Email security should be a top priority for your organization. Email remains the number one vector used by cyber-criminals to target your corporate data, and email-based attacks such as phishing, business email compromise, and spam are constantly on the rise. Your organization’s first line of defence against these attacks should be an email security solution; this can defend your users against spam, phishing, malware, and viruses.
Secure email gateways (SEGs) are a category of email security tools that filter emails as they enter or leave your email server. Emails are routed through the gateway service, and so typically require your MX-records to be changed, regardless of email platform. Many email providers today also offer a cloud-native email security option, known as “Integrated Cloud Email Security” (ICES), either alongside or as a replacement for the traditional SEG. These solutions scan emails for content that may indicate phishing, account compromise, or malicious downloads. These can integrate directly with cloud email platforms such as M365 and Google Workspace.
There are many email security gateway solutions available. To help you find the right solution, we’ve put together our list of the top email security solutions, covering both secure email gateways, ICES, and cloud-native email security options. In each listing, we’ll cover key features, spam filtering effectiveness, deployment, ease-of-use, our internal technical testing, and wider market positioning to give an informed suggestion regarding the ideal use case for each platform.
SpamTitan is a leading secure email gateway platform that provides comprehensive protection against email threats including spam, malware, ransomware and phishing attacks. SpamTitan is built on a powerful spam filtering platform, with a market leading catch rate of 99.99% and a false positive rate of 0.0003%. Alongside spam filtering, SpamTitan provides advanced protection against sophisticated phishing attacks, scanning all inbound emails in real time and filtering out malicious content, including links to phishing webpages and malicious attachments.
SpamTitan provides top threat protection against both inbound and outbound email threats. The platform provides multi-layered threat protection for inbound emails, with CEO Impersonation protection, phishing and protection, URL analysis, attachment sandboxing, ransomware protection, SPF/DKIM/DMARC checking and encryption. SpamTitan prevents phishing and whaling attacks by scanning inbound emails in real time, providing a strong level of inbox protection.
Alongside inbound email, SpamTitan allows admins to set up powerful data leak prevention rules which help to stop outbound email data loss. SpamTitan allows admins to easily configure their threat protection policies, including the ability to set allow/deny lists, customize DLP rules and set policies by user, domain and domain group.
SpamTitan is an accessible and easy to manage platform, with a comprehensive SEG feature set. The service is simple to use, and easy to deploy, easily integrating with existing email systems. SpamTitan works well as an extra layer of security for Office 365 accounts, providing enhanced threat protection and reporting for Office 365 email users. This protection is backed by their responsive and knowledge technical support team. SpamTitan is popular with customers, who praise the service for its ease of deployment, cost-effective pricing and high-quality technical support. We recommend SpamTitan as an easy to manage email security solution for SMBs, enterprises, MSPs and resellers.
IRONSCALES provides fast, powerful protection against threats within the email inbox. They offer two paid packages (Email Protect™ and Complete Protect™), which provide anti-phishing protection combined with integrated security and awareness training, all of which are administered from a single console. IRONSCALES is a fully cloud-based platform, perfect for use with Office 365 and G Suite. Implementation can be completed in as few as two clicks and no MX record changes are ever needed. In testing, it detected phishing threats missed by Office 365 and other leading email security solutions. IRONSCALES provides powerful protection against sophisticated social engineering attacks, such as phishing and business email compromise.
IRONSCALES utilizes AI-driven security tools, combined with human intelligence from end-users, to identify malicious emails, and remove them from users’ inboxes automatically.
Additionally, IRONSCALES allows businesses to implement a ‘report phish’ button directly into end-user email clients. This works on all devices and is fully customizable. It allows users to report suspicious emails, which reduces dwell time. According to admin policy, when an end-user reports an email, a warning will display to other users who receive the same or similar email, or alternatively, the email will be quarantined. IRONSCALES also provides a full suite of security awareness training and phishing simulation, with customizable phishing templates and engaging training materials.
Customers praise IRONSCALES for making the management of phishing threats much easier on a broad scale. Admins report that in many cases, IRONSCALES has allowed them to remove phishing emails from inboxes with ease, stopping attacks before they happen. Customers also praise the ease of deployment. IRONSCALES integrates very well with cloud-based email providers, such as Office 365 and G-Suite. IRONSCALES is a great option for organizations that are happy with their level of spam filtering but need additional protection from advanced email threats, such as phishing, insider threats, and business email compromise. IRONSCALES also now offers protection against malicious links and attachments in Microsoft Teams environments.
Trustifi is an email security and encryption provider that helps organizations to secure their inbound and outbound email communications against email threats such as phishing, account takeover and email-delivered malware. Trustifi combines advanced inbound threat protection that scans emails for malicious content, with outbound email encryption that ensures the protection of sensitive data at rest, in storage and in transit. Compatible with local email clients, Office 365 Outlook and Google Workspace, Trustifi helps organizations secure their inboxes and stay compliant, no matter which platform they’re using to communicate.
Trustifi’s inbound email security technology scans all email communications for malicious content such as spam, viruses, malware and phishing attempts. The platform ranks each email according to its threat level and threat type, ranging from “Authenticated” through to warnings such as “Impersonation Attack”. The solution then quarantines or removes malicious emails as per admin-configured policies. Trustifi also offers address white- and blacklisting, to help organizations avoid repeat attacks from known malicious actors and ensure that known external senders’ emails aren’t mistakenly quarantined. In addition to its inbound security, Trustifi offers AES 256-bit encryption for all outbound emails, helping to ensure that all sensitive information is sent securely and in line with regulatory standards, such as HIPAA, GDPR and FINRA. To ensure maximum security, admins can require that recipients verify themselves with 2FA before they’re able to open an encrypted email – but they don’t have to set up their own account with Trustifi.
Trustifi’s solution deploys via API integration, so is quick and easy to set up. It comes with pre-configured, default settings in place so that, once deployed, it instantly provides threat protection. Admins can then log in to set up more granular inbound and outbound email security configurations. Trustifi is praised by customers for its ease of use, both from an admin and end user perspective, and we recommend it as a powerful, user-friendly solution for organizations of any size looking to secure their inboxes against threats such as phishing, as well as encrypt their most sensitive email content.
Abnormal Security is a cloud email security platform that provides comprehensive protection against the full spectrum of email attacks from business email compromise to account takeover.
Abnormal uses behavioral AI models to create a baseline of your email environment, enabling threat protection systems to accurately detect and automatically block malicious email content from being delivered to users. Abnormal Security was founded in 2018, and currently protects over 10% of Fortune 500 companies with customers across all industries.
These behavioral models instantly detect malicious email content and block inbound and internal email threats. Abnormal also monitors and protects internal email accounts to identify and remediate compromised accounts. By understanding the known good across identity behavior, content, and tone, Abnormal can identify users that display unusual behaviors and remediate the accounts by logging users out of active sessions and requiring a password reset.
Abnormal is a powerful email security platform that has developed as a well-established, cloud-based alternative to email security gateway providers. Recognized as a ‘Microsoft Preferred Solution’ and selected by Microsoft for its email defense capabilities, the solution is deployed via API and can be launched across cloud email environments in minutes. The platform integrates natively with the Microsoft 365 and Google Workspace to provide enhanced protection and a seamless user experience. For this reason, we’d highly recommend this service for organizations using Microsoft 365 or Google Workspace, looking for enhanced email security.
Proofpoint is a market leading email security gateway, and the world’s largest email security vendor, with annual revenues of over $1bn. Proofpoint Essentials is Proofpoint’s solution for small and mid-sized organizations. Essentials is a strong solution for email protection, encryption, archiving and continuity, delivered as a single platform, with a single admin console. Proofpoint have an unparalleled visibility into email threats with their global threat intelligence platform that spans email, social and mobile. Other vendors rely on third party threat intelligence, which can be less accurate. Proofpoint collect and analyse more than 100 billion data points a day from more than 100 million email inboxes, 200 million social-media accounts, and 7 million mobile apps. Proofpoint secure more than 50% of the Fortune 100, the top 5 banks globally and 7 of the top 10 global retailers.
Proofpoint provide the best protection against email threats, with effective spam protection and detection, powerful URL defense and dynamic content filtering. Essentials is a cost-effective solution, with many features such as archiving, and encryption included as part of the Professional package that would otherwise be expensive add-ons. Essentials provides a range of reports and logs to give you more control and awareness over your email network. Proofpoint’s admin console is modern, providing granular controls and improved threat reporting. With Essentials, Proofpoint provides organizations with enterprise class email security at a cost effective price point. It’s an ideal solution for businesses and MSPs, with easy set-up, deployment, and competitive pricing. Proofpoint is also a good option for teams using Office 365, as it offers Azure Active Directory Sync, meaning deployment is seamless and new users are automatically added.
Proofpoint Essentials has recently launched a new feature set to help protect organizations against advanced email threats. This includes one-click message pull, enabling admins to remove suspicious emails directly from user inboxes, predictive URL defense, advanced protection against business email compromise attacks, and predictive warning banners, displayed on email messages to warn users of suspicious activity. These features are available as part of Proofpoint’s Business+, Advanced+ and Professional+ packages.
Learn more about Proofpoint Essentials
Mimecast is a leading vendor in the email security space, protecting more than 40,000 organizations globally. They offer one of the most fully featured SEG solutions on the market as well as a cloud-native integrated email security solution designed specifically for M365 protection. Mimecast is one of the leading vendors in terms of threat research and analysis, monitoring over a billion email every day. This threat intelligence powers their highly effective email scanning technologies and gives them a clear edge when it comes to protecting the email channel against malware and phishing across all their security products.
Mimecast Integrated Suite is a cloud native email security solution that can be deployed directly into M365 via API integration. It enables powerful protection against email attacks such as phishing, malicious URLs and attachments, and spam – warning banners are placed on suspicious email messages alerting users to the potential threats. The solution is fast to deploy, with minimal configuration required.
Mimecast Gateway Suite is a cloud-deployed secure email gateway service, which offers advanced admin features, can protect any email environment, and provides highly effective protection against spam and malware. It also integrates with other leading Mimecast solutions, including email continuity, email archiving, and DMARC protection.
Both of these services leverage Mimecast’s leading threat intelligence, AI-powered threat detection components, comprehensive reporting, and browser isolation technologies to prevent web-based malware sent via email. Mimecast boasts a low rate of legitimate emails being falsely marked as spam and a high rate of spam and virus blocking. We recommend Mimecast as a strong option for enterprise organizations, looking to implement a market leading email security solution.
Learn more about Mimecast Secure Email Gateway
Avanan is an innovative cloud-based email security solution, with a full threat protection suite for Office 365 and Google Workspace (formerly GSuite). Avanan’s platform protects businesses from sophisticated email attacks like phishing, malware, account compromise and data loss. Unlike traditional secure email gateway solutions, Avanan sits inside the email environment, and is deployed in just a few minutes, without requiring any MX record changes. This API based integration allows Avanan to analyze all historical emails, enabling it to accurately detect user impersonation and email fraud.
Avanan provides multi-layered threat protection to protect emails inside the email inbox. As Avanan sits within the email environment, it can secure inbound, outbound and internal emails. Avanan uses machine learning to identify zero-day phishing attacks, using over 300 indicators of compromise – including time of sending, location and domain – to flag suspicious emails. Avanan also uses machine leaning algorithms to detect business email compromise, by flagging logins across multiple countries and alerting admins to unusual behaviours that point to accounts being taken over.
Avanan also provides enhanced malware protection for emails. This includes protection against harmful attachments and URLs, with advanced reporting for all inbound, outbound and internal emails. From inside the email network, Avanan provides real-time and historical visibility into all users and email threats. Avanan is a strong solution for Office 365 and Google Workspace users looking for powerful protection against phishing, spear-phishing and account compromise.
Barracuda is a popular email security provider that offers a comprehensive and cost-effective email security system, combining an email gateway, API-based inbox security, and web security into one cloud platform. Barracuda leverages AI-powered engines to provide strong protection against all types of threats, with comprehensive admin controls and visibility. Barracuda also offer other email security-adjacent solutions, such as email encryption and archiving, security awareness training, backup for M365, and Zero Trust remote-access for Microsoft 365 applications.
Barracuda’s email gateway provides strong protection against spam and malware, with effective email filtering which leverages static analysis and sandboxing to protect against both known and unknown threats. Their inbox layer protection effectively blocks phishing and impersonation attempts, using AI engines to analyze communication patterns within your organization and flag messages containing suspicious and harmful content. Barracuda also provides effective protection web threats, with a URL and DNS filtering capabilities that integrate across the email channel to stop users visiting harmful web pages.
Barracuda offers a compelling, multi-layered email security stack for protecting Microsoft 365, at a cost-effective price point. Barracuda Email Protection is praised by customers for its support, with many users saying their team is quick to respond and knowledgeable. We recommend that SMBs and MSPs looking for an all-in-one email security solution for M365 consider shortlisting Barracuda Email Protection.
Learn more about Barracuda Essentials
Leading cybersecurity and technology company Cisco offer an effective cloud-based email security gateway, delivering powerful protection against business email compromise and phishing attacks. The platform provides highly advanced threat analytics, actionable reporting, and a simplified admin workflow to help improve policy management. Cisco operate one of the industry’s biggest threat intelligence platforms: Talos, which collects data on over 600 billion emails every day. Cisco also offers Secure Email Threat Defense, a cloud-native email security service deployed via API.
