Finding the best email security gateway is vital to protect companies from cyberattacks. Here's a look at some current market leaders and their standout features.
Business email has been around a long time, but that doesn't mean it's always safe to use -- quite the contrary.
As you sit here reading, malicious hackers and other cybercriminals are drawing a target on your company's back. The bull's-eye mark is your corporate email, the wide-open entry through which attackers can gain admission to your proprietary information and wreak general havoc.
Email security gateways, for example, work by filtering email with malicious content and preventing them from ever reaching employees' inboxes. Today's email security gateways are available as cloud-based installations, on-premises installations and cloud-based services.
Here's a look at some popular email security gateways and similar products, in alphabetical order.
Abnormal
Abnormal Security positions its cloud-native email security platform as a replacement for or supplement to traditional email security gateway appliances. It offers similar capabilities, but instead of relying on known indicators of compromise, it develops baselines of known good behavior and uses AI to detect anomalies.
Abnormal also emphasizes its use of APIs to integrate with Microsoft 365, Google Workspace and other email and collaboration technologies, as well as other cybersecurity tools.
Peer reviewers noted the Abnormal service's strong automatic remediation capabilities, as well as its insight-rich dashboard and threat reports. But reviewers also mentioned occasional false positives and false negatives.
Features of the Abnormal platform include the following:
A directory view of all active email users and a dynamic behavioral profile for each user, based on data such as IP addresses, geographical locations and times of day for email logins.
Automatic disablement of compromised accounts.
A directory view of all vendors in contact with an organization, with a risk score assigned to each vendor based on email activity and threat intelligence.
Fully automated management of suspicious messages, including screening of false positives, remediation of malicious email campaigns and prompt engagement with each user who reports a possible threat.
Email security gateways work by filtering out email with malicious content and preventing them from ever reaching employees' inboxes.
Avanan
Avanan, owned by Check Point, offers a cloud-based, inline email security service that the company positions as an alternative to traditional email security gateways.
Avanan relies on API-based integration to support Microsoft 365, Google Workspace and other email and collaboration platforms, focusing on identifying and stopping advanced threats that email service providers miss. The company claims to reduce phishing attacks by 99%.
Many reviewers highlighted Avanan's ability to accurately detect and stop novel attacks, as well as its ability to explain threats and their causes. Common complaints included weak data loss prevention (DLP) capabilities, a lack of configuration and tuning options, and a relatively steep learning curve for less experienced administrators.
The Avanan service includes the following features:
Inline email inspection and analysis for both inbound and outbound messages.
Automatic discovery and analysis of an organization's supply chain to block malicious emails from hacked vendors.
Support for file-sharing applications, such as Microsoft OneDrive, Microsoft SharePoint, Google Drive, Citrix ShareFile, Dropbox and Box.
Support for Microsoft Teams and Slack.
Built-in incident response capabilities, including incident reporting, root cause analysis and mitigation recommendations.
Optional, add-on incident response-as-a-service offering that provides 24/7 monitoring and handling of user-reported suspicious emails and user requests to release quarantined emails.
Barracuda Email Protection
Barracuda Email Protection from Barracuda Networks provides advanced, cloud-based email security gateway functionality specifically for Microsoft 365 email accounts.
Barracuda Email Protection is available in three tiers: Advanced, Premium and Premium Plus. All offer the same core email security functionality, with Premium and Premium Plus providing additional capabilities, such as domain fraud protection, integration with other security technologies and automated workflows.
The Gartner peer review site had numerous positive reviews for Barracuda Email Protection. Many praised its integration with Microsoft 365, the quality of its detection and filtering capabilities and service from the Barracuda support team. Others, however, had concerns about Email Protection's interfaces, especially its limited integration capabilities.
Features of Email Protection include the following:
A combination of sandboxing, heuristic and behavioral analysis techniques for detecting zero-day malware and other advanced threats.
Inbox defenses that use AI to learn organizational and user behavior and identify malicious deviations, such as fraud attempts and account takeovers.
Domain and brand protection through Domain-based Message Authentication, Reporting and Conformance (DMARC) enforcement and reporting.
