Welcome

SPAMINASolutions

ResearchfromGartner:MarketGuideforSecureEmailGateways

AboutSPAMINA

Issue32

3

7

15

SpaminarecognizedintheMarketGuideforSecureEmailGateways

2

Welcome

Today’scompaniescommunicationischangingdramatically.Theemailisstillgloballyrecognizedasthemainchannelforcompaniestocommunicate,butnewwaysofmessagingarealsoenteringthisfield.ConsumerInstantMessagingproducts,suchasWhatsApporTelegram,areexpandingtheirpresenceinenterprisesandDPOs,CTOs,CIOsorCISOsarefacingseriousissuestokeepcorporatecommunicationmalware-free,legallycompliantandfullyundercontrol.Emailisthemostcommonlyusedchannelforopportunisticandtargetedattacks,andthisphenomenonisalsoemergingintheInstantMessagingcommunications.

InSpaminawestrivetoprovideaholisticapproachtosecuremessagingthatincludesbothgatewayand

collaborationproductsondesktopandmobile.Wefocusonthreemainareas:ThreatPrevention;InformationProtection,Archive&Compliance;andSecureCollaboration.

TherecentlyaddedAdvancedThreatProtectionproduct(ATP)bolstersdefenseagainsttargetedattacksandadvancedthreats,andincludesfileaswellasURLsandboxing,forbothemailandInstantMessaging.OurvisionandstrongtechnologyinsecuringdigitalcommunicationhasbeenrecognizedbyGartnerinthe2017MarketGuideforSecureEmailGatewayreport.

WhatarethebenefitsthatSpaminaprovidestocompanies?

• HighprotectionagainstadvancedandtargetedthreatsforemailandInstantMessaging.

• Holisticviewforasecureenterprisemessaging.

• Mobilityandend-userusability(includingmobileappandtheSpaminaOutlookAdd-In).

• Flexiblemultitenantplatformwithaunifiedmanagementinterfaceforadmins.

• EU-basedcompanyundertheEUdataprotectionlaws.

Enjoyreading,Enrico RagginiPresident&CEOSpamina

More information:

www.spamina.comsales@spamina.com+34913687733

Follow us:

3

SPAMINASolutions

Spaminahasdevelopedsecuritysolutionstoprovidecompanieswithsecuredigitalcommunications,suchasParla,thesecurecloudemailandParlaMI,secureinstantmessagingforbusiness,pluseffectiveprotectionagainstemergingandAdvanced Persistent Threats(APTs)andadditionalsecuritylayers:emailgatewaysecurity,emailarchiving,encryptionanddatalostprevention.

Oursolutionsarefullyintegratedinone single console to manageandcontrolfortheemail,instantmessaging,gatewaysecurity,calendar&collaboration,mobilepoliciesenforcement,datalostpreventionandlegalcompliance.Allthesetoolscanthereforebehandledavoidingoverlappingandscreenswitchover.

Spamina’ssecurityservicesprovideseamlessintegrationwithotherindustryemailservicessuchasMicrosoftOffice365TMorGSuite(byGoogle)andonpremiseemailhostinhservices.

Parla – Secure Cloud Email

Corporateemail,instantmessagingcollaborationwithinasafeenvironment

Key benefits of Parla:

• Emailoutsourcingplatformwithabest-of-breedsecuresolutionmakespossibletoreduce the financial impactofreceivingspamandmalwarewhileenablingatotaloptimizationofemail-relatedtechnologyinfrastructures.

• Scale IT infrastructureneedsascompanygrows.

• Antispamandadvanced threats filteringfeaturesarefullyintegratedintheParlaplatform.

• Webmailaccessensuresemail availabilityintheeventofserveroutage.

• EncryptedEnterpriseInstantMessagingandvideoconferencecallintegrated.

• Secure Instant Messaging,ParlaMI,integrated.

• Mobile Device Management:EmbraceBringYourOwnDevice(BYOD)withthepeaceofmindofensuringemployeesstayproductiveanddonotbreachcorporatepolicies.

• Outlook Plugin(2007,2010,2013,2016).

· ParlaisanalternativeforcompaniesconcersoverjurisdictionandconfidentialitythatarelookingforNonUSAemailserviceproviders.

· IntegrationwithCloudEmailEncryption&DLPandCloudEmailArchivingmodulesfordataprivacyandlegalcompliance

4

Main reasons for choosing ParlaMI, Enterprise Instant Messaging:

• Permanentlyeliminateconsumer-basedinstantmessagingapplicationsfromyourcorporatedevices.

• Protect your conversationsfromanynetworkthreatordataleakage.

• Helpmanagerstomonitorthecompany’sactivity.

• Theencryptedengineensurethatconfidentialityisnotcompromised.

• Canbecombinedwitharchiving,dataleakpreventionandantimalwareadd-ons.

• AppavailableforIOS and Androidforbothtabletandsmartphone.

• AccessiblefromSpamina’sOutlook pluginandwebmail.

Top features of Cloud Email Firewall:

• ProtectionagainstthelatestgenerationofAPTssuchasspearphishingattacksandransomware.

• Minimizeexposuretozero-day threats.

• Prevent your mail servicefrombeingblacklisted.Cloud Email Firewallwillavoidmostjunkemailtobesentfromyouremailservice,preventingyourdomainfrombeingblacklisted.

• Spooling:incaseofuser’smailserviceoutage,emailsarekeptforupto4daysuntiltheconnectionisrestored.Italsopreventsinboundemailstobebouncedbacktothesenderwithanon-deliverymessage.

