Barracuda is a popular and effective email security platform delivering a Secure Email Gateway (SEG) to monitor traffic into and out of your inbox. It is praised for its clear display of extensive data points, reliable spam and malware blocking capabilities, and granular policy options.
Broadly, important features in a SEG include the tools on offer to investigate and deal with malicious content. This might include multiple filtration layers, sandboxing, URL rewriting and CDR (Content Disarm and Reconstruction). Some solutions also offer advanced revoke features to remove suspicious emails from multiple inboxes. Aside from threat detection itself, SEGs often offer various other features to help you protect your users’ inboxes. You might want a solution that presents detailed reports and post-attack forensics, for example. Does the solution monitor what content leaves your email accounts, too? What type of encryption and DLP (Data Leak Prevention) is on offer?
Barracuda is a leading solution for all of these features. However, the email security market is competitive. There are several companies that have their own strong track records, and several newer companies are bringing strong features to the table. In this list, we will consider some of the alternatives to Barracuda, highlighting key features and which organizations they are best suited for.
SpamTitan is an Irish based email security company that offers a host of tools to block sophisticated phishing attacks, and nuisance spam emails alike. SpamTitan offers outbound email security as part of its DLP package – this ensures sensitive data cannot be shared through your email accounts.
SpamTitan Email Security Features:
SpamTitan utilises a web portal with a large quantity of granular detail. This portal can be used by an administrator, or user, to control content and filtration levels. The portal also gives an insight into outbound email security – this ensures that if a user’s account is compromised, it cannot become a means of disseminating malicious or sensitive material.
A multi-layered approach to spam filtration results in SpamTitan having a 99.99% catch rate, with a 0.003% false positive rate. The solution combines SPF (Sender Policy Framework) to reduce the chances of phishing, with SURBL’s (a blacklist of commonly emailed URLs), with Bayesian analysis (to create an adaptive list of common spam identifiers). The solution utilizes two AV services – Bitdefender and Calm AV – to protect you and your inbox.
The sandbox feature offered by SpamTitan ensures that any suspicious content is appropriately handled and doesn’t pose a risk. In-depth, sophisticated analysis means that only safe files are let through.
While SpamTitan is a very easy solution to roll out, it has the capacity to scale to suit your organization’s needs. There is scope for unlimited number of users, multiple domains, and multi-level administrator roles. No matter the size of your organization, SpamTitan can be tailored to block malware, spear-phishing, APTs, then offer insight into how best to mitigate these threats.
Expert Insights’ Comments: As it is a cloud-based service SpamTitan can be quick and easy to roll out. This makes SpamTitan an attractive solution for those who want an easy deployment process. We would recommend SpamTitan for MSPs and SMBs and organizations who need a manageable and customizable email security solution.
Proofpoint is a California based company that has been providing digital security solutions since 2002. Proofpoint Email Security can be operated as a cloud, on-premises, or hybrid installation to suit the specific needs of your organization. The solution runs effective protection against phishing and spoofing, as well as detecting malware, and blocking spam and graymail.
Proofpoint Essentials Features:
Proofpoint uses multiple layers of detection to identify malicious emails, as well as nuisance ones. It incorporates machine learning and NexusAI to produce a low number of false positives, ensuring work can be completed efficiently, leveraging Proofpoint’s leading global threat intelligence network.
Admins can configure in-depth controls to tailor policies, enabling users to work efficiently and seamlessly while blocking malicious emails. Proofpoint delivers a SEG with inbound, outbound, and internal protection, alongside email encryption and DLP.
Emails can have color-coordinated warning banners applied to ensure users are aware of emails that have the potential to be malicious. Users are given a brief explanation of why the email has been flagged, allowing them to be more cautious when interacting with it.
BEC attacks can be prevented through Proofpoint’s extensive analysis of attributes like message header data, IP address and reputation, and message body language. Proofpoint can also reveal which users are most at risk and automate their level of threat protection. This tailored approach reduces your risk overall.
Expert Insights’ Comments: Many users praise how effective Proofpoint is at blocking malicious email messages. The email quarantine allows admins to tighten policies, without losing important emails. We would recommend Proofpoint Email Security and Protection for organizations who need a comprehensive email security solution.
Abnormal Security is a relatively new entrant to the post-delivery protection email security market. The company was founded in San Francisco in 2018, and scores highly with users complimenting Abnormal Security’s level of automation. Users can reduce the number of nuisance and malicious emails they receive and improve security against phishing and account takeover.
Abnormal Security Features:
Rather than relying on a database of static features to decide how to react to an email, Abnormal Security builds detailed profiles of internal users and external vendors to create behavioral baselines. The solution can analyze usual relationships, behavior, communication patterns, typical tone and content shared to identify any instances that do not fit with these expectations. These anomalies might suggest when a user has been compromised, or an email is malicious. When this occurs, warnings can be sent to end users.
By integrating Abnormal Security with Microsoft or Google, you can simplify your email security stack, whilst maintaining a secure system – Abnormal calls this Integrated Cloud Email Security (ICES). This removes the need for a dedicated SEG by utilizing the capabilities inherent within Google and Microsoft. As the platform integrates via API, the solution is quick to deploy, ensuring you can continue to work efficiently.
Because Abnormal has a detailed picture of your users, the end-user experience can be personalized to automatically sort emails. This makes handling graymail efficient and frictionless. This specific criteria for graymail, spam, malware, etc. can be altered from within a single dashboard. From here, you can get an overview of the insights generated from abuse mailbox analysis, employee profiles and remediation rates.
Expert Insights’ Comments: Many users commend the ease of integration and the reduction in spam and malicious emails once they installed Abnormal Security, although some admins suggest that they would prefer to have more control over customization. We would, therefore, recommend Abnormal Security to SMBs who want an effective, low maintenance solution that can be closely integrated with Microsoft 365 and Google Workspace.
Avanan, acquired by Check Point in 2021, provides a comprehensive cloud email security solution. The AI-powered service sits between default spam filters, and before the inbox. This allows the AI to identify the most sophisticated threats that pose the greatest risk to you. This also gives Avanan access to all outbound traffic, ensuring there is no data leakage.
Avanan Cloud Email Security Features:
Avanan provides comprehensive security coverage that is easily integrated with cloud tools like Microsoft 365, Google Workspace, and Slack. This can be set up and configured in less than five minutes, allowing for minimal disruption. Policy customization is made simple through the web-based dashboard. From here, admins have full visibility of suspicious email traffic and attacks. The “Security Stack” tab shows the range of antivirus, incident monitoring, and data leakage engines that are currently being used.
To prevent phishing attacks, Avanan utilizes AI and machine learning to analyze all the data that is contained within an email, as well as the contextual factors surrounding the communication. If a phishing attack is made, the admin can access extensive forensic details like network, process, registry, and exploited macros, to understand how the attempt was carried out.
This multi-layered approach to email security decreases the chances of any malicious assets entering your inbox. If something does slip through the filters, Avanan’s continual behavior monitoring, and automatic quarantining will identify the threat and resolve it before a user has time to access it. Sandboxing capabilities can be applied to inbound, outbound, and internal messages to prevent the spread of malware.
One of Avanan’s key differentiators is that coverage extends beyond just your email account. Your cloud accounts – OneDrive, SharePoint, Google Drive, Dropbox, Slack, and Teams – are overseen by DLP systems so that you are protected however you work.
Expert Insights’ Comments: Users praise the speed that Avanan can be deployed, and the amount of data that is accessible through the clear dashboard. We would recommend Avanan Cloud Email Security for organizations of any size who are looking for powerful protection against email-borne threats and need easy integration with a cloud hosted email like Microsoft 365 or Google Workspace.
Cisco offers a strong SEG that provides extensive protection against spam, BEC and phishing attacks. Secure Email employs several filters and identifiers to catch malicious and nuisance emails.
Cisco Secure Email Features:
Cisco has a large research team analyzing emerging email threats to ensure that you will always have access to cutting-edge threat protection. Cisco Secure Email combines evidence gathered by Cisco Talos – a market leading threat intelligence network that monitors 600 billion emails per day – with machine learning to deal with threats at the earliest opportunity. Secure Email can identify stealthy malware that evades initial detection.
The solution can be deployed from a cloud, virtual, on-premises, or hybrid ecosystem. Migrating to the cloud can be staggered to ensure workflow can be maintained whilst legacy systems are replaced. The platform provides detailed insights from the systems overview dashboard – threats can be broken down by type, users, devices, with risk scores given to applications used.
Cisco Secure Email also offers DLP, email encryption, and automated DMARC procedures to ensure your domain address is not being used (or spoofed) to distribute spam or malware. These features help ensure your organization complies with industry regulations.
Expert Insights’ Comments: We would highly recommend Cisco Secure Email to larger organizations who need advanced threat detection and protection. Cisco Secure Email is a particularly good choice if your organization already uses Cisco solutions such as Umbrella, as these can be integrated to give you strong multi-layered protection.
