Why and how to transfer corporate email security to the cloud. Part 1

Email protection in the cloud allows you to get a number of advantages that positively affect the efficiency of the company, although this approach still causes a number of concerns. But is the devil so terrible as he is painted? Is it worth it and you look at such opportunities?

In the first part of this article, we will look at the main problems and needs of enterprises related to email security, as well as the general advantages and disadvantages of SaaS solutions for protecting corporate email. In fact, we will try to answer the question "why."

And now the second part of the article will be devoted to answering the question “how”: here we will be able to show the main steps in pre-setting the SaaS solution using the example of Panda Email Protection .

Mail - the main communication channel

It's no secret that e-mail is the main communication channel of enterprises and organizations. Contracts, commercial offers, descriptions of products and services, invoices and other financial and accounting documents, various documents, assignments and offers are transmitted via e-mail, various customer services are tied to it, and much more. Thus, the good work of e-mail ensures the normal functioning of the company, directly affecting its performance (respectively, its income and competitiveness).
')
Obviously, e-mail must be properly protected from various types of IT threats (viruses, spam, encryption, phishing, and much more). After all, an insufficient level of protection can lead to delays in work, failures and downtime of mail servers, loss of productivity and problems in the work of the company.

The main issues that have to be addressed in connection with e-mail:

1. IT risks
According to internal estimates of Panda Security, up to 85% of all e-mail arriving at companies and organizations is infected or is spam. Accordingly, there is a constant risk of infection or attack by cyber criminals.

2. Performance
Email is a critical means of production. Simple mail is a loss of productivity. Therefore, you always need access to e-mail at any time from any device, even if a failure occurred with the mail server.

3. ROI
Mail is a frequently used channel for carrying out attacks, and therefore it is important to protect it with the most advanced protection technologies. But this carries a fairly high initial investment in software and hardware, as well as operating costs and expenses for maintaining the postal system and its means of protection. In addition, any infrastructure has a habit of becoming obsolete, and, therefore, it must be regularly updated.

If we speak directly about the needs related to the security systems of e-mail, then they are for most companies:

• Continuous access to corporate e-mail
• Security flexibility and growth opportunities
• cost reduction and initial investment
• No unwanted traffic in the corporate network
• Secure mail without spam and viruses
• Easy administration

All this becomes all the more relevant, the more employees in the company and the more distributed its infrastructure (remote offices, branches, mobile employees).

SaaS model for mail protection

The cloud model known as SaaS (Software as a Service, although in our context we often decode this abbreviation as Security as a Service, i.e. Security as a Service), can perfectly be used to deliver secure e-mail and organize its continuous operation.

Most micro and small businesses use free (and sometimes paid) email services, which allows you to completely eliminate all issues of organizing corporate e-mail. Very comfortably. But not always suitable, especially if we are talking about medium and large enterprises.

The latter, as a rule, have their own mail servers (sometimes geographically distributed), on which special security software is installed. And everything seems to be working. Sometimes it even seems that not so expensive. But does it make sense for such enterprises and organizations to pay attention to cloud services? What kind of? What benefits can it give?

SaaS Email Security Solutions

The use of local mail servers in medium and large companies is justified for many reasons. But with such a “local” approach, substantial expenses (temporary, financial, personnel, etc.) are assumed to address issues related to email security.

Helping to optimize such expenses (and even get rid of some of them completely) is intended for SaaS e-mail security solutions. Their principle of operation is simple: all email traffic passes through special secure servers of the provider, where it is filtered for viruses, spam, dangerous content, etc. The output is “clean” email traffic, which is either delivered to the company (incoming mail), or vice versa , counterparties of the company (outgoing mail).

Of course, with this cloud approach, there are pros and cons. Let's try to deal with them.

Cloud benefits

Most of the benefits of the SaaS model are related to ROI and other performance indicators. But not only.

Infrastructure savings
The entire infrastructure of the SaaS solution is located in the cloud. This approach allows you to achieve significant savings, because users of this service can use a more productive infrastructure and resources than they can afford it locally. In addition, all resource-intensive processes related to email security are also moved to the cloud. Consequently, the load on mail servers is significantly reduced. As a result: reduced requirements for the "gland".