• Email backup:Spaminakeepscopiesofallmessages,bothlegitimateandspam,forupto5days.Thisenablesrecoveringmessageswhentheyareaccidentallydeletedbyusers,ortomovethemtotheinboxmessagesthatinitiallyweremarkedasspam.

• Emergency webmail:accessyourinboxanytime,anywhereandfromanydeviceincaseofemailserviceoutage.

ParlaMI – Enterprise Instant Messaging

Secureandconfidentialbusinessconversationsfromanydevice

Cloud Email Firewall

Effectiveemailfilteringandbusinesscontinuitysolution

5

Top features of Cloud Email Archiving:

• Seamless data discoveryenabledbypowerfulsearchingengine.Multiplesearchcriterion,includingattacheddocuments.

• CloudEmailArchivingprovideswithaninterfaceformanagingsimultaneouslybothemail and instant messaging.

• Userscanselectivelydownloadmailmessagesindifferentformats,preventingvendorlock-in.

• Audit and control resources:gettoknowwho,when,whatdidtheuserlookfororwhatdidtheuserdownload.

• Spamina’swebinterfaceandOutlook pluginenablesthearchivetobeaccessedanytime,anywhere.

• Intuitiveandfriendlyinterfaceaccesstocorporateemailarchiving,withSpaminaApp

Cloud Email Archiving

Keepcorporateemailarchived,immutableandalwaysavailableforlegalcompliantrequirementsandforbothinternalandexternalaudits

SpaminaATPsolutionisan additional malware protection layerthatsitsoftopoftheSpamina’santispamandantimalwarestack.

Spamina ATP incorporates the following technologies:

• AdvancedPremiumAntivirusEngine

• File&URLSandboxingAnalysis

TheserviceisfullyintegratedintotheSpaminaadministrationpanel,providingITmanagerswithfullconfigurationcontrolandauditing,aswellasreportingandservicestatus(dashboard).Likewise,usersarepromptlynotifiedwhenreceivedemailsaresubmittedforanalysis,andwhenclickingonURLlinksthataredeemedpotentiallydangerous.

SpaminaATPisanadd-inforCloudEmailFirewallandParlaMailbox.

Itincludesgranularsubscriptionsothatacustomermayhavetheservicefor,thewholecompany(alldomainsandusers),specificdomainsorindividualusers.

Advanced Threat Protection

EffectiveprotectionagainstemergingandAdvancedPersistentThreats(APTs)

6

Enhance your email security with Spamina:

• Outbound mail filteringpreventsIPblacklistingensuringthereputationofthecustomer’semailserviceandasolidperformance.

• Providesbusiness continuityintheeventofanO365platformoutage.

• CloudEmailFirewallenablesgranular managementatdifferentlevels(company-wide,domainandend-user).

• CloudEmailArchivingprovideswithupto10yearsofemailretention,legal uphold by turning email immutable.

• CloudEmailEncryption&DLPprovidesadministratorswithapowerfulpolicyengineenablingeffortless email encryption.

• Resellerswillbeabletobetterengagetheircustomerswithabroader portfoliowhileextendingO365security.

Source:Spamina

Spamina for Office O365

Spamina’sOutlookintegrationtakesyourcorporatesecuritytothenextlevel

Main reasons for choosing Cloud Email Encryption & DLP implementation:

• Protectcorporatedigitalassetsfrompreyingeyes.

• Preventsecuritybreachesofcorporatesensitiveinformation.

• Comply with data protectionregulations.

• Writingandreplyingtomessagesensuringend-to-end protected communications. Easy and effortless access to encrypted email.

• EmpoweryouITdepartmentbyenablingthedetectionofsecuritybreachesaccordingtoyourpolicies.Prevent data leakage (DLP)andensureemailsareexchangeconfidentiallyexchanged.

• UsersofCloudEmailEncryptioncannowsendandreceivedencryptedemailsfromanywherewithSpaminaApp.

Cloud Email Encryption & DLP

Ensureemailprivacyandpreventemaildataleakage

7

MarketGuideforSecureEmailGateways

Market Definition

Emailisthemostcommonlyusedchannelforbothopportunisticandtargetedattacks,aswellasasignificantpointofegressforsensitivecontent.Assuch,securityandriskmanagementleaderscontinuetorelyonthesecureemailgateway(SEG)asacriticalcomponentoftheirsecuritystrategyinanevolvingthreatenvironment.Theseproductsareexpectedtoprovideaversatileandbroadrangeofcapabilitiesthat,atminimum,shouldincludethefollowing(alsoseeFigure1):

• Amessagetransferagent(MTA)thatincludessecurityfunctionalitytoconformwiththelatestpublishedstandards

• Anti-spamandsignature-basedanti-malware

• Marketingandgraymailclassification,andpersonalizedcontrolsformanagementofthesetypesofmessages

• Networksandboxingand/orcontentdisarmandreconstruction(CDR)foradvanced,attachment-basedthreatdefense

• Rewritingandtime-of-clickanalysisforadvanced,URL-basedthreatdefense

• Contextinspection,displaynamespoof,cousindomainandanomalydetectionforadvanced,impostor-basedthreatdefense

• Datalossprevention(DLP)andemailencryption(pull/pushmethodsbeyondTransportLayerSecurity[TLS])foroutboundcontenttosatisfycorporateandregulatorypolicyrequirements

• Cloud-baseddelivery

Someproductsmayalsoofferemailcontinuityandarchiving,aswellason-premisesandhybriddeliverymodelarchitectures.

Market Direction

TheSEGmarketisbothhighlysaturatedandverymature.Marketgrowthhasleveledofftolowsingledigitsanddifferentiationbetweenvendorsboilsdowntojustafewcriteria.Additionally,

Capabilitiestodefendagainstanevolvinglandscapeofadvancedandtargetedthreatsdifferentiateprovidersinanotherwisematureandsaturatedsecureemailgatewaymarket.SecurityandriskmanagementleadersshouldusethisresearchtohelpevaluateandselectSEGproducts.

Key Findings

• Advancedthreats(suchasransomwareandbusinessemailcompromise)areeasilybypassingthesignature-basedandreputation-basedpreventionmechanismsthatasecureemailgateway(SEG)hastraditionallyused.

• Thirty-fivepercentofclientorganizationsthatmovetoOffice365aresupplementingtheoffering’snativelyavailableemailsecuritycapabilitieswithathird-partyproduct.

• Sixty-fivepercentoforganizationshavealreadychosenacloud-baseddeliverymodelfortheirSEG,and95%ofnewandtransitioningbuyersarechoosingcloud-baseddelivery.

Recommendations

Securityandriskmanagementleadersoverseeingnetworkandgatewaysecurityshould:

• ScrutinizeSEGproductcapabilitiesforadvancedthreatdefenseandpostdeliveryprotection,becausethesearetheleadingdifferentiatorsandmostimportantselectioncriteria.

• Consolidateinfrastructurethathasbeenaccumulatedovertheyears,andevaluateleadingproductsthatcansatisfyfuturebusinessneeds,includingDLPandemailencryption.Cloud-deliveredproductscansignificantlyreducecostandcomplexitycomparedtoon-premisesproducts,andshouldbeconsideredbyallbuyers.

• Supplementgaps(ifreplacementisnotanoption)intheadvancedthreatdefensecapabilitiesofanincumbentSEGbyaddingaspecializedproductthatistailoredforthispurpose.

Research from Gartner:

8

thereisalowpercentageofrevenuefromnewbuyers,alownumberofnewentrantstomarket,andalowlevelofvendorconsolidation.1Nevertheless,SEGsarestillofkeeninteresttoGartnerclientsasacriticalprotectiontechnology.Asaresultofthesedynamics,GartnerhasreplacedtheMagicQuadrantforSecureEmailGatewayswiththisMarketGuidetoprovidecontinuedcoverageusingaresearchmethodologythatisbettersuitedforthismarket.

Adjusting to the Shift in Threat LandscapeOneoftheprimarycriteriafordifferentiationamongSEGsisthecapabilitytodefendagainstadvancedandtargetedthreats.Whilethecorecapabilitiesofanti-spamandsignature-basedanti-malwaremayhavebeensufficientinthepast,thethreatlandscapehasshiftedtomoretargetedattacksbyhackerswithincreasingsophisticationandnation-stateconnections,andthosemotivatedbymonetizedcyberintrusions.Multivectorattacksusingevasionthroughencryptionandanti-forensicstechniqueshavebecomeprevalent.ThebaselinecapabilitiesofanSEGhave,therefore,expandedtoincludedefense

againstthreeprimarycategoriesofadvancedthreatsviaemail:

• Attachment-based(suchaspolymorphicmalwareandexploitsembeddedinMicrosoftOffice,andPDFandcompressedarchivefiles)

• URL-based,wheretheexploitisdeliveredbyawebserver

• Impostor-based(suchasbusinessemailcompromise[BEC]attacks,whichtypicallyinvolvemessagesthatdon’thaveanyURLsorattachments,butratherusesocialengineeringtoconvincethehumanrecipienttotakeaspecificaction,suchasmakinganoutboundwiretransfer,payingafakeinvoiceordisclosingsensitivedata)

Improvingprotectionfordrive-bydownloadattacksandadeclineinexploitkitactivitywilllikelyleadtoemailbeingmoreheavilyleveragedforattacks.2Mostmultiproductvendorsinthismarket,distractedbyotherproductsinabroaderportfolio,hadalloweddevelopmentoftheir

MTA=messagetransferagent;CDR=contentdisarmandreconstructionSource:Gartner(May2017)

FIGURE 1SecureEmailGatewayComponentsandCapabilities

Secure Email Gateway

Continuity

Archiving

Email Encryption

Data Loss Prevention

Advanced Threat DefenseNetwork sandboxing/CDRURL rewriting and time-of-click analysisContext inspection, spoof and anomaly detection

MTA/anti-spam/signature-based anti-malware

Anti-spam

File type blacklist/whitelist

Signature-basedanti-malware

Network sandbox

Context inspection, spoof and anomaly

detection

Advanced ThreatsAttachment-basedURL-basedImpostor-based

Legitimate, Spam and Malware

Outboundmessages

Inbound Messages

Legitimate messageswith rewritten URLs, where applicable

© 2017 Gartner, Inc.

9

SEGstowane.Asthethreatlandscapeshifted,theywerecaughtflatfootedandscrambledtoiteratetheirproducts.Incontrast,vendorsthatcontinuedtoinvestintheirSEGproductsallalongwereabletousethisasacompetitiveadvantage.Thiscapabilitiesgapintheareaofadvancedthreatdefensealsocreatesaslimopportunityforemergingplayerstocompeteaswell.Thiswillbeanarearequiringsignificantinvestmentforanyvendorthatwantstobecomeorremaincompetitiveinthismarket.

The Impact of Mainstream Cloud Office AdoptionEnterpriseadoptionofcloudofficesystems—forwhichcloudemailisakeysellingpoint—isnowmainstream(seeNote1).Gartnerpredictsthat,by2021,morethan70%ofbusinessuserswillbesubstantiallyprovisionedwithcloudofficecapabilities.ThemaincloudofficesystemsGartnerclientsaskaboutareMicrosoftOffice365,followedbyGoogleGSuite.Theplanningstagesofacloudofficeinitiativeoftenbecomeacatalystfororganizationstore-evaluateeveryproductintheemailchainagainstthenativecapabilitiesthesecloudofficevendorsclaimtoprovide.

MicrosoftOffice365includesExchangeOnlineProtection(EOP)withallplans.EOPisananti-spamandsignature-basedanti-malwareservice.MicrosoftalsooffersAdvancedThreatProtection(ATP)toaddressadvancedattachmentandURL-basedthreats.ATPisincludedinsomepricingplansandavailableforothersasanextracostoption.Furthermore,DLPandemailencryptionareavailableinsomepricingplanstoenableanorganizationtomonitor,encryptorblockmessagesbasedonpolicy.

However,GartnerclientshavefoundtheemailsecuritycapabilitiesofOffice365tobelaggingcomparedtootherSEGmarketleaders.Asaresult,35%ofclientorganizationsthatmovetoOffice365aresupplementingitsnativelyavailableemailsecuritycapabilitieswithathird-partyproduct.ImprovingthesecapabilitiesisapriorityforMicrosoft.Indoingso,Microsoftbecomesathreattoless-focusedSEGvendorsinthismarket.

GoogleGSuitenativelyprovidesanti-spam,signature-basedanti-malware,andabasicDLPcapabilityinGmailforinboundandoutboundemail.GSuitedoesnothaveadvancedthreatdefensecapabilities,althoughthisisonGoogle’sproductroadmap.

Someorganizationsarefindingthatthenativeanti-spamandsignature-basedanti-malwarecapabilitiesofcloudofficesystemsare“goodenough”andareseekingaproducttosupplementweakadvancedthreatdefense.Inthiscase,theyaren’tlookingforanSEG,butratheraspecializedproductthathasshownstrongefficacyagainstadvancedthreats,suchasransomwareorBEC(seeNote2).

Reaching the Tipping Point for Cloud DeploymentHistorically,ITorganizationshavebeenreluctanttoembracethecloudasadeliverymodelforSEGduetoconcernsaboutsecurityandcontrolcomparedtoon-premisesdeploymentoptions.AccordingtoGartner’sSecurityandRiskSurvey(seeEvidencesectionformethodology),thishaschanged—65%arenowusingcloud-basedSEGproducts.Furthermore,Gartnerclientinteractionsindicatethat95%ofnewandtransitioningbuyersarechoosingcloud-baseddelivery.Theadvantagesofthisdeploymentoption(suchasdecreasedcostandcomplexity)outweighthedrawbacks.Organizationsthathavemigratedtocloudemailandthosethatareplanningamigrationareoverwhelminglychoosingcloud-deliveredSEGs.Vendorsareabletoharnesstheprocessingpowerofacloud-deliveredSEGforbetterdefenseagainstadvancedthreats,whilealsoincorporatingproperduediligenceandnumerouscontrolattestationstosatisfymostregulatoryandprivacyconcerns.Ofcourse,someorganizationswillcontinuetokeepSEGimplementationson-premisesduetoresidualprivacy,datasovereignty,legal,integrationsupportandnetworkdesignconcerns.

Market Analysis

Differentiating CapabilitiesManyofthecapabilitiesthatanSEGisexpectedtoprovidehavebecomecommoditizedandareverysimilarbetweenvendors.Forexample,basicanti-spamiscurrentlymorethan99.7%effectiveacrossalmostallvendorsandiswithinacceptablelimitsformostorganizations.InthecontextofGartner’sadaptiveprotectionarchitectureframework,anSEGistypicallycategorizedas“preventive”sinceitisputinplacetoblockmaliciousmessagesbeforetheycanimpacttheenterprise.

Advancedthreatseasilybypassthesignature-basedpreventionmechanismsthatanSEGhastraditionallyused.Whilevendorshaveaddedadvancedthreatdefensecapabilitiestobolsterthis,organizationsshouldneverbelievethat100%preventionispossible,orbecomeoverly

10

reliantonblocking-basedmechanismsforprotection.Instead,organizationsshouldassumethattheywillbecompromisedandfocusonadditionalcapabilitiestodetectandrespondtobreaches.SeveralSEGscanprovidemoreintelligenceintosecurityoperations,analyticsandreportingplatforms.Somehavealsoaddedinteroperabilitywithotherdetection,responseandpredictivetechnologies(suchasendpointdetectionandresponse[EDR]anduserandentitybehavioranalytics[UEBA])toenablemorecomprehensiveprotection.

ThefollowingcapabilitiescanbeusedasprimarydifferentiatorsandselectioncriteriaforSEGproducts.

For attachment-based advanced threats:

Network sandbox—AnetworksandboxisusedtoinspectattachmentsandURLsthattheSEGcannotidentifyasbenignormalicioususingothermethods.Thenetworksandboxshouldcoveranextensivesetoffiletypes(includingzip,wsf,jsandmacrosthatarecommonlyusedinattacks)andembeddedURLs.Additionally,itshouldhavestronganti-evasioncapabilitiesandshouldaccuratelyidentifymalwarethatattemptstodetectthatitisbeingruninavirtualizedsandboxenvironment.

Content disarm and reconstruction (CDR)—CDRbreaksdownfilesintotheirdiscretecomponents,stripsawayanythingthatdoesn’tconformtothatfiletype’soriginalspecification,InternationalOrganizationforStandardization(ISO)standardorcompanypolicy,andrebuildsa“clean”versionthatcontinuesontotheintendeddestination.Thisreal-timeprocessremoveszero-daymalwareandexploits,whileavoidingthenegativebusinessproductivityimpactthatistypicallycausedbysandboxdetonationandquarantinedelays.CDRcanbeusedasasupplementorreplacementfornetworksandboxing,dependingontheusecase.Manyrecipientsdon’tmindreceivingacopyofadocumentthatisvisuallyidenticaltotheoriginal,butthatdoesnotcontainanycode.However,thatisnotthecaseforeveryuser.

For URL-based advanced threats:

URL rewriting and time-of-click analysis—RewriteURLsbeforetheyaredeliveredtotheuserforstrongerprotectionthantime-of-deliveryURLinspection.Thiscanbeusedto:

• DisarmtheURL(turnitintoanonclickableversionoftheURL)

• Replacewithtext(suchas“embeddedURLremovedforsecurityreasons”)

• RedirecttheURLtotheURLinspectionservicefortime-of-clickanalysisprotection

URLsinattachmentsaregenerallyleftuntouchedbymostSEGs,althoughseveralhavethisontheirproductroadmap.

For impostor-based advanced threats:

Display name spoof detection —Detectspoofedmessagesbasedonemailheadersandthesendernames.Someproductssupportthefuzzymatchingofsendernameswithalistofnamesthattheemailsecurityadministratorcansetup.ThisistypicallyalistofVIPusers.

Domain-based message authentication, reporting and conformance (DMARC) on inbound email —EnforceDMARConinboundemailtraffictoprotectinternalusersfromreceivingspoofedexternalmessagesfromdomainsthathaveimplementedDMARCinrejectionmode.ThisalsochecksthealignmentofthedomainsusedinFROMandMAILFROMemailaddresses.

Cousin domain detection—Detecttheuseofcousindomains.Most,ifnotall,SEGsallowadministratorstoincludealistofcousindomainsthatshouldbeflagged.SomeSEGvendorsdofuzzymatchingondomainstodetectsuchscams,whereasothersrequirethecustomertouploaditsownlistofcousindomains.

Anomaly detection—Detectanomalousmessagesbasedonsender,recipient,envelope,content,historyandothercontexttothwartBECattacks.

Additional differentiating capabilities:

Graymail handling —ThisisanareawheremanySEGsrequirefurtherinvestment.Mostproductsarecapableofidentifyinggraymail(thatis,solicitedbulkemailmessagesthattherecipient“opted-in”foratsomepointinthepast),butmanylackmethodsforenduserstoconfigurethehandlingofthesemessagesbasedontheirindividualandsubjectivepreferences.Considerproductswithasecureunsubscribefeature.SomeattacksmasqueradeasgraymailandhideamaliciousURLinaseeminglyinnocuousunsubscribelink.Productsmayofferasafeunsubscribecapabilitythateffectivelyreplacesthelinksinsuchmessageswithasecureone.

11

DLP and email encryption —OutboundemailsecurityfeaturessuchasDLPandemailencryptionarecriticalforintellectualproperty(IP)protectionandregulatorycompliance(suchasPCIandHealthInsurancePortabilityandAccountabilityAct[HIPAA]data).Thesecapabilitiesshouldbeweighedheavilyinbuyeranalyses.Althoughtheycanbeusedseparately,DLPandencryptionaretypicallyusedinacomplementaryapproach.Usersshouldbeprovidedwithreadilyavailableemailencryptionoptionsthatempowerthemtomaketherightdecisionwhenhandlingsensitivedataviaemail.However,iftheyinadvertentlyorintentionallyfailtodoso,thentheDLPinspectionengineforoutboundmessagescanblockorremediatethisasafail-safe.Morethan50%oforganizationsleveragetheDLPandemailencryptioncapabilitiesofanSEG.SeetheGartnerRecommendedReadingsectionforthelatestresearchcoveringbothofthesetechnologiesandthebroadermarketstheyarein.

Postdelivery protection—OrganizationsshouldconsidervendorsthathaveaddeddetectionandresponsecapabilitiestoaddressthreatsthatwerenotinitiallycaughtbytheSEGandwereallowedtolandinauser’sinbox.UsingAPIintegrationswithcloudemailsystems(suchasOffice365)orplug-insforemailclients(suchasOutlook),thesevendorscanattemptto“clawback”amaliciousmessagebyremovingitfromtheuser’sinboxafterinitialdelivery.Sincethismessagemayhavealreadybeenopenedbytheuser,theproductshouldalsobeabletoalertrelevantpersonnelandproducts(suchasanadministrator,securityoperationscenter,EDRorsecurityinformationandeventmanagement[SIEM])aboutthispotentialcompromiseforremediationorrecovery.Asinteroperabilitygetsbetterbetweenproducts,remediationactionscanbetakeninrealtimetodecreasebothincidentresponsetimeandthelevelofhumaneffortrequired.

Representative Vendors

ThevendorslistedinthisMarketGuidedonotimplyanexhaustivelist.Thissectionisintendedtoprovidemoreunderstandingofthemarketanditsofferings.Itisnot,norisitintendedtobe,alistofallvendorsorofferingsonthemarket.Itisnot,norisitintendedtobe,acompetitiveanalysisofthevendorsdiscussed.