IRONSCALES is an American & Israeli email security solution that uses AI to provide continuous, intelligent monitoring to keep your email accounts safe from phishing, social engineering, and credential harvesting. Once installed, the system runs a 90-day scanback to build an understanding of users, and to identify any emails missed by your pre-existing security solution. IRONSCALES also supports user security awareness training, managed via the email security admin console.
IRONSCALES uses advanced analysis tools to prevent users’ email accounts being used to administer malware and ransomware. Credential theft, BEC and phishing attacks can also be mitigated by the self-learning AI feature. IRONSCALES proactively scans your users’ mailboxes to identify any URLs that have become weaponized after passing through the filter layers.
Auto-remediation tools are based off cloud-sourced threat intelligence – this means that whenever an email is flagged as suspicious by an end-user, IRONSCALES can respond to this threat in all mailboxes, regardless of whether they are part of your network or not. This leverages the entire IRONSCALES network to reduce the chance of a malicious email having an effect. Warning banners are added to suspicious emails whilst in an inbox, and users can report suspicious messages from any device.
Any email that is flagged as suspicious will automatically be triaged by an autonomous AI. Emails that exhibit similarities with the flagged email, can be detected and removed by the AI. This is much faster and more effective than relying on a human security team.
From their admin console, IRONSCALES allows admins to access real-time data on email traffic within an organization. From this they can make decisions regarding phishing mitigation and resolve incidents easily, from wherever they are.
Expert Insights’ Comments: IRONSCALES is an effective solution that delivers a high level of security out of the box. Many users praise its effectiveness, ease-of-use and integrations. IRONSCALES has specific plans for both SMBs and enterprises, meaning that the solution can be optimized for however large your company is. We would, therefore, recommend IRONSCALES to SMBs or enterprises who need a complete email security solution that is effective and reliable.
Agari offer a cloud-based suite of effective tools to combat phishing, BEC, malware and protect your brand form spoofing. Agari was acquired by HelpSystems in May 2021.
Agari Secure Email Cloud Features:
Agari provides actionable intelligence to help management teams understand the risks that their organization face. They can then work with Agari to combat these threats and improve their security posture. This is backed up with detailed statistics and data – your level of financial exposure can be quantified too.
The solution can reduce phishing attacks by using sophisticated AI to understand the relationship between sender and recipient, to identify normal behaviour, from anomalous (suspicious) behavior. This approach is fast and effective, meaning there is as little friction as possible. Every email is given a score based on the probability of it being malicious. This score is accurate and allows the remediation threshold to be simple and easy-to-change.
A single administration console allows you to control how your employee’s inboxes are protected – the cloud-based service does not sit in-line, thereby acting before your accounts are put in danger. Agari is designed to integrate with Microsoft 365 and Google, allowing users to face little change to their workflow.
Expert Insights’ Comments: Users praise how intuitive and effective the product is. Its seamless integration makes securing your email accounts frictionless. We would recommend Agar Phishing Defense for organizations of all sizes who need a flexible, and effective solution to email security.
DuoCircle is a California-based email security company. Their email security solution is a cloud-based service that is designed to prevent a host of malicious attacks – such as phishing, malware, ransomware, viruses, spam, spoofing and social engineering.
DuoCircle Phishing Protection Features:
DuoCircle offers extensive protection from malware, ransomware, and phishing by scanning all executable content to identify any malicious code. Phishing Protection also scans non-executable files to identify embedded macros or other scripts. Multiple layers of scanning ensure that that nothing is missed – DuoCircle utilizes anti-virus/malware engines like Sophos, Cyren, Webroot and Vade.
Time-of-click (link-click protection) ensures that whenever a user accesses a URL, it will be safe. This prevents “clean” URLs getting past the security filters, but then being weaponised once they are in your inbox. Phishing Protection combats bad actors who use domain name spoofing to trick users too. A database of valid URLs is made, if an email comes from a domain that uses alternative characters (the number 0 for the letter O, for example) to impersonate a domain, it will be blocked.
Admins have real-time access to the status report of emails that are undergoing analysis from the unified web-based console. You can also adjust filters and alter allow lists and deny lists in this console. The solution is versatile enough that an office manager can set up the security, whilst allowing for a CTO to customize the protection to suit their business’ needs.
Expert Insights’ Comments: Users have described Phishing Protection as effective and unobtrusive. It will identify and remedy any threats without the end-user needing to know about it. We would recommend Phishing Protection for SMBs who need a dedicated solution to combat email threats. While the service focuses on phishing, the coverage extends to a whole host of email attacks.
Mimecast is one of the largest global cyber security vendors. Their SEG is a comprehensive solution to counter malicious emails entering your users’ inboxes.
Mimecast Email Security Features:
Mimecast Cloud Gateway natively integrates with your existing mail accounts – like Microsoft 365, or Google Workspace – as well as providing support for larger and more complex email environments. The solution is also designed to integrate with other security tools like SIEMs, SOARs and TIPs, making complete digital security achievable.
Mimecast offers an effective URL rewrite function which ensures that URLs are safe at the time of access. A raft of AV and sandboxing measures compliment the URL Rewrite tool, ensuring comprehensive and proactive protection against account threats.
Rather than offering a single email solution, Mimecast provides a suite of cybersecurity products gives you complete coverage. These include DMARC management, AI-driven social engineering defense with warning banners, email encryption and incident response. This gives you all the tools to effectively counter modern digital threats. End-users are able to block nuisance senders intuitively.
You can load multiple email domains under a single Mimecast license, which makes it a good solution for interconnected organizations or MSPs. Complete, granular control is possible through a unified platform. This means that tailoring policies is easy and efficient. Real-time reports detail the current inbound and outbound threats facing your network.
Expert Insights’ Comments: Mimecast Email Security is a highly regarded and highly effective SEG that provides a high level of protection, with intricate controls and customization. We would recommend Mimecast Email Security to enterprise users looking for the ability to have granular control and customization of their email security.
Trend Micro is Japanese company, offering a comprehensive SEG solution. Trend Micro Email Security Advanced provides a host of features to offer a multi-layered approach to security. Machine learning is combined with sandboxing and DLP to minimize management overheads, whilst protecting your accounts.
Trend Micro Email Security Advanced Features:
Trend Micro has the capability to detect ransomware and other malware hidden in a variety of file types – static and heuristic logic analysis examine abnormalities in PDF and text documents, while pre-execution ML provides dynamic analysis of suspicious assets. Sandboxing capabilities allow Trend Micro to analyze new threats. Malicious URLs are blocked pre-delivery and re-checked at the time-of-click.
BEC scams are mitigated via header and content analysis – this can be enhanced by using Trend Micro Writing Style DNA to assess authorship of suspicious emails. An unsecure email provider, forged domain, and other evidence of spoofing is identified and flagged based on word choice, grammar, and style.
Users praise the speed of deployment and cloud integration. Trend Micro preserves usability, whilst tightening loopholes left by existing cloud infrastructure. Some users suggest that the admin console isn’t as intuitive as it could be, but that it is comprehensive, with granular controls.
Expert Insights’ Comments:
We would recommend Trend Micro Email Security Advanced for SMBs and enterprises who need a sophisticated set of tools, but don’t necessarily have a dedicated IT team to intricately customize the policy options. Trend Micro is an effective cloud-native solution to email security.
What Is A Secure Email Gateway (SEG)?
A secure email gateway is a software solution that scans emails for malicious content before it reaches your users’ inboxes. They will use a series of filters and firewalls to block known threats, as well as scanning for a wide range of indicators of compromise (IoCs). Anything that is known to be safe will be sent on to the relevant inbox with no further action taken.
For suspicious content, there are several options on offer for a SEG. They can send the suspicious content to a sandbox or CDR tool to check the content for malware. Alternatively, the content can be permitted to enter an inbox with a banner warning the user to be careful.
How Do Secure Email Gateways Identify Dangerous Content?
Rather than being built around one technology, SEGs will often incorporate several different tools to give the greatest chance of identifying malicious content.
Sandboxing – A sandbox is a secure, isolated environment where suspicious malware can be executed. Whilst in the sandbox it is unable to connect (or infect) the network at large. From here, the SEG can monitor its behavior and decide if it is malicious or not.
Content Disarm And Reconstruction (CDR) – This involved breaking a file down to the code level, then removing any additional code. This process strips it of any executable material, before putting the file back together. You are left with a completely sanitised and safe file.
Firewalls And Filters – These act like a traditional barrier that scans all content and decides if it should be permitted or not. Firewalls and filters will look for IoCs, and cross reference files with a large database. This database can be continually updated, meaning the even the most recent threat can be blocked. Firewalls and filters tend to do most of the work but can be fooled relatively easily.
URL Scanning – It might be the case that a malicious actor places a link to a website in an otherwise safe email. Before letting this email reach a user’s inbox, the URL will be scanned to check for malicious content. It should also be scanned at the time-of-click. Otherwise, the website could be safe while the email is being checked, then weaponised later. Time-of-click analysis means that your users are always using up to date information.