Why and how to migrate corporate email security to the cloud. Part 1


    Protecting e-mail in the cloud provides a number of advantages that positively affect the performance of the company, although so far this approach has raised a number of concerns. But is the devil really so terrible as he is painted? Should you take a closer look at such opportunities?

    In the first part of this article, we will consider the main problems and needs of enterprises related to ensuring email security, as well as the general advantages and disadvantages of SaaS-solutions for protecting corporate mail. Actually, we will try to answer the question “why.”

    And now the second part of the article will be devoted to the answer to the question “how”: here we can show the basic steps for pre-setting a SaaS solution using the example of Panda Email Protection .

    Mail is the main communication channel


    It's no secret that email is the main communication channel of enterprises and organizations. Draft contracts, commercial offers, descriptions of products and services, invoices and other financial and accounting documents, various documentation, tasks and offers are transmitted by e-mail, it is tied to the work of various client services and much more. Thus, the good work of e-mail ensures the normal functioning of the company, directly affecting its performance (respectively, its revenue and competitiveness).

    Obviously, e-mail must be properly protected from various types of IT threats (viruses, spam, ransomware, phishing, and much more). Indeed, an insufficient level of protection can lead to delays in work, crashes and downtime of mail servers, loss of labor productivity and problems in the work of the company.

    The main issues that have to be resolved in connection with e-mail:

    1. IT risks
    According to Panda Security's internal estimates, up to 85% of all e-mail arriving at the company and organization is infected or spam. Accordingly, there is a constant risk of infection or attack by cyber criminals.

    2. Performance
    Email is a critical means of production. Simple mail is a performance loss. Therefore, access to e-mail is always necessary at any time from any device, even if a failure occurs with the mail server.

    3. ROI
    Mail - a frequently used channel for attacks, and therefore it is important to protect it with the most advanced protection technologies. But this carries a fairly high initial investment in software and hardware, as well as operating and maintenance costs of the mail system and its means of protection. In addition, any infrastructure has the habit of becoming obsolete, and therefore it needs to be updated regularly.

    Speaking directly about the needs associated with email security systems, then most companies have these:

    • Permanent access to corporate email
    • Security system flexibility and growth opportunities
    • Reduction of costs and initial investments
    • No unwanted traffic in the corporate network
    • Safe mail without spam and viruses
    • Simple administration

    All this becomes all the more relevant, the more employees in the company and the more distributed its infrastructure manual (remote offices, branches, mobile employees).

    SaaS mail protection model


    For delivering secure email and organizing its continuous operation, the cloud model known as SaaS (Software as a Service, can be perfectly used, although in our context we often decipher this abbreviation as Security as a Service, i.e. Security as a Service).

    Most micro and small enterprises use free (and sometimes paid) email services, which completely removes all the issues of organizing corporate email. Very comfortably. But it is not always suitable, especially if we are talking about medium and large enterprises.

    The latter, as a rule, have their own mail servers (sometimes geographically distributed), on which special security software is installed. And everything seems to work. Sometimes it even seems that it’s not so expensive. But does it make sense for such enterprises and organizations to pay attention to cloud services? What kind of? What benefits can this give?

    SaaS Email Security Solutions


    The use of local mail servers in medium and large companies is quite reasonable for many reasons. But with such a “local” approach, significant expenses (time, financial, staffing, etc.) are assumed for resolving issues related to ensuring email security.

    SaaS email security solutions are designed to help optimize such costs (and even completely eliminate some). Their principle of operation is simple: all mail traffic passes through special protected servers of the provider, where it is filtered for viruses, spam, dangerous content, etc. The output is “clean” mail traffic that is either delivered to the company (incoming mail) or vice versa , counterparties of the company (outgoing mail).

    Of course, with this cloud-based approach, there are pros and cons. Let's try to deal with them.

    Cloud benefits


    Most of the benefits of the SaaS model are related to ROI and other performance indicators. But not only.

    Savings on infrastructure
    The entire infrastructure of a SaaS solution is located in the cloud. This approach allows significant savings, because users of this service can use a more productive infrastructure and resources than they can afford locally. In addition, all the resource-intensive processes associated with ensuring email security are also taken to the cloud. Consequently, the load on mail servers is significantly reduced. As a result: requirements for hardware are reduced.

    Savings on maintenance and support
    Because Since the entire infrastructure is in the cloud, in this case there is no need to implement a security system "on the ground" and its further maintenance (updates, upgrades, additional administration, etc.). This allows IT departments with limited resources to save money and free up IT staff to solve other, more important tasks.

    The border for detecting threats is moved outside the network.
    And this is a very significant advantage, because it directly affects two points:

    • threats are filtered in the cloud before reaching the corporate network, which significantly reduces the security risks from e-mail. This is especially important in the new world of Web 2.0, where significant volumes of business transactions are carried out over the Internet.

    • since Since malicious and unwanted mail traffic does not reach the corporate network (remember about 85%?), in general incoming mail traffic is significantly reduced. This significantly reduces the load on the communication channel, and directly on the mail servers. As a result, the Internet is faster and mail servers are much faster.