BAE SystemsLondon,U.K.(www.baesystems.com)

BAESystemsisalargeglobalproviderofdefenseandITproducts.Itacquiredacloud-basedSEGthroughtheacquisitionofSilverSkyin2014.Asanexperienceddefensecontractor,BAESystemshasdevelopedtradecraftforaddressingadvancedthreats,andoffersdetectionandresponsecorrelationofdatafromgateways,SIEMtools,andoperationaltechnology(OT)monitoringtools.Ithasgoodvisibilityintosophisticatedattacksviaitsmanagedsecurityservicesandadvancedthreatdetectionserviceofferings.TheSEGisintegratedwithBAESystems’othermanagedcybersecurityofferings,makingitagoodfitfororganizationswithaprimaryfocusonsecurity(suchasgovernment,industrialandfinancialservices)ororganizationslookingtooutsourcetheentireemailinfrastructuretoamanagedserviceorganization.

Barracuda NetworksCampbell,California,U.S.(www.barracuda.com)

BarracudaNetworksisalong-establishedsecurityandstoragevendorthatprovidesarangeofeconomical,easy-to-useproductsthatareaimedprimarilyatmidsizeenterprises.BarracudaNetworks’productportfolioincludesstorageandapplicationdeliveryproducts,alongwithanarrayofsecurityproducts,whichcoverSEGs(includingadvancedthreatdefense),securewebgateways(SWGs),webapplicationfirewalls(WAFs),firewallsandSSLVPN.BarracudaNetworks’emailsecurityproductsareshortlistcandidatesfororganizationsthatareseeking“set-and-forget”functionalityatareasonableprice.

CiscoSanJose,California,U.S.(www.cisco.com)

Ciscohasabroadsecurityportfolioacrossmanymarketsbeyondemailsecurity,suchasfirewall/intrusionpreventionsystem(IPS),websecurityandendpointsecurity.Cisco’semailsecurityappliancesandcloudservicecanintegratewithCisco’sAdvancedMalwareProtection(AMP)ThreatGridtoprovideadvancedthreatdefensecapabilities.ThestrengthofAMPThreatGridisprimarilyderivedfromCisco’sacquisitionofSourcefirein2013andThreatGRIDin2014,aswellasitslargethreatresearchgroup.Ciscoenjoysstrategicvendorstatuswithmanyofitscustomers,andiswell-respectedinthecorenetworkbuyingcenters.ItisagoodshortlistcandidateforexistingcustomersalreadyusinganotherCiscosecurityproductandotherorganizationsseekinganattractivepriceforperformance.

12

ClearswiftTheale,Reading,U.K.(www.clearswift.com)

Clearswifthasalong-establishedpresenceintheSEGmarket,primarilyintheU.K.,EuropeandAsia/Pacific.InJanuary2017,ClearswiftwasacquiredbyRUAGandispartofitsDefenceCyberSecuritybusinessunit.Thecompanyhasexpandeditsfocustothedataprotectionandinformationgovernancemarkets.Itsproductportfoliocanalsocovermultiplecommunicationschannels(email,webandendpoint),inconjunctionwithcentralizeddatasecuritygovernancefunctionality,totrackandtracethemovementofinformationacrosstheenterprise.IntheSEGmarket,Clearswiftisareasonableshortlistcandidatefororganizationsinsupportedgeographieslookingfordataprotectionandinformationgovernanceproductswithbidirectionaladvancedredactioncapabilities.

MicrosoftRedmond,Washington,U.S.(www.microsoft.com)

MicrosoftoffersaSaaS-basedproductcalledExchangeOnlineProtection(EOP).Microsoft’sdominanceintheemailmarketandlicensingschememakesitastrategicproviderofSEGcapabilities.MicrosoftaddedAdvancedThreatProtection(ATP)inanattempttoreachfeatureparitywithotherplayersinthemarket.ItseaseofdeploymentandcompetitivestreetpricingmakeitadefactoshortlistcontenderforallOffice365customers.

MimecastLondon,U.K.andBoston,U.S.(www.mimecast.com)

MimecastistheonlyvendorinthisMarketGuidethatissolelydedicatedtoemailsecurityandmanagementissues,includingemailcontinuity,archivingande-discovery.Thecompanyismoreend-user-focusedthanothersinthissection,withsecurityoptionsmadeavailabletoendusersthroughanOutlookplug-in.ImprovementsinadvancedthreatdefenseandservicedeliveryinfrastructurehaveseenMimecastgainmarketandmindsharefromotherplayers.Mimecastisagoodfitfororganizationslookingforafocusedproviderofemailproductsinatightlyintegratedcloud-basedplatform.

ProofpointSunnyvale,California,U.S.(www.proofpoint.com)

ProofpointcontinuestoleadthemarketwithR&Dinvestmentsininnovativefeaturesandcorporateacquisitionstocomplementitsenterprisecapability(forexample,theacquisitionofthefrauddivisionofReturnPath,aswellastheacquisitionsofFireLayers,Sendmail,ArmorizeTechnologiesandNetCitadel).Ithasthesharpestfocusonemailsecurityissues,particularlyadvancedthreatdefense,resultinginoneofthehighestgrowthratesinthismarket.InadditiontoSEGcapabilities,thecompanyoffersemailcontinuity,archiving,e-discovery,socialmediarisk,largefiletransferandincidentresponse.Proofpointisaverygoodshortlistcandidatefororganizationslookingforafullrangeofbest-of-breedSEGfunctionalityinsupportedgeographies.