Savings in service and maintenance
Since the entire infrastructure is located in the cloud, in this case, there is no need to implement the on-site security system and its further maintenance (updates, upgrades, additional administration, etc.). This allows IT departments with limited resources to save money and free up IT staff to solve other more important tasks.

The threat detection boundary is outside the network.
And this is a very significant advantage, because it directly affects two points:

• Threats are filtered in the cloud, not reaching the corporate network, which significantly reduces the security risks from email. This is especially important in the new world of Web 2.0, where substantial volumes of business transactions are made over the Internet.

• because malicious and unwanted mail traffic does not reach the corporate network (remember about 85%?), and in general, incoming mail traffic is significantly reduced. This significantly reduces the load on the communication channel and directly to mail servers. As a result, the Internet is faster and mail servers are much faster.

By the way, there is also a field for optimization here: it may well be that you can save on the communication channel (a less wide channel will be enough) and on mail servers (once the load on them decreases several times, then the released resources can be directed to solving other tasks).

Backup
Such SaaS solutions, as a rule, offer mail backup functions for a certain period of time (for example, up to 1-2 weeks). This is also a useful option, because you can not store backups locally and allocate resources for this, as well as in unforeseen cases, you can always restore mail lately.

Mail continuity
A significant advantage of SaaS solutions, which directly affects the efficiency of the company and its competitiveness. After all, even if there is any failure on the mail server (for an hour, a day, a couple of days) and it becomes unavailable, all incoming mail will not be lost and will not be sent back. It will be available through the online mail option. In this case, employees of the company will be able to work through online mail, receiving and sending letters. Then, after solving the problems with the mail server, all mail will be delivered to it.

Platform independence
Another significant advantage of using SaaS-solutions for mail filtering is their independence from the platform of your mail server. Indeed, to filter mail, the service uses its own infrastructure, and the output will be regular mail messages that are already delivered to the mail server. Therefore, you can change the platform of your mail and not think about the fact that you will have to change the protection, re-configure it, etc.

There are other less significant advantages of SaaS solutions, which are characteristic both for all enterprises and organizations in general, and also manifest themselves in various specific cases.

Disadvantages of SaaS Solutions

By and large, the only significant aspect that, due to a number of myths, is considered a disadvantage by most companies, is confidentiality.
When people talk about similar SaaS solutions, many people have a natural fear: how is it that my company’s mail will go through someone’s servers, then someone will read it? What will happen to my mail? How will this affect the privacy of my company?

Such concerns are quite natural, since privacy issues are quite sensitive. Nevertheless, there are a number of arguments that refute, in our opinion, such concerns:

• confidentiality issues are governed not only by the SLA-agreements of SaaS providers themselves, but also by law. Given the fact that the provision of SaaS-services is the main business of such providers, they are most interested in observing privacy issues;

• Data centers of such SaaS-providers have higher levels of information and physical security, which allows you to safely store data;

• if someone really wants to read your letters, then this can be done even if you do not use SaaS services.

Delay in mail delivery
If the data centers of the SaaS provider do not have the appropriate capacity, then there may be a delay in mail delivery. However, serious SaaS providers such a scenario is unlikely.

Service failure
In the event that the SaaS service stops working or access to it becomes limited due to the expiration of the license, the mail will no longer be delivered. However, the administrator can always quickly reconfigure MX records in the domain by sending mail traffic directly to his mail server so that the mail starts to circulate normally again.

Panda Email Protection: Email Firewall

One of the SaaS e-mail security solutions available on the market for more than 8 years and well-established among numerous clients all over the world is Panda Email Protection.



Panda Email Protection includes a multi-level system that combines filters and protection mechanisms using both proprietary (Panda Email Protection PROACTIVE, trust lists ...) and standard technologies (IP reputation, Bayesian networks, white and black lists, gray lists , traffic shaping, etc.) to ensure maximum security. Removing spam, viruses and phishing using more than a dozen filters, the solution not only reduces the load on the mail server, but also eliminates the problem of reduced productivity of employees who are forced to spend their time removing spam.

Within one account, you can manage the security of different mail domains and aliases.

