Business & Technology

What Holiday Shopping Reminded Me About Email Security

By David Finger | December 14, 2018

As many of you may know, the winter holiday season in the United States has always been a time for family, friends, and lots of food. Increasingly, it has also become a time for lots of sales and shopping.

Traditionally, I have avoided the sales and shopping in order to avoid the large crowds. But with the growth of online deals and the ease of shopping online, I figured I would check out big screen televisions this year. I was excited to see a massive 70-inch model TV on sale for less than $1000. I also noticed a range of special offers, including sound bars.

Now, for me, the built-in speakers have always been enough, but I was curious to see these special offers. As I looked at my options, I noticed a nicely discounted sound bar that piqued my interest. However, I also figured it was worth seeing what independent testers had to say about it. And ultimately, I was very glad I did, as I learned that independent sources only gave the sound bar model I was considering a “middling score.”

Validation through Independent Testing

So what does this have to do with email security? Well, I was reminded that it is always a good idea to check independent tests and reviews before making a significant purchase. For example, this week, SE Labs released results for its new 2018 Email Security Services group test and Fortinet’s FortiMail Secure Email Gateway solution was given a top AAA rating.

Now Microsoft Office 365, including Exchange Online, has been the de facto email solution for businesses for years. So, the thinking in many companies goes, “why not have the company that built Exchange for all these years not only host and manage it for us, but also secure it?”  And certainly, a minimum level of security is required for any deployment. So Office 365 is commonly purchased with some native security included—just like the speakers built into a TV. Further, as with the sound bar provided by the TV manufacturer, Microsoft also offers added security components for Exchange Online in their Office 365 ATP package. And these look similar to offerings from dedicated security companies (the same way many soundbars do). However, they are not the same.

The SE Labs test assessed leading email security options from leading Secure Email Gateway vendors, including Fortinet, as well as the standard add-on security from Microsoft that is included in Office 360. What we can quantitatively see is that:

  1. The built-in security from Microsoft may be fine against common email attacks, but customers serious about email security need to consider additional email protections.
  2. While the add-on ATP component from Microsoft is better than the standard security built in, purpose-built ATP solutions from focused security vendors and backed by dedicated threat research teams offer signficantly greater protection.    
  3. Fortinet FortiMail adds important protection against advanced email threats of all kinds. According to the FBI, business email compromise was responsible for $12.5bn in global losses last year, including phishing (42,000 records stolen in one incident last month), targeted attacks (31TB allegedly stolen in one recent campaign), and more. 

Now for some (like with me and TV speakers), the built-in security that comes standard with Office 365 may have been enough. However, for most others (and myself going forward), adding extra components (soundbars or security) is required. And before selecting the add-on components of Office 365 ATP (or the manufacturer’s TV soundbar), one should always check rigorous independent tests from reliable sources.

For those really serious about their security experience, selecting a dedicated vendor based on independent testing is essential. Any other approach could have significant financial consequences.

So, as it turns out, holiday shopping ended up providing a good reminder for all of us, and our businesses, this year.

Read more about Fortinet FortiMail.