    By the way, there is also a field for optimization here: it may well turn out that you can save on the communication channel (a less wide channel will be enough), and on mail servers (since the load on them will be reduced several times, then the freed up resources can be directed to others tasks).

    Backup
    Such SaaS solutions, as a rule, offer mail backup functions for a certain period of time (for example, up to 1-2 weeks). This is also a useful option, because you can not store backups locally and allocate resources for this, as well as in unforeseen cases, you can always restore mail recently.

    Mail Continuity
    A significant advantage of SaaS-solutions, which directly affects the efficiency of the company and its competitiveness. Indeed, even if some kind of failure occurs on the mail server (for an hour, for a day, for a couple of days) and it becomes unavailable, all incoming mail will not be lost and will not be sent back. It will be available through the online mail option. In this case, employees of the enterprise will be able to work through online mail, receiving and sending letters. Then, after solving problems with the mail server, all mail will be delivered to it.

    Platform independence
    Another significant advantage of using SaaS-solutions for filtering mail is their independence from the platform of your mail server. Indeed, for filtering mail, the service uses its own infrastructure, and the output is ordinary mail messages that are already delivered to the mail server. Therefore, you can change the platform of your mail and not think about the fact that you still have to change the protection, configure it again, etc.

    There are other less significant advantages of SaaS solutions, which are characteristic both for all enterprises and organizations as a whole, and manifested in various specific cases.

    Disadvantages of SaaS Solutions


    By and large, the only significant aspect that, due to a number of myths, is considered by most companies as a disadvantage, is confidentiality.
    When people talk about such SaaS solutions, many people have a natural fear: how is it that my company’s mail will go through someone’s servers, so someone will read it? What will happen to my mail? How will this affect the privacy of my company?

    Such fears are quite natural, because privacy issues are sensitive enough. Nevertheless, there are a number of arguments refuting, in our opinion, such concerns:

    • Confidentiality issues are regulated not only by SLA agreements of the SaaS providers themselves, but also by law. Given the fact that the provision of SaaS services is the main business of such providers, they are most interested in observing confidentiality issues;

    • data centers of such SaaS providers have higher levels of information and physical security, which allows you to safely store data;

    • if someone really wants to read your letters, then this can be done even if you do not use SaaS services.

    Delay in mail delivery
    If the data centers of the SaaS provider do not have the corresponding capacities, then a delay in the delivery of mail is possible. However, for serious SaaS providers, this scenario is unlikely.

    Service failure
    If the SaaS service has stopped working or access to it has become restricted due to the expiration of the licenses, then the mail will stop delivering. However, the administrator can always quickly reconfigure MX records in the domain by directing mail traffic directly to his mail server so that the mail starts to circulate normally again.

    Panda Email Protection: Email Firewall


    One of SaaS email security solutions, available on the market for more than 8 years and well-established among numerous customers all over the world, is Panda Email Protection.



    Panda Email Protection includes a multi-level system that combines filters and protection mechanisms using both proprietary (Panda Email Protection PROACTIVE, trust lists ...) and standard technologies (IP reputation, Bayesian networks, white and black lists, gray lists , traffic shaping, etc.) to ensure the maximum level of security. By removing spam, viruses and phishing using more than a dozen filters, the solution not only reduces the load on the mail server, but also eliminates the problems of reducing the productivity of employees who have to spend their time removing spam.

    Within one account, you can manage security with various mail domains and aliases.

    Filtration scheme


    Incoming filtering scheme:


    Outgoing filtering scheme:


    Main functions


    Panda Email Protection provides access to the centralized management web console with an intuitive and simple interface (including support for the Russian language), which allows administrators to quickly configure corporate email protection.

    Key key features:
    • Powerful anti-virus protection
    • Multi-level anti-spam
    • Content filtering
    • Backing up incoming mail
    • Simple centralized administration of email security policies
    • Various user registration mechanisms (manual, import from lists, integration with LDAP, SMTP, etc. )
    • Centralized quarantine (viral with administrator-only access and spam with end-user access)
    • A powerful customizable system of statistics, reporting and notifications, including a personal local notifier
    • The ability to configure filters and lists both at the domain level and at the end-user level
    • Email logs with the ability to open emails, add senders and IP addresses in white or black lists, classification of letters as valid or spam
    • Delegation of administration by domain
    • Access to mail from various mobile devices and platforms (iOS, Android, Windows)

    Filtering mode


    Panda Email Protection provides two filtering modes:

    Automatic mode
    In automatic mode, the service analyzes and classifies incoming messages according to a specific rating, which is assigned to each mail message based on the results of its verification using more than 600 different rules. The higher this rating, the more likely the message is spam.

    Possible rating values: from 0 to 10. The default rating value for a standard user is 5.

    The administrator has the ability to configure a rating threshold value, beyond which messages will be filtered. But here it is important not to overdo it in order to prevent unjustified false positives.

    Guaranteed Mode
    In this mode, the service checks if the sender is in the user's white list. In the event that it is not configured there, the sender automatically receives a letter in which there is a link to confirm delivery of the letter. Only after clicking on this link the letter is delivered to the recipient.

