Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Features / criteria to look out for in an email security/filtering product

I'm looking at Votiro, Proofpoint & Israel email security products
to reduce spam, emails from bad reputation IP, emails with
malicious attachments & URL.

What are the features/criteria to assess or look out for?

Esp if I'm on O365.

a) can link to SpamHaus, RBL etc to get bad reputation IP?
b) offers CDR, sandboxing?
c) can claw back malicious emails from users' mailbox once
    Sandboxing completed analysis that an email or attachmt
    is malicious (Proofpoint has one such  product)
d) can withstand email blasting (eg: 80000/minute)
e) in the event the device has an issue, the ease / turnaround
    time to disable it (without changing MX record)
f) allows us to specify IOCs (bad reputation IP obtained from
    threat intelligence or specific payload's hash)
g) the ability to integrate with DLP products : is this supposed
    to be a function of O356 Exchange Online or the filter
    device (as usually such device will be registerd in MX):
    I recall Proofpoint used to be able to integrate with a
    network DLP Codegreen or am I mistaken?
h) ... help add on ...
SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Rather looking for other products, i advise you to use ATP. Refer:
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-atp
Avatar of sunhux
sunhux

ASKER

Already tested with highest-end O366 (think it's tier 5 or also known as ATP):
a number of malicious attachments got past it.

Masnrock,
>10) Ability to see real senders of an email
Does the above mean we'll get to see the source IP of the sender or the
sender's domain or ?


Btan
>Not familiar with Votiro but it does claims to have CDR
Yes, it claims it could do Complete Deconstruction & then Reconstruct.
Proofpoint uses Sandboxing but it can take up to 30mins, so it lets
the emails get to the users' mailbox 1st & with another module
installed, it claws back what's been sandbox'ed as malicious
EOP with ATP is enough, make sure you have proper SPF, DMARC record setup for your domain. Read more: https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email

Why I am saying not to look for other option in office 365, as that will add extra layer and complexity to your mail flow and secondly, if there are any issues, you will not get any support from Microsoft.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Anti evasion such as sandbox detection is already existence (below) so no 100%. That why the different layer threat detection capabilities are needed. Ultimately as long as you layered your defense in depth from external to the endpoint, residual risk would be minimise.  Even endpoint need EDR (besides the AV) and its relies on letting exploit action take presence to trigger its preventive action. Proofpoint also relies on crowd of wisdom intelligence
Imposter attacks are hard to detect. Our Stateful Composite Scoring Service (SCSS) is a machine learning approach that searches specifically for these email threats. It uses what’s known about your unique environment, along with data from all customers, to more effectively detect and block email fraud.

https://www.proofpoint.com/us/threat-insight/post/Theres-a-Macro-in-your-Sandbox
Avatar of sunhux

ASKER

does any of the products allow us to enter an attachment's hash value to block?  sometimes spotted malicious attachmts  in hundreds of emails went past proofpt
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial