Osterman Research have produced a buyer’s guide to help IT and security professionals research, evaluate and choose an email security solution that can augment and fill the gaps left by secure email gateways and the native security provided by cloud email platforms. Specifically, it focuses on solutions that can reduce the human activated risk introduced into organizations through both inbound and outbound email.
The guide outlines the process a buyer should follow to augment their existing email security with a new solution. We’ve briefly summarized the key things a buyer will learn in this article. For a more in-depth view on Osterman's recommendations, you can download the full guide.
1. The problem of human activated risk
Human activated risk is created by human behavior – this includes inbound threats where bad actors coerce insiders into mistakes, as well as outbound data loss caused by human error and malicious exfiltration. You’ll learn the outcomes of the three types of human activated risk (none of them good) and why commonly used existing controls need augmenting to offer full protection.
2. Existing technical controls are ineffective
Existing controls such as Microsoft 365 and SEGs aren’t doing enough to reduce the human activated risk introduced by inbound and outbound email, so new technology solutions are needed to tackle the problem. The guide explores the flaws in commonly used defense-in depth protections, why they’re ineffective at reducing human activated risk, and how new solutions in the market can augment existing email security stacks.
3. New technology is needed
The guide explains which solutions have the technological capability to protect against both inbound and outbound threats. You’ll learn the deployment options for augmenting Microsoft 365, or Microsoft 365 and a SEG, with such a solution – as well as the pros and cons of choosing to retain a SEG.
4. Inbound and outbound protection is required
Few vendors offer full protection for both inbound and outbound email, which is essential to cover against the full spectrum of human activated risk. You’ll also learn which technology characteristics are needed in an email security solution to augment Microsoft 365 and/or SEGs against more sophisticated threats, especially payloadless attacks such as BEC.
In addition, the guide explores how new solutions can protect against the equally dangerous (yet often underestimated) outbound risks such as human error and acts of malicious exfiltration.
5. The right questions to ask vendors
Finally, you’ll get a list of recommended questions to arm yourself with for when it comes to evaluating email security solution vendors. Download your full guide below for Osterman’s complete set of insights and recommendations.