FortiMail: Secure Email Gateway (SEG) Solutions

What is Email Security?

Email remains the most critical communications tool for business. Unfortunately, that also makes email the top threat vector, with the volume and sophistication of attacks ever-increasing. At the same time, customers are increasingly moving to cloud email providers, like Microsoft 365 and Google G-Suite, and are struggling to secure their email traffic. The built-in, native security tools available in these platforms are by themselves insufficient to guard against attacks, protect valuable data, and ensure compliance objectives are met. FortiMail, Fortinet’s secure email gateway solution, provides a comprehensive, multi-layered approach to address all inbound and outbound email traffic. Fortinet is a trusted vendor and offers the industry’s broadest portfolio of security solutions,—including identity management, advanced threat/zero-day protections and security-driven networking—with its Security Fabric.

The Importance of Secure Email Gateway (SEG)

SEGs provide the front line of defense for the organization's largest attack surface: email. Email is a mission-critical communications channel, and attacks using email are growing both in volume and sophistication. For example, Verizon’s Data Breach Investigations Report notes that more than 90% of malware is distributed via email. And it is common to see phishing emails masquerading as legitimate files or links to attempt to steal login credentials, which can lead to account takeovers or data breaches.

Users face a myriad of inbound e-mail-based threats, including spam, ransomware, business email compromise, advanced and zero-day exploits, plus outbound threats stemming from data leaks and compliance violations. SEGs are expected to provide a broad range of capabilities to protect and secure all inbound and outbound email traffic. This remains important even as organizations move from on-premise email servers to cloud providers, like Microsoft 365 (M365) or G-Suite, whose native security is insufficient on its own.

At the heart of any SEG is a message transfer agent (MTA), or API-based integration for email scanning and enforcement of policies. Scanning technologies are expected to provide a baseline of content analysis, anti-spam and anti-malware capabilities, marketing newsletter and graymail classifications, as well as personalized controls for end-user message management.

Advanced features available in many SEGs include capabilities for deeper analysis using sandboxing technology or content disarm, and reconstruction targeting file attachments. To address URL-based threats, some SEGs also offer URL rewrite and time-of-click analysis or complementary remote browser isolation technology. It is also common for SEGs to offer capabilities to address email spoofing and impersonation attempts.

To address threats facing outbound email or email-in-transit, SEGs commonly include features for data leak prevention (DLP), message archiving, and encryption. Especially for customers in highly-regulated industries, such as retail, financing or healthcare, some SEGs include pre-defined policies geared to address compliance requirements including HIPAA, PCI-DSS, and GDPR, among others. Lastly, users are increasingly selecting SEG vendors who not only offer on-premise physical and virtual appliance options but also have a cloud-ready version of their solution in the form of a Software-as-a-Service solution or flexible deployment into public clouds, such as AWS, Azure or GCP.

Shift to Proactive Security

Secure Email Gateway Solutions: FortiMail

FortiMail is a proven, best-in-class secure email gateway solution used tens of thousands of customers worldwide to protect well over a hundred million mailboxes. FortiMail has been independently validated for high catch-rates, leading accuracy and excellent overall security efficacy by testing firms including SE Labs, VB Labs, ICSA, and NSS, among others. For example, FortiMail was recently awarded a ‘AAA rating’, the top rating a vendor can receive, by SE Labs.

FortiMail is designed to address both inbound traffic, to detect and prevent inbound threats, as well as outbound traffic to enforce policies related to compliance or protecting valuable data assets. Most importantly, the solution works seamlessly with any existing email infrastructure investment, whether on-premise like Exchange or hosted in the cloud, like M365 or G-Suite. In addition, a wide range of deployment options and consumption models are available to address any customer requirement, including the FortiMail Cloud SaaS.

FortiMail can operate in-line as a traditional MTA requiring an MX record change, or out-of-band leveraging APIs to plug seamlessly into M365 environments. This API integration allows customers to perform real-time and internal scanning of email traffic, as well as post-delivery clawback if a message is identified to contain a threat or maps to a defined policy, such as a confidential document.

One of the advantages that separates FortiMail from other products is the backing of it by FortiGuard Labs, including the powerful visibility and real-time threat intelligence feeds provided through this integration. FortiGuard Labs has tremendous insights on global traffic patterns and the evolving threat landscape; each day, for example, FortiGuard Labs has visibility into more than 100 million unique emails. This allows FortiMail customers to benefit from the latest and greatest protection, since spam and virus outbreaks can be identified and stopped as quickly as possible.

FortiMail also distinguishes itself through its multi-layered approach to email security. For example, to identify and stop spam and phishing attacks, multiple techniques are employed in the solution to address this undesirable traffic. Additional capabilities are available to guard against business email compromise and spoofing, like a bad actor impersonating a C-level executive.

To address malware that can cripple an organization, FortiMail has rich features to detect malware including viruses and ransomware, as well as advanced techniques to address targeted attacks and risky files. To address weaponized attachments, FortiMail can block executables or use content disarm and reconstruction for active content. And since threats continue to quickly evolve, FortiMail can prevent zero-day and advanced threats—the unknown risks—using sandbox integration to perform the deepest levels of analysis.

Increasingly, an area of concern for customers is the treatment of uncategorized or potentially suspicious URLs embedded in emails. FortiMail offers the ClickProtect feature to revalidate a URL at the time the user actually tries to visit the URL or website, as the site may have gone from uncategorized initially to now a known phishing URL for example. To take this to the next level, FortiMail integrates with FortiIsolator to isolate this traffic using a container-based approach so users can visually interact with URL but not take the dangerous step of actually download the content and executing in their local browser.

For outbound email defense, FortiMail offers many capabilities including compliance-specific polices to help with HIPAA, SOX, GLBA and others, plus techniques to prevent data leaks related to sensitive data or IP assets. FortiMail also supports email archival or identity-based encryption so security can be extended outside of the organization.

Since email is often part of a larger communications and collaboration toolbox organizations rely upon, Fortinet also offers complementary solutions including FortiCASB, the Fortinet Cloud Access Security Broker solution, that pair nicely with FortiMail. FortiCASB supports key SaaS apps including M365, G-Drive, Box, Dropbox and Salesforce using an API-based approach to provide critical visibility, data protection and threat prevention. This is particularly important for cloud storage and file sharing applications.