Security threats are ubiquitous. Having a third-party service has become a necessity in companies. Many Microsoft environments but particularly O-365 alone do not provide the granularity or coverage you need to manage a comprehensive email security program.
Complementing O-365 with a third-party service can help close the gaps and give you much greater control across your enterprise and into the field of mobile devices.
What is an Email Security Gateway?
The purpose of an email security gateway is to block and quarantine emails that are detected as malware, phishing threats or spam. The goal is to help prevent attacks from reaching their intended target.
Depending on your company’s needs, third-party services come with additional features like data loss prevention or email encryption. Data loss prevention can help prevent leaks of sensitive corporate information like social security or credit card numbers. An email encryption service encrypts the content along the entire path from the sender to the recipient.
Improving your Email Security
The first thing you need is to have a solid security policy in place. All security procedures and processes you implement will be derived from this, including the architecture of your corporate email security system configured with third-party services.
Benefits of a Third-Party Service
With a third-party-service, you can take advantage of:
Email Filtering
If you are considering a cloud-based third-party email gateway service to complement your Microsoft environment, it’s good to familiarize yourself with the core benefits of going third party. One of the biggest benefits is the ability to filter unwanted or harmful email including spam, phishing, and spearphishing before it hits the corporate network. This not only protects your network from the latest threats, but saves on network bandwidth and greatly simplifies the administration of signatures by allowing management and updates from one central point.
The Latest Technology & Security Threat Intelligence
The latest security techniques and technologies no longer rely on signature-based solutions alone to detect and remove malware. Security threats are constantly evolving and do so at such a rapid pace that by the time signatures are updated the malware may have already installed itself allowing new unknown threats to be propagated. Thus, the industry has moved to focus on more proactive “behavioral” solutions complemented by “sandboxing” technologies which allow you test file behavior in a safe, isolated environment.
Leveraging the Latest Security
Security threat intelligence is the gathering of raw data from several sources and then dispersed as feeds. Although every computer connected to the network should be running some real-time anti-virus, an email security gateway is updated every few minutes with the latest threat intelligence feeds. This frequency helps to protect your company against the latest email threats. An anti-virus running on a user’s computer is generally not updated as frequently due to the consumption of bandwidth this would entail.
Centralized Quarantine Control
O-365 offers a decentralized quarantine service. Users have access to the quarantine area which increases the risk to potentially release a phishing campaign. A third-party service combines a decentralized/centralized approach to quarantine suspicious emails. IT admins have control and access to validate if the quarantined email is safe to release or not. Users will still have the ability to control spam quarantined on their computer.
Flexible Archiving and Journaling
0-365 lacks archiving capabilities which is problematic for industries that require monitoring or sample communications. It also does not allow the import of external content to be archived. In instances like this, a third-party service is required to meet your archiving and journaling needs.
Depending on your corporate email setup, another workaround is a hybrid system. If you have a hybrid deployment for your mailboxes, the mailboxes can be split between O-365 and an on-premise server. The on-premises server can be the designated journaling mailbox for O-365.
For other types of archiving needs, third-party services are more flexible allowing routing of emails to their archiving system based on user-defined rules.
Flexible Retention Period
Retaining deleted emails or spam in O-365 is limited to 30 days with the default set to 14 days. After this duration, the emails are permanently deleted. If an email has been deleted or tagged as a false positive, IT admins have no way of retrieving this email.
A third-party service gives IT admins the option to extend the retention period for quarantined emails based on their preferences.
In Closing
Security needs to be implemented in layers. An email security gateway can help you achieve that. By enlisting the services of a third-party vendor to complement your email architecture, it will help prepare your company for today’s security threats.
Vircom is a pioneer in email security and software for businesses and service providers. Try our 30-day FREE trial today or request a demo.
Leave a Comment