typically installed directly onto the email server. Most products do not fall into this category.
- An on-site hardware appliance. The majority of secure email gateway products offer a hardware appliance option. Companies install this dedicated appliance on the organization’s network, and inbound and outbound email traffic is routed through the appliance for analysis and filtering.
- An on-site virtual appliance. Most vendors offer on-site virtual appliances for email security. Companies can install these virtual appliances as part of a private cloud controlled by the organization, or they can be run on an on-site server without necessarily being part of a cloud architecture.
- A public cloud. Many email security gateway products are available as public cloud-based services. They function the same way as the on-site appliances do; all inbound and outbound email traffic for an organization is routed through the service.
- A hybrid approach — combining public cloud and on-site presence. Many vendors offer a hybrid architecture, which combines a public cloud-based service and a locally deployed hardware or virtual appliance.
Each option has advantages and disadvantages in terms of security, performance and reliability. However, all of these architectures ultimately deliver the same type of email analysis and filtering services to their user communities.
Email security gateways are strictly that — gateways — and they have no presence on client devices. The lack of a dependency on client-side security controls is important for achieving effective email security in many environments, especially those that have email users with client devices outside the organization’s control, such as bring your own device laptops, smartphones and tablets.
Typical environments suitable for email security gateways
Secure email gateways are a necessity for virtually every organization since email-borne threats are ubiquitous. They allow all types of organizations to boost their security.
Gateways go beyond the traditional detection capabilities of legacy antivirus and antiphishing tools by offering more sophisticated detection and prevention capabilities. They also make use of threat intelligence to stay up to date with the latest threats.
Since email security gateways monitor network traffic, the gateways filter email messages before they reach users’ inboxes. Consequently, they can offer a strong level of protection for email clients on all devices, protecting employees who use their own devices for work or who work remotely. Secure email gateways don’t affect the performance of these devices.
However, to ensure endpoint and mobile security, companies should consider upgrading to cloud versions of their email security gateways that include more advanced phishing protection, particularly to protect against impostor email threats — email fraud — or business email compromise — a financial cyberthreat.
Cloud platforms are also more agile and better able to adapt to new threats without the need for administrators to upgrade on-premises appliances or software.
Email security gateways are beneficial for organizations that host their own email services and those that outsource their email services, assuming the outsourcer isn’t already providing security gateway services.
Organizations that outsource email services should check with their outsourcer to see what security services they provide, before inadvertently duplicating those services.
The costs of email security gateway adoption and deployment
The cost models for adopting and deploying gateways vary considerably depending on the type of product selected. For example, public cloud-based email security gateway services usually charge per-user, per-month fees. Appliance-based models typically have a flat fee for the appliance itself and may also charge a subscription fee to supply the appliance with the latest threat intelligence information and other updates.
Because email security gateways should be transparent to end users, client support should be minimal. Gateways do make mistakes, but most products are extremely accurate in their classifications of email messages, so it’s quite rare for one to block a nonthreatening message. Such instances may require a gateway administrator to intervene.
Some secure email gateways offer add-on security capabilities, such as email encryption. These capabilities generally involve a separate charge in addition to the gateway itself and any support or maintenance subscriptions.
Beefing up organizational security with email security gateways
Secure email gateways prevent malware, phishing attacks, spam and other unwanted email messages from reaching their recipients and compromising their devices, user credentials or sensitive data. Because so many attacks today are email-based, a security gateway can sharply decrease the number of successful attacks against an organization.
Linda Rosencrance contributed to this report