Zero-trust access enforcement for Microsoft 365 (Premium Plus tier).
Simulated phishing attacks via email, phone calls and text messages (Premium Plus tier).
Policy-based, automatic email encryption.
Content policy enforcement to prevent data leaks via emails.
Cisco Secure Email Threat Defense
Cisco Secure Email Threat Defense is a cloud-native product for secure email communications, which also aims to prevent corporate data loss by staving off malware, ransomware, phishing and spam.
Cisco offers Email Threat Defense as an add-on to its other technologies with a per-user subscription fee. It is designed to supplement Microsoft 365's own security capabilities, improving threat detection and defense and increasing an organization's visibility into its own email security.
Reviews cited excellent performance and strong cybersecurity features. Reviewers' most common complaint about Cisco Secure Email Threat Defense was its relatively high cost.
Features of Email Threat Defense include the following:
Sender reputation filtering that blocks emails based on threat intelligence from the Cisco Talos threat research team.
API support for interoperability with other security technologies and immediate remediation of malicious emails.
Use of AI and machine learning, along with behavioral analytics and identity and relationship modeling techniques, to thwart advanced threats.
Compatibility with other Cisco technologies, such as Cisco Secure Endpoint and Cisco Secure Malware Analytics, to improve and expand threat analysis and mitigation.
Centralized reporting on email-based threats, targets and potential compromises.
Email filtering software can be an important part of an email security strategy.
Fortinet FortiMail
Fortinet's FortiMail offers a secure email gateway that focuses on volume-based attacks and targeted cyberthreats, with the aim of helping organizations comply with regulations and keep corporate data safe. It provides antispam and antimalware protection and also folds in advanced features, such as outbreak protection, sandbox analysis and impersonation detection, to execute more complex security functions.
Customers can deploy FortiMail on-premises as appliances or in VMs in the cloud via services such as Microsoft Azure or AWS. It's also available as a SaaS offering: FortiMail Cloud for Email Security.
FortiMail earns mostly positive reviews, with many citing the value that FortiMail provides and its ease of use. Negative feedback most often involved installation challenges and poor setup documentation -- problematic for less experienced administrators.
Features include the following:
API support for integration with Microsoft 365 and Google Workspace to supplement their email security capabilities.
Success rate of 99.98% in identifying and blocking spam, according to independent testing by Virus Bulletin.
Multiple setup options for filtering unwanted and malicious email, including numerous sender, protocol and content inspection techniques, e.g., Sender Policy Framework, DomainKeys Identified Mail, DMARC and geographic restriction enforcement.
Optional features, such as spoof detection, sandbox analysis and content disarm and reconstruction, which can protect against new advanced threats.
Heuristics that monitor evolving trends and mitigate the risk of malware outbreaks.
Email encryption and safe archiving, plus DLP capabilities.
Ironscales Protect
Ironscales Protect is a cloud- and API-based email security service that replaces traditional email security gateways. Its email security features provide protection against email spoofing, impersonation, malware, phishing and account takeovers, plus phishing simulations and employee security awareness training.
Ironscales uses AI to automatically analyze and respond to threats and to provide advice and support to human administrators.
Peer reviews were mostly positive, with many praising the company for rapidly improving Ironscales Protect and for being responsive to questions and suggestions from customers. Common complaints about Ironscales Protect included repetitive and limited phishing simulations and security awareness training, as well as limited data reporting functions.
Features of Ironscales Protect include the following:
Integration with Microsoft 365 and Google Workspace to supplement their native security capabilities.
A 90% reduction in the effort needed to detect and stop phishing threats, according to the company.
An AI-based virtual security operations center analyst, Themis, which automatically reviews and handles user-reported emails, remediates detected threats and suggests measures for humans to take when handling incidents or acting to stop attack campaigns.
A mobile app for security analysts, so they can use their smartphones to review user-reported suspicious emails, potential incidents and security reports.
A button to encourage users to report phishing emails.
Microsoft Exchange Online Protection
Microsoft's Exchange Online Protection (EOP) is a cloud-based service that protects against spam and malware. It uses URL and domain blocking tools, antimalware engines, antispoofing protection, and deep message and attachment inspection.