    The main components of the filtration system


    White / Black Lists
    Lists can contain email addresses, domains, or IP addresses. Lists can be configured both at the domain level and at the user or user group level manually or using the import option.

    Anti-
    Virus Anti- virus protection can be configured for incoming and outgoing mail both at the domain level and at the user level. By default, this protection is enabled. It should be remembered that for anti-virus scanning of outgoing mail, the domain must be configured so that outgoing mail traffic passes through Panda Email Protection.
    All filtered messages are placed in virus quarantine, accessible only to the administrator.

    Antispam
    Anti-spam protection can also be configured for incoming and outgoing mail both at the domain level and at the user level. By default, this protection is enabled. It should be remembered that for anti-spam scanning of outgoing mail, the domain must be configured so that outgoing mail traffic passes through Panda Email Protection.
    Various scenarios for processing filtered messages are available: forwarding to a specific address, delivery with the appropriate mark, or placing spam emails in spam quarantine, available for both the administrator and end users with the appropriate settings.

    Trust Lists
    Trust lists are automatic whitelists that are customizable for each domain and / or user. Thus, filtering does not apply to those people with whom corresponding correspondence is carried out. This mechanism can significantly reduce the level of false positives. These lists are automatically populated with email addresses that Panda Email Protection confirms to be safe.

    The rule
    engine The rule engine can be configured for both inbound and outbound mail. These rules are customizable by administrators to control the flow of messages.

    For example, for incoming mail you can:

    • delete attached files depending on various options (MIME type, size, archive, etc.)
    • mark messages as spam or a valid message
    • redirect a copy or send a letter to one or more recipients
    • delete messages
    • perform various actions depending on the size of the letter (including the attachment), its contents, etc.
    • do not perform any actions.

    NDR validation.
    This validation can be configured at the domain and user level. NDR validation assumes that a digital signature (SRS) will be added to all messages passing through Panda Email Protection. When this option is enabled, the following scenarios are possible:

    • If an email arrives with a valid SRS, then all other filtering mechanisms apply to it
    • If an email arrives with an invalid SRS or without it, then the email is rejected

    Anti Email Spoofing
    This mechanism is disabled by default, but it can be enabled for both domains and specific users. It allows you to protect yourself from email attacks carried out with IP spoofing techniques to bypass the appropriate protection filters.

    Others
    Among other components, there are Bayesian classifier, reputation blacklists (RBL), heuristics, the system of duplicate pattern detection (RPDS), which together are designed to more accurately classify each mail message.

    Personalization


    Panda Email Protection features allow you to personalize various standard notifications and messages of the service, company name and its logo, and choose the appropriate interface language. For example, among standard notifications you can personalize:

    • an invitation letter for each new user
    • a report on blocking letters
    • a confirmation letter for a guaranteed filtering mode
    • various reports for administrators

    Local notifier


    Panda Email Protection offers users to install a local Notifier on their computer - a small utility with an icon in the system tray that allows you to manage the operation of the SaaS service in relation to their mail.

    It is able to notify the user of the delivery of new letters, to inform about virus warnings and undeliverable letters. In addition, it allows you to manage messages, operating modes of the filtering system, the contents of spam quarantine, etc. Those. it suggests users to have at hand the most requested management options from those presented in the user’s web-based management console.

    Different types of clouds


    As a rule, SaaS email filtering solutions offer a service in the public cloud, when all the work of the service is carried out in external data centers, and "pure mail" is already delivered to the mail server.

    Panda Email Protection goes a little further in this regard, offering the following cloud uses:

    • hybrid cloud: in this case, the cloud service has a local Notifier utility for more convenient and efficient management

    • private cloud:in some cases, large organizations are forced to secure email through internal infrastructure. In this case, the entire Panda Email Protection cloud platform can be installed in the user's data center, allowing him to get all the benefits of a world-class scalable and fully functional solution, but at the same time use it as an internal (local) solution completely under his control.

    Conclusion


    The struggle to increase competitiveness, especially against the background of mobility, geographical distribution and BYOD, forces enterprises to focus on the main business, outsourcing everything else: transport services, accounting, a call center, security of premises and much more. IT in general and email security in particular are no exception.

    SaaS e-mail security solutions offer a number of advantages for medium and large enterprises, which can not only reduce costs and optimize the use of resources, but also increase the overall level of security (moving the border of detection of threats outside the network) and high availability of e-mail. All this directly affects the efficiency of the enterprise and its competitiveness.

    Moreover, SaaS solutionPanda Email Protection , for example, can easily be used by service providers and IT outsourcing companies to provide their customers with personalized and managed email security services with various licensing models. This allows you to reduce operating expenses and significantly expand both your own portfolio and the geography of services.

    Unfortunately, such solutions are not often used in Russia and the CIS countries, in connection with which some manufacturers even stopped releasing them and offering them in our market. But those companies that have largely overcome far-fetched fears have successfully used such solutions for many years.

    Also popular now: