Story image

Why third-party email security is a vital part of a layered security offering

Wed 12 Aug 2015
FYI, this story is more than a year old

When it comes to cybersecurity smart IT professionals know that the best protection strategy is one that employs ‘defense in depth’. Layering different types of defence together enables you to provide multiple layers of protection.

But for a truly robust cyberdefence, you must not forget to protect what is ultimately one of your most powerful and vulnerable communication channels: email.

Today, email is the lifeblood of most companies. According to Radicati’s 2014-2018 Email Statistics Report, there were 4.1bn email accounts in 2014, and this will grow to 5.2bn within four years.

Business is the biggest source of email traffic, said the report, accounting for 108.7bn emails per day in 2014 – and the number of business-related emails will increase to 139.4bn daily by 2018.

Unfortunately, email is also the most common vector for cyber attacks. Spam is a frequent problem for business users, who may be sent harmful attachments that could infect computers and bring down entire enterprises. In Q3 2014, the number of spam email messages sent globally topped 10 trillion, according to McAfee Labs’ Threats Report.

So, having an extra layer of defence in place has never been more important.

In search of a solution, many companies have moved to cloud-based email providers in the hope that this will mitigate the problem, but this is not the case. One of the most commonly turned to system is Office 365.

A core component of Office 365 is email hosting, through a hosted version of Microsoft Exchange Server. While the software giant has taken significant steps to improve security within its service offering, there are still inherent vulnerabilities for businesses in relying wholly on a single vendor, particularly one that has not had a historical focus on security.

With this in mind here are 12 reasons why you should be employing specialist third-party email protection on top of what you already have:

1/ Prevent inbound spam, malware and malicious links embedded in email by using multiple antivirus engines.

2/ Detect outbound spam, malware, malicious links in email from a compromised email server or workstation.

3/ Detect high volumes of outbound mail or inbound mail to detect infrastructure compromise.

4/ Prevent business IP addresses from becoming black listed as a result of compromise.

5/ Optimise network bandwidth for business applications like VPN. Filtering only passes legitimate email, scrubbing out spam to free up bandwidth.

6/ Protect the mail server and/or external IP from denial of service, brute force SMTP or connection-based denial of service attacks.

7/ Log and archive correspondence for e-discovery and regulatory compliance.

8/ Safe guard availability of system and protection of confidential information from email based attacks.

9/ Reduce load and disk usage on server or client workstation by filtering spam before it arrives.

10/ Protect organisation reputation from social engineering attacks such as scams, chain letter or emails that trick user into system modification to facilitate data breach.

11/ Allow system maintenance and downtime by having email protection queue mail till server or clients come back online.

12/ Allow access to email as a result of hosted service failure or on premise disaster. Maintain email to notify customers of issues or problems.

For more information on how to add an extra layer of defence to mail clients like Office 365 download our free whitepaper.

Ian Trump is MAXfocussecurity lead at LogicNow

Recent stories
More stories