SpaminaMadrid,Spain(www.spamina.com)

SpaminaoffersregionalspecializationsinEMEAandLatinAmericaforabroadportfolioofcloudandon-premisesproductsthatincludeSEG,archiving,securecollaborationandmobilemessaging.Spaminaprovidesasingleadmininterfaceforallofitscloud-basedproducts,withsecurityoptionsmadeavailabletoendusersthroughanOutlookadd-inormobileapp.Spaminarecentlyaddedadvancedthreatdefensecapabilitiesthatcustomerscanbuyasanoptionaladd-ontoitsSEG.Spaminaisareasonableshortlistcandidatefororganizationsinsupportedgeographieslookingforaholisticapproachtosecuremessagingthatincludesbothgatewaysandcollaborationproductsondesktopandmobile.

SymantecMountainView,California.U.S(www.symantec.com)

Symantechasabroadsecurityportfoliothatcoversemail,data,endpointandwebsecurity.SymantecisoneofthelargestSEGvendorsbymarketshare,withmatureSEGcapabilitiesavailableinavarietyofformfactors.Symantec’sSEGcustomerscanbenefitfromdeepintegrationwithitsAdvancedThreatProtectionoffering(whichhasbeenbolsteredbytheadditionofthethreatintelligencenetworkfromthe2016BlueCoatSystemsacquisition)oritspowerfulenterpriseDLPproduct.Symantecisareasonableshortlistcandidateformostorganizations.

13

Trend MicroTokyo,Japan(www.trendmicro.com)

TrendMicroisamajorproviderofthreatanddataprotectionproducts,andwasanearlyentrantintheSEGmarket.ItsSEGproductisofferedinabroadrangeofdeliveryformfactors.TrendMicroalsooffersrobustmailserversecurity,whichprovidestoolsforsecuritytasksthatcan’tbeaccomplishedatthegateway.TrendMicroisprimarilyfocusedonbuildingoutitsoverallenterprisebusinessbygrowingitsresellerandchannelpresencesinNorthAmericaandEuropetobettercomplementitsverystrongpresenceinitshomeregion,APAC.TrendMicroisashortlistcandidateprimarilyfororganizationsthatalreadyhaveastrategicrelationshipwiththevendor.

Market Recommendations

Securityandriskmanagementleadersoverseeingnetworkandgatewaysecurityshould:

• ScrutinizeSEGproductcapabilitiesforadvancedthreatdefenseandpostdeliveryprotection,becausethesearetheleadingdifferentiatorsandmostimportantselectioncriteria.

• Consolidateinfrastructurethathasaccumulatedovertheyears,andlookforleadingproductsthatcansatisfyfuturebusinessneeds.Cloud-deliveredproductscansignificantlyreducecostandcomplexity,andshouldbeconsideredbyallbuyers.Inthelongerterm,organizationsshouldconsideropportunitiestoconvergetheentireemailstack,frommailboxestoarchiving,intoasinglevendor’scloud-deliveredsolutionoracombinationofon-premisesandclouddeliverymodels.

• SupplementgapsintheadvancedthreatdefensecapabilitiesofanincumbentSEGbyaddingaspecializedproducttailoredforthispurpose,ifreplacementisnotanoption.NotallSEGvendorsincludebest-of-breedadvancedthreatdefensecapabilities.Furthermore,manyorganizationsarenotabletopursuea“ripandreplace”approachduetotheimplicationsforDLPandemailencryption.Thesearetypicallyseparateinitiativesthataretiedtobusinessprocessesandstakeholders,sotheyaddadditionaltimetoatechnologymigration.ShouldthisbethecaseforyourincumbentSEG,considercomplementingitwithaproductthatprovidesadditional

protection.Mostsecurityandriskmanagementleaderswouldprefernottochaintogethermultiple,fullSEGs.Theywillconsidereitherreplacingtheircurrentproductoraddingaspecializedproductthathasshownstrongefficacyagainsttargetedphishingattacks,suchasBEC,thatincludescousindomainandanomalydetection(seeNote2).

• MakeanefforttounderstandbusinessrequirementsforDLPandemailencryptionoverthenextthreeyearsandevaluateproductsaccordingly.Althoughitisnotoptimal,SEGDLPcapabilitycanbeimplementedindependentlyofenterpriseDLPtosatisfyemail-specificaspectsofregulatorycompliance,enforceacceptableusageorenableautomaticemailencryption.ForIPprotection,however,buyersofSEGDLPmustunderstandhowitwillintegrateintoamore-holisticenterprisedatamanagementstrategy.

• Understandthateffectivemitigationofinboundmaliciousmessages(suchasphishingattacks)requiresCISOstotakeamultiprongedapproachthatspanstechnical,proceduralandeducationalcontrols.SeetheGartnerRecommendedReadingsectionforthelatest“fightingphishing”researchthatdiscussesthefullscopeoftheinboundphishingthreatandidentifieseffectivemitigationstrategies.

Evidence1IntelSecurityannouncedtheendofsaleforitsMcAfeeEmailSecuritySolutionsinOctober2015.

2See“ExploitKit-BasedAttacksDeclineDramatically”and“TrackingtheDeclineofTopExploitKits.”

Thefindingsandrecommendationsinthisresearchwerederivedfrommorethan700GartnerclientinteractionssinceJuly2015onthetopicofemailsecurity,aswellasfromGartner’sAnnualSecurityandRisksurvey.

GartnerconducteditsAnnualSecurityandRisksurveyinfivecountriesbetween24Februaryand22March2017inordertobetterunderstandhowriskmanagementplanning,operations,budgetingandbuyingareperformed,especiallyinthefollowingareas:

• Riskandsecuritymanagement

• Securitytechnologiesandidentityandaccessmanagement(IAM)

14

• Businesscontinuitymanagement

• Securitycomplianceandauditmanagement

• Privacy

Theresearchwasconductedonlineamong712respondentsinfivecountries:theU.S.(141respondents),Brazil(143respondents),Germany(140respondents),theU.K.(144respondents),andIndia(144respondents).

Qualifyingorganizationshaveatleast100employeesand$50million(USDequivalent)intotalannualrevenueforfiscalyear2016.Allindustrysegmentsqualified,withtheexceptionofITservices,andsoftwareandIThardwaremanufacturing.

Further,eachofthefivetechnology-focusedsectionsofthequestionnairerequiredtherespondentstohaveatleastsomeinvolvementorfamiliaritywithoneofthetechnologydomainsweexplored.

Note 1. Cloud Office Systems

Cloudofficesystemsincludecreative,collaboration,communication,social,coordinationanddataservices,alongwithAPIsthatenableintegrationwithothersystems.MicrosoftOffice365andGoogleGSuitearetheprimaryexamples.Ataminimum,cloudofficeproductsincludecapabilitiesforemail,socialnetworking,filesynchronizationandsharing,documentcreationandediting,screensharing,IM,audioconferencing,andvideoconferencing.Mostbuyersstartwithasubsetthatincludesemail.Thebroadterm“cloudofficesystems”isagenericlabel.Theterm“MicrosoftOffice”referstoaspecificrangeofproductsfromMicrosoft.

Note 2. Specialist Products for Advanced Threat Defense Capabilities

SamplevendorswiththistypeoffocusedofferingincludeAgari,Area1Security,FireEye,GlasswallSolutions,GreatHorn,Ironscales,VadeSecureandVotiro.Whenconsideringthisoption,securityandriskmanagementleadersshouldcarefullyassessthesevendors’productsbecausetheirfeaturesanddeploymentoptionsvarygreatly.BecausenotallorganizationswillwantanadditionalMTAintheemailflow,manyvendorsinthisspacewillofferdetectiononly,andonlyrequiretheforwardingoftraffic(throughBCCorjournaling,forexample).OtherswillintegratewithcloudemailprovidersthroughAPIs.

Source:GartnerResearchNoteG00320003,NeilWynne,03May2017

15

AboutSPAMINA

SPAMINA,isaEuropean-basedsecuritycompanythatdevelopsandprovidescorporationswithflexibleandSecureDigitalCommunications.Managingandmitigatingcyber-crimerelatedriskiscritical.Widelyknownelectroniccommunicationsmeanssuchasemail,aswellastheincreasinglyusedinstantmessaging,arechannelswherethecorporatedigitalassetscanbejeopardized.SimileFingerprintFilter®proprietarytechnologyprotectscorporatenetworksfromadvancedandzero-daythreats.Spaminaprovideswithasafecommunicationenvironmentwherebusinesscontinuity,servicescalabilityandcost-effectivenessareensured.

Ourcloudservicesrangefromenterprisesecureemailplatform,enterprisemobilemanagement,email&IMgatewayprotectiontoarchivingandencryption&DLPsolutionsforlegalcompliance.

Acloudenvironmentinvolvesstorageandtransferofdigitalinformation.SpaminaissubjecttothemostdemandingEUregulationsintermsofdataprotectionandiscommittedtoensuringthehighestsecuritystandardsfordigitalsafeguard.

SpaminarecognizedintheMarketGuideforSecureEmailGatewaysispublishedbySpamina.EditorialcontentsuppliedbySpaminaisindependentofGartneranalysis.AllGartnerresearchisusedwithGartner’spermission,andwasoriginallypublishedaspartofGartner’ssyndicatedresearchserviceavailabletoallentitledGartnerclients.©2017Gartner,Inc.and/oritsaffiliates.Allrightsreserved.TheuseofGartnerresearchinthispublicationdoesnotindicateGartner’sendorsementofSpamina’sproductsand/orstrategies.ReproductionordistributionofthispublicationinanyformwithoutGartner’spriorwrittenpermissionisforbidden.Theinformationcontainedhereinhasbeenobtainedfromsourcesbelievedtobereliable.Gartnerdisclaimsallwarrantiesastotheaccuracy,completenessoradequacyofsuchinformation.Theopinionsexpressedhereinaresubjecttochangewithoutnotice.AlthoughGartnerresearchmayincludeadiscussionofrelatedlegalissues,Gartnerdoesnotprovidelegaladviceorservicesanditsresearchshouldnotbeconstruedorusedassuch.Gartnerisapubliccompany,anditsshareholdersmayincludefirmsandfundsthathavefinancialinterestsinentitiescoveredinGartnerresearch.Gartner’sBoardofDirectorsmayincludeseniormanagersofthesefirmsorfunds.Gartnerresearchisproducedindependentlybyitsresearchorganizationwithoutinputorinfluencefromthesefirms,fundsortheirmanagers.ForfurtherinformationontheindependenceandintegrityofGartnerresearch,see“GuidingPrinciplesonIndependenceandObjectivity”onitswebsite.

More information:

Phone:+34913687733

www.spamina.comsales@spamina.com