We help IT Professionals succeed at work.

Features / criteria to look out for in an email security/filtering product

170 Views
Last Modified: 2018-11-16
I'm looking at Votiro, Proofpoint & Israel email security products
to reduce spam, emails from bad reputation IP, emails with
malicious attachments & URL.

What are the features/criteria to assess or look out for?

Esp if I'm on O365.

a) can link to SpamHaus, RBL etc to get bad reputation IP?
b) offers CDR, sandboxing?
c) can claw back malicious emails from users' mailbox once
    Sandboxing completed analysis that an email or attachmt
    is malicious (Proofpoint has one such  product)
d) can withstand email blasting (eg: 80000/minute)
e) in the event the device has an issue, the ease / turnaround
    time to disable it (without changing MX record)
f) allows us to specify IOCs (bad reputation IP obtained from
    threat intelligence or specific payload's hash)
g) the ability to integrate with DLP products : is this supposed
    to be a function of O356 Exchange Online or the filter
    device (as usually such device will be registerd in MX):
    I recall Proofpoint used to be able to integrate with a
    network DLP Codegreen or am I mistaken?
h) ... help add on ...
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
AmitIT Architect
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
Rather looking for other products, i advise you to use ATP. Refer:
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-atp

Author

Commented:
Already tested with highest-end O366 (think it's tier 5 or also known as ATP):
a number of malicious attachments got past it.

Masnrock,
>10) Ability to see real senders of an email
Does the above mean we'll get to see the source IP of the sender or the
sender's domain or ?


Btan
>Not familiar with Votiro but it does claims to have CDR
Yes, it claims it could do Complete Deconstruction & then Reconstruct.
Proofpoint uses Sandboxing but it can take up to 30mins, so it lets
the emails get to the users' mailbox 1st & with another module
installed, it claws back what's been sandbox'ed as malicious
AmitIT Architect
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
EOP with ATP is enough, make sure you have proper SPF, DMARC record setup for your domain. Read more: https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email

Why I am saying not to look for other option in office 365, as that will add extra layer and complexity to your mail flow and secondly, if there are any issues, you will not get any support from Microsoft.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Anti evasion such as sandbox detection is already existence (below) so no 100%. That why the different layer threat detection capabilities are needed. Ultimately as long as you layered your defense in depth from external to the endpoint, residual risk would be minimise.  Even endpoint need EDR (besides the AV) and its relies on letting exploit action take presence to trigger its preventive action. Proofpoint also relies on crowd of wisdom intelligence
Imposter attacks are hard to detect. Our Stateful Composite Scoring Service (SCSS) is a machine learning approach that searches specifically for these email threats. It uses what’s known about your unique environment, along with data from all customers, to more effectively detect and block email fraud.

https://www.proofpoint.com/us/threat-insight/post/Theres-a-Macro-in-your-Sandbox

Author

Commented:
does any of the products allow us to enter an attachment's hash value to block?  sometimes spotted malicious attachmts  in hundreds of emails went past proofpt
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.