Selecting the right email security solution is critical for safeguarding organizations against phishing, malware, and other email-borne threats.
How can organizations choose a solution that effectively filters threats, adapts to evolving tactics, and integrates smoothly with existing email platforms while maintaining a user-friendly experience?
We asked 9 experts to share their insights.
Brian Reed, Senior Director of cybersecurity Strategy, Proofpoint: Organizations looking at modern email security platforms that provide comprehensive email security. This is done through three main points in the email communications flow:
- Pre-delivery – Inspecting and actively preventing threats before they arrive in an end user’s mailbox
- Post-delivery – Inspecting messages after delivery, in order to look for additional threats, such as links activated post-delivery, or advanced BEC threats, or other suspicious and sophisticated fraudulent communications
- Click-time – Inspecting messages at the point a user interacts with the message (click on the link, download the attachment) to provide an additional layer of inspection and potential protection. Read the full Q&A .
Usman Din, Director of Product Management, Cisco Security: We encourage CISOs to research solutions that provide the most advanced AI capabilities and demonstrate a clear and strategic roadmap for continued AI-driven innovation. While AI has immense potential to enhance security, firms without robust data protection policies risk exposing sensitive customer information. If customer data used to train AI models is not properly safeguarded, it could lead to breaches or misuse, undermining trust and compliance. Additionally, over-reliance on AI without proper human oversight can result in missed threats. Read the full Q&A .
Angel Grant, SVP of Product Marketing Management, Mimecast: Organizations need to look for a unified and dynamic solution to help protect collaboration, detect insider risk, simplify compliance, and empower their users. CISOs must prioritize email security solutions that provide seamless integration into existing ecosystems while offering comprehensive visibility across potential attack vectors. It’s crucial to choose platforms that responsibly leverage AI to enhance detection and automate threat response, enabling teams to stay ahead of increasingly sophisticated attacks. Additionally, platforms that offer advanced anomaly detection and robust employee training programs can equip organizations to identify and mitigate threats like impersonation and malicious QR code or CAPTCHA attacks effectively. Read the full Q&A.
Olesia Klevchuk, Director of Product Marketing, Barracuda Networks: CISOs need to continue to adopt layered defenses. They should look for solutions that combine pre-delivery and post-delivery capabilities to address modern threats comprehensively. Choosing a platform with robust automated incident response will reduce the time and effort required to mitigate threats. Focusing on AI and machine learning will ensure that the solution uses advanced analytics to detect and respond to emerging threats. While opting for cloud-native, API-driven solutions will make it easier to scale and integrate with existing security stacks Prioritize vendors offering direct, responsive customer support and proactive Service-Level Agreements (SLAs). This personal and immediate assistance will ensure that your organization stays protected by getting the right help when it matters most. Read the full Q&A .
Tony Anscombe, Chief Security Evangelist, ESET: Do not rely on Microsoft’s protection only. Companies require multiple layers of security. ESET detects hundreds of thousands of threats every year that pass through Defender’s security and that’s where ESET Cloud Office Security acts as an additional security layer. Business Email Compromise (BEC) is significant and can be costly. Email systems need to be complimented with other security, such as multi-factor authentication, vulnerability and patch management, and other technologies that prevent the initial access vector used by bad actors Combine technology with human oversight. To assist in avoiding a Business Email Compromise incident, any request for wire transfer of funds or other financial requests should always be combined with physical confirmation, a phone call, in-person approval, etc. Read the full Q&A.
Rodolfo Saccani, CTO & R&D Manager, Libraesva: I can imagine how frustrating it must be to navigate the complex world of email security solutions, where glossy brochures filled with buzzwords and features can make it hard to find a clear answer. When choosing an email security solution, look for vendors with a strong track record of customer loyalty and retention. In fact, some providers deliver extremely high renewal rates, such as Libraesva, which has successfully retained 96% of its customers at the end of each contract term Testing an email security solution with your own email traffic is a straightforward and risk-free process. It’s the most effective way to gauge the solution’s performance and ensure it meets your specific needs. Read the full Q&A.
Eddie Monaghan, Sales Enablement Officer, TitanHQ: Make sure you are speaking with an e-mail security vendor that is deploying both AI and LLM in their layers of protection. Bad actors are deploying the latest in AI to infiltrate users’ inboxes. Therefore, it is imperative that security vendors protect these inboxes with best technology in the same space. Look for pedigree in an e-mail security solution. Ideally, you should be speaking with a vendor that has a rounded offering and incorporates both traditional and innovative tools to protect your team. Ask each vendor how they make sure that your end users are aware of the latest threats and how they prepare your end users to combat these. Human Risk is the “last mile” of email security. Your email security vendor is best placed to educate your users in these risks. Read the full Q&A.
Rajan Kapoor, Field CISO, Material Security: Take a full view of your environment–look at your inbound protections, of course. But take a broader look at your security operations around your email. Take a full inventory of the risks across your environment, look at where your security team is spending their time around email and productivity suite security, and make sure those line up. How much sensitive data lives in your inbox–and which inboxes have the most critical files? How many files within your Drive contain sensitive data and are shared outside your organization? Are there gaps in your SSO federation or MFA deployment? How many third-party apps could an attacker get to from a compromised inbox? There is no one-size-fits-all security program. Every company’s unique organizational structure and workflow creates unique risks. The first step toward mitigating those risks is understanding them. Read the full Q&A.
Zack Schwartz, VP of Business Development, Trustifi: CISOs should prioritize platforms that offer advanced threat protection, leveraging AI and machine learning. A cloud-native solution that integrates seamlessly with providers like Microsoft 365 and Google Workspace is essential to address native security gaps. User-friendliness is critical; solutions with intuitive dashboards, one-click encryption, and minimal configuration ensure high adoption rates across the organization. Strong compliance and encryption capabilities are also vital. Real-time visibility and detailed reporting are key for monitoring threats and managing security policies effectively. The solution should be scalable. It’s also important to assess the vendor’s track record, customer support, and commitment to innovation. Finally, CISOs should consider platforms that include employee training tools and phishing simulations to address human vulnerabilities. Read the full Q&A.
Further reading