Cisco’s email gateway provides highly effective protection against email threats, with highly effective ransomware protection leveraging Sophos’ antivirus engines, and real-time URL analysis to protection against phishing links. It also provides domain and reputation protection and effective graymail spam protection. Cisco’s cloud-based Secure Email Threat Defense solution augments the native protection within M365 with powerful threat detection engines. This includes filtering for outbound, inbound, and internal email messages, automatic remediation of malicious content from inside the email inbox. Reporting, search, and message tracking is available from an integrated admin dashboard.
Cisco Secure Email is an enterprise-focused solution – and one of its core benefits is the tight integration across Cisco’s broad portfolio of market leading security solutions. This includes security awareness training, threat response, secure endpoint protection, malware analytics, identity controls with Duo Security, and many more enterprise security controls. We highly recommend the Cisco platform for organizations that can take advantage of this extensive feature set.
Update July 14 2023: Cisco has now completed its acquisition of Armorblox, an AI-powered email security platform which will be leveraged across Cisco’s email security portfolio.
Learn more about Cisco Secure Email
Microsoft Defender for Office 365 is a cloud-based email filtering service that augments the default protection offered by the M365 email platform. It protects against advanced email threats, such as sophisticated phishing attempts and BEC as well as malicious files and attachments. A key benefit of this solution, aside from native integration and deployment for M365, is that protection extends across M365 apps.
Microsoft have developed effective AI engines to automate threat protection, enforcing anti-phishing policies, anti-malware protection across SharePoint, OneDrive, and Microsoft Teams as well as checking each attachment to ensure it is safe. The solution is very easy to set up for customers on Microsoft 365. Defender provides admins with threat protection policies, reports and investigation, and response capabilities that businesses would not otherwise get with M365 natively. Using Defender, admins can define threat-protection, view real time reports, and use tools to investigate threats and their source.
Microsoft have invested heavily in Defender for Office 365, making the solution a very effective and credible choice for SMBs looking to invest in an enhanced email security suite for M365. The solution is increasingly highly rated in independent security tests, and integrates across Microsoft’s XDR, SIEM, and Intune solutions for a holistic security platform.
Organizations looking for the most effective and advanced admin controls, policy management, and spam filtering may wish to look at the dedicated gateway options on this list, but Microsoft Defender is a popular choice with customers, as a comprehensive solution, that works natively with Microsoft 365.
Learn more about Microsoft Defender for Office 365
Libraesva ESG is an integrated email security solution which uses multiple protective layers to protect Microsoft 365, Exchange, and Google Workspace, both at the gateway and API layers, so email threats like email fraud, BEC and phishing attacks are thwarted before they can even reach their intended targets.
This is a full-featured solutions offering users a range of useful capabilities. There is spoofing protection, which lets you identify and block imposters and prevent others from spoofing you by using a combination of SPF, DKIM and DMARC authentication techniques, and threat remediation, which facilitated the removal of malicious emails from users’ inboxes, meaning emails are either deleted or stored for further analysis.
The threat analysis portal is an all-in-one dashboard providing enhanced visibility into email attacks and trend data for the organizations, benchmarked against Libraesva global data. The solution also prevents the delivery of malicious files via deep inspection and documentation sanitation, provides one-click protection which intelligently scans all links for evasive behavior to steep users away from unsafe websites, and encrypts emails end-to-end with the on-demand encryption engine. Email continuity prevents downtime from impacting productivity, and the available mobile app lets users manage Microsoft 365, Exchange, and Google Workspace even when away from their desks.
Libraesva ESG delivers advanced protection for cloud-based email platforms with complete protection against advanced threats and attacks and is easy to deploy, with granular configurability. The solution is well-suited to medium and large enterprises or educational clients interested in cost-effective email protection with high levels of visibility and customization.
Learn more about Libraesva ESGEmail Security: Everything You Need To Know (FAQs)
What Is A Secure Email Gateway?
A secure email gateway (SEG) is an email security tool that prevents malicious emails from being delivered or sent from your email network. SEGs filter email messages using signature analysis, attachment sandboxing, URL scanning, and machine learning in conjunction with configured admin policies, to remove harmful email content before it reaches corporate mail servers and user inboxes. Suspicious content is either quarantined, deleted, or marked as unsafe.
Secure email gateways are typically cloud-based but can be deployed as an on-premises or hybrid appliance. They are usually deployed through redirecting your DNS MX-records, which directs email messages via the filtering service before they reach user inboxes.
What Are Integrated Cloud Email Security Solutions?
Integrated Cloud Email Security (ICES) Solutions are cloud-native email security tools that can be used alongside (or to replace) a secure email gateway. Unlike SEGs that require you to redirect DNS MX-records, these tools are cloud-native, and can integrate directly into cloud email platforms such as Microsoft 365 and Google Workspace via API.
Not only does this approach have a faster deployment, but it also results in more effective protection against threats inside the email inbox. ICES solutions will use machine learning to scan internal email communications and identify indicators-of-compromise (IOCs), signifying an account has been compromised to send out malicious email messages. Using these tools, suspicious emails can be automatically removed from all user’s inboxes, even after delivery.
Our recommendation is that businesses needing strong email security should consider implementing multi-layered email protection, pairing a gateway with some form of cloud-native inbox-based email security solution.
Why Is Enterprise Email Security Important?
Email continues to be the top threat vector for many times of cyber-crime. 81% of organizations around the world have seen an increase in phishing since 2020, and in 2021 almost 40% of data breaches involved a phishing attack.
Originally, spam was the biggest nuisance that companies faced with email. Ranging from the farcical (far-off Royals promising riches) to the malicious (adult and harmful content sent to mailboxes). Spam was a major headache for IT admins in the early days of the internet and continues to be a problem even now – estimates are that up to 49% of all emails are spam.
SEGs can deal with spam content very effectively – they often use new or low-reputation domains which can be quickly blocked by the email filter. But modern email threats are much more targeted and advanced. Phishing is one of the most common causes of data breach today. They often originate within the email channel and aim to trick users into clicking harmful web links or making fraudulent payments. Advanced malware and ransomware also commonly spread via phishing messages or by compromised email accounts.
Modern email security tools, such as SEGs and Integrated Cloud Email Security solutions, protect against these threats. They use a range of techniques, including attachment sandboxing, URL filtering, domain reputation assessment, and machine learning, to filter email content.
It is important for all organizations to have an effective email security framework in place to protect users, customers, and partners from sophisticated email threats such as spam, malware, phishing, and business email compromise. Email security is also important to ensure and demonstrate compliance with data security regulations.
What Are The Key Features Of Secure Email Gateways?
Email security gateways are designed to act as a shield for your email network, blocking inbound malicious email content from reaching user inboxes, and preventing outbound malicious email content from being delivered. Admins should have the ability to configure policies which govern how this filtering works. They may wish to block emails from certain domains or allow emails from known safe senders.
In addition, email security gateways should provide detailed reporting to help organizations track incoming email threats. Many email gateways also include integrated, complementary email technologies, such as email archiving, encryption and DMARC.
Key features of secure email gateways include:
- Protection against harmful email content across all email platforms (M365, Google Workspace, Exchange On-prem etc)
- Admin policies and controls to govern how the email filter works
- URL filtering
- Attachment sandboxing
- Integrated email security tools, e.g. email archive, email encryption, DMARC
How Do Email Security Tools Work?
Email security tools are designed to protect email accounts, content, attachments, and users against malicious activity, compromise, or breach. This covers a broad range of use cases, including preventing the delivery or sending of malicious email content, such as harmful attachments, ransomware, and phishing mail.
The tools are also responsible for encrypting email messages that contain sensitive data, preventing users from clicking on malicious URLs, providing data leakage protection (DLP), and displaying warning banners on potentially harmful email messages.
How Does A Secure Email Gateway Work?
Before cloud email hosting, the most common form of email security tool was the “secure email gateway (SEG)”, a physical appliance that would sit in front of the email network and monitor incoming and outbound email traffic to remove spam and malware. Today, email security tools are more commonly cloud-based, with organizations redirecting their mail exchange (MX records) to point their email towards a cloud-based SEG.
Many email security gateways use a mixture of email content scanning, domain reputation, URL scanning, and attachment sandboxing to make a deterministic assessment of an incoming email message. If the message is deemed malicious, it is blocked; if it is deemed safe, it is delivered.
These tools work using a variety of techniques including greylisting, real time blacklists (RBL’s), constantly updated spam definitions, pre-defined DLP rules, anti-malware, and sandboxing engines to detect and remediate against malicious email content.
In the era of cloud-based email platforms, such as Microsoft 365 and Google Workspace, a new category of SaaS-based email security tools has emerged. These services, named “integrated cloud email security” (ICES) solutions by Gartner, address cloud-based vulnerabilities, most sophisticated phishing threats that evade the traditional, static controls used by SEG services.
These tools integrate directly into the inbox environment and are deployed either via an API connection or using mail flow rules. These tools can address SEG gaps by scanning the inbox environment directly. This means they can scan internal email which SEG’s traditional have been unable to achieve. They are also able to remove potentially malicious email content from all mailboxes, instantly – even after an email has been delivered.
