Email Security

Email Security Buyers Guide 2024

How to choose the right email security software.

Email Security Buyers Guide

Email security risks are the number one cause of data breach in the enterprise, so it’s never been more important to find an effective solution. In this guide, we’ll cover:

  • How email security works
  • The best email security vendors
  • A features checklist
  • Our advice on picking the best software
  • Where the email security market is heading

Why It Matters: Email threats continue to rise, but finding the right solution is a challenge in a competitive market with multiple options for implementing email protection.

  • 94% of organizations fell victim to email phishing last year (Egress)
  • Upwards of 54% of ransomware attacks begin with a malicious email (Statista)
  • There has been a 1,265% increase in phishing emails since the launch of ChatGPT (CNBC)

What Are Experts saying? Organizations are continuing to invest in cloud and SaaS, where phishing is a major threat that can lead to password theft and account compromise.

  • “Most breaches occur because someone has taken over an account. Social engineering is a very powerful mechanism for attackers.” Mike Britton, CISO at Abnormal Security tells Expert Insights.

How Email Security Works: There are three common ways that email security is deployed in the enterprise:

  • Secure Email Gateways (SEGs): SEGs work by scanning inbound and outbound email traffic using multiple layers of inspection. SEGs require you to configure your DNS MX-records to route all incoming email traffic through the SEG before it reaches the internal/cloud mail server.  
  • API-Connection: Cloud-native email security tools use machine learning to inspect email content and analyze user behavior. They also provide context to end-users, such as warning banners on suspicious email messages. They connect via API to M365 or Google Workspace.
  • Mail Flow Rules: Works like a SEG, but instead of changing your MX and SPF records, inbound email is received by the cloud hosted email platform and routed to the email filtering provider. This means the service can work alongside native filters and is easier to deploy and trial.

A caveat to the above list is that Mail Flow rule-based filtering is often deployed via API. Analyst firm Gartner have combined API-based and mail flow rules email filtering together in a category of solutions they call ‘Integrated Cloud Email Security.’ 

Where email security gets a bit confusing is that many email providers offer multiple deployment options – and mail flow rules can be deployed via API.

Why Does Deployment Matter? The method of deployment has advantages and disadvantages for different email security requirements and use cases.

  • SEGs are a good fit for on-prem teams looking for inbound spam filtering and antivirus. They filter all inbound and outbound emails before they are delivered to inboxes. However, they are harder to deploy and if they go down, you will lose email access.
  • API-based solutions or mail flow rules-based deployments are the best option for cloud-native organizations looking for protection against phishing. They are easy to deploy and fast. The downside of API-based deployment is a possible delay of up to 45 seconds on scanning email messages and API-throttling.

Good To Know: SEGs can be used alongside an API-based solution. This is an effective way to get the best of both worlds, and we would recommend it for teams needing very strong email protection.

The Bigger Picture: Longer term, we see the SEG market transitioning toward mail flow rules rather than MX-record deployment. This will most likely become the most common email security deployment. The traditional SEG will still be provided, but only for on-premises deployment.

Who Are The Best Email Security Providers? We’ve put together shortlists of the top email security providers across multiple categories.

Features Checklist: When choosing an email security solution, there are several crucial features to look for:

  • Email Filtering: Detection engines to detect and filter inbound and outbound malicious email including spam, malware phishing, business email compromise. 
  • Natural Language Phishing Detection: Analysis of email content to detect and remediate against plain-text phishing emails.
  • URL Analysis: Time of click URL protection and sandboxing is critical to prevent users visiting malicious web pages. 
  • Attachment Sandboxing: Robust anti-virus and anti-malware engines to detect and block malicious attachments and ransomware.
  • Account Takeover Protection:  Machine learning analysis to detect email account takeovers and reduce the risk of business email compromise. 
  • End-User Reporting: End users should be able to report suspicious email messages to admins. 
  • Warning Banners: Warning banners on email can alert users to potential scams and impersonation attempts.
  • Reporting: There should be comprehensive reporting across the email channel, including blocked threats and user risk scoring.
  • SaaS Protection: Many solutions offer extended account protection across other SaaS applications, like Microsoft OneDrive, Microsoft Teams, and Slack. 

Email Security Recommendations: Our recommendations for finding the right email security solutions are:

  1. If you’re a cloud-native organization, consider moving away from a secure email gateway to an API-based solution or mail flow rules solution for easier deployment and stronger phishing protection.
  2. If you’re not using M365 enhanced security, you should deploy a solution that combines SEG/mail flow rules for boundary protection and API for mailbox protection against phishing.
  3. If you are using M365 enhanced security, deploy a solution that uses API for mailbox protection against phishing and BEC.
  4. If protecting against malware, spam, and malicious web URL links is your main requirement, deploy a solution that is either SEG for on-premises or mail-flow rules based in the cloud.
  5. With SEGs and mail flow rules, you are routing email via a 3rd party. If they go down, your email goes offline. Choose a provider with a robust SLA and proven track record.
  6. Microsoft 365 and Google Workspace offer increasingly strong protection against phishing, but for the best protection pair them with a dedicated third-party email tool.
  7. Consolidate your tools by investing in email platforms that offer protection for SaaS apps like Slack & Teams. Also consider platforms that support other use cases like encryption, DMARC and archiving.

Where Is Email Security Headed? Expert Insights CEO Craig MacAlpine recently outlined his thoughts on where the future of email security is headed. The main takeaways are:

  1. Companies continue to move away from the traditional SEG toward mail flow rules-based deployments using API.
  2. Email security will broaden into ‘human layer security’ using email data to protect against wider threats –for example, someone emailing documents to their personal email address is an indicator for compliance breaches.
  3. Email protection will continue to extend across SaaS apps like Microsoft Teams, Slack, OneDrive, SharePoint, Dropbox etc., to prevent account takeover attacks.
  4. Email protection will bleed into other security categories, such as awareness training, identity and access management, security information and event management, as email data is becoming more easily accessible via API.
  5. There will be more focus on protecting the content inside email inboxes, such as 2FA links, password reset links etc., as this data can cause significant breaches across your stack.

Further Reading