EOP is included in Microsoft 365 deployments that have Microsoft Exchange Online mailboxes, and it can also be added on to protect on-premises Microsoft Exchange mailboxes and any other SMTP-based mail server. The full set of EOP features is available for Exchange Online mailboxes only, although most EOP features are supported regardless of the deployment model.
Feedback from users indicated EOP's spam filtering and malware detection work well and setup is extremely easy for existing Microsoft customers. Common complaints included false positives that caused emails or email attachments to be blocked or quarantined. Users also noted the need for more granular policy definitions.
Features include the following:
Real-time antispam and multiengine antimalware capabilities.
Fast -- near-real time -- reporting that lets companies trace any email message the system has processed.
Email loss and bounce prevention with automatic queuing that kicks in when the destination server becomes unavailable.
IP reputation protection through separate delivery pools for high-risk outbound email.
Integration with Microsoft Purview Data Loss Prevention and Message Encryption offerings to increase protection for outbound emails.
Mimecast Email Security, Cloud Gateway
Mimecast Email Security, Cloud Gateway uses sophisticated detection engines and intelligence to protect email data and employees from spam, malware, phishing and targeted attacks. Mimecast's email security features are available through cloud-native, on-premises and hybrid deployments, and they can supplement the security features built into Microsoft 365 and Google Workspace. The service includes email archiving and security awareness training.
Reviewers gave Mimecast high marks for its flexible and customizable policies and the power they provide to administrators. But reviewers also said the complexity of the administrator interface makes Mimecast challenging to learn and use, complicating both initial deployment and daily use.
Features include the following:
AI, machine learning, identity graphing and social graphing techniques to detect impersonation and other email-based threats.
Open API to facilitate integrations with other cybersecurity technologies, such as SIEM, SOAR and threat intelligence platforms.
AI-informed risk warning banners to let users know particular emails are suspicious, or could be suspicious, based on real-time analysis and cyberthreat intelligence.
Detection of misaddressed outbound messages to prevent data leaks and breaches.
Optional add-on features, such as insider threat detection, email continuity in the event of outages, DMARC management, email encryption and email incident response capabilities.
TitanHQ SpamTitan
TitanHQ's SpamTitan delivers email security products in the following models:
Appliance-based: SpamTitan Gateway.
SaaS-based: SpamTitan Cloud and SpamTitan Plus.
Private cloud-based: SpamTitan Private Cloud for MSPs and large enterprises.
SpamTitan uses a variety of techniques and technologies, including sandboxing and multilayered antispam analysis and antivirus protection, to identify and stop email-based threats. SpamTitan is intended to minimize the amount of time human administrators need to spend on email security, in part by enabling users to vet their own blocked emails.
Comments from reviewers were generally positive and indicated that they find SpamTitan to be easy to set up and implement, with a strong end-user interface. Several complaints centered on poor detection performance, with high rates of both false positives and false negatives, as well as slow customer support response times.
SpamTitan features include the following:
Automatic, daily, direct notification of users of their quarantined emails, letting them unblock select messages without involving human administrators.
The ability to block all emails from a particular domain.
A 99.97% spam detection rate and false positive rate of 0.03%, according to the company.
The ability to support multiple levels of email security administration for an unlimited number of users and multiple domains.
AI-driven URL inspection, predictive analysis and time-of-click analysis to protect users from malicious links (SpamTitan Plus).
A web-based administration interface so human administrators don't need to install and use a separate app.
Optional additional services, such as email encryption (EncryptTitan) and security awareness training and phishing simulations (SafeTitan).
Editor's note: The author selected these email security tools based on market research and prioritized offerings that have sizable customer bases; are under active development -- i.e., not nearing end of life; have recent user reviews from Gartner and elsewhere that are mostly positive; and have distinguishing characteristics and features.
Karen Scarfone is principal consultant at Scarfone Cybersecurity in Clifton, Va. She provides cybersecurity publication consulting to organizations and was formerly a senior computer scientist for NIST.