Filtration scheme

Inbound filtering scheme:


Outbound filtering scheme:

Main functions

Panda Email Protection provides access to a centralized management web console with an intuitive and simple interface (including Russian language support), which allows administrators to quickly set up corporate email protection.

Key key features:
• Powerful anti-virus protection
• Multi-level antispam
• Content Filtering
• Backing up incoming mail
• Simple, centralized administration of email security policies.
• Various user registration mechanisms (manually, import from lists, integration with LDAP, SMTP, etc.)
• Centralized quarantine (viral with administrator access only and spam with end-user access)
• Powerful customizable statistics, reporting and notification system, including a personal, local notifier
• Ability to customize filters and lists both at the domain level and at the end-user level
• Email logs with the ability to open emails, add senders and IP addresses to the white or black lists, classify emails as valid or spam emails.
• Delegation of administration by domain
• Access to mail from various mobile devices and platforms (iOS, Android, Windows)

Filter mode

Panda Email Protection provides two filtering modes:

Auto mode
In the automatic mode, the service analyzes and classifies incoming messages in accordance with a certain rating, which is assigned to each email message based on the results of its checking with the help of more than 600 different rules. The higher the rating, the greater the likelihood that the message is spam.

Possible rating values ​​are from 0 to 10. The default rating for the standard user is 5.

The administrator has the ability to customize the rating threshold, above which messages will be filtered. But here it is important not to overdo it in order to prevent unreasonable false positives.

Guaranteed mode
In this mode, the service checks if the sender is in the user's white list. In the event that it is not configured there, the sender automatically receives a letter containing a link to confirm the delivery of the letter. Only after clicking on this link is the letter delivered to the recipient.

The main components of the filtration system

White / Blacklists
Lists can contain email addresses, domains or IP addresses. Lists can be configured at the domain level, or at the level of users or groups of users manually or using the import option.

Antivirus
Anti-virus protection can be configured for incoming and outgoing mail at the domain level, and at the user level. By default, this protection is enabled. It should be remembered that in order to scan outgoing mail for viruses, the domain must be configured so that outgoing mail traffic passes through Panda Email Protection.
All filtered messages are placed in a virus quarantine, available only to the administrator.

Antispam
Anti-spam protection can also be configured for incoming and outgoing mail both at the domain level and at the user level. By default, this protection is enabled. It should be remembered that for anti-spam checking of outgoing mail, the domain must be configured so that outgoing mail traffic passes through Panda Email Protection.
Various scenarios are available for processing filtered messages: redirection to a specific address, delivery with a corresponding note, or placing spam messages in a spam quarantine that is accessible to both the administrator and end users with the appropriate settings.

Trust lists
Trust lists are automatic white lists configured for each domain and / or user. Thus, filtering does not apply to the people with whom the corresponding correspondence is carried out. This mechanism can significantly reduce the level of false positives. These lists are automatically populated with email addresses that Panda Email Protection confirms as safe.

Rule engine
The rule engine can be configured for both incoming and outgoing mail. These rules, which can be customized by administrators, allow you to control the flow of messages.

For example, for incoming mail you can:

• delete attached files depending on various options (MIME type, size, archive, etc.)
• Mark messages as spam or valid email.
• redirect a copy or send an email to one or more recipients
• delete messages
• perform various actions depending on the size of the letter (including the attachment), its contents, etc.
• do nothing

NDR validation
This validation can be configured at the domain and user level. NDR validation assumes that a digital signature (SRS) will be added to all messages passing through Panda Email Protection. When this option is enabled, the following scenarios are possible:

• If a letter arrives with a valid SRS, then all other filtering mechanisms are applied to it.
• If a letter arrives with an incorrect SRS or without it, then such a letter is rejected.

Anti Email Spoofing
This mechanism is disabled by default, but it can be enabled for both domains and specific users. It allows you to protect yourself against email attacks carried out with IP address spoofing techniques to bypass the corresponding protection filters.

Other
Among other components, there are Bayesian classifier, reputation blacklists (RBL), heuristics, duplicate pattern detection system (RPDS), which together are designed to more accurately classify each email message.

Personalization

Panda Email Protection features allow you to personalize various standard notifications and service messages, the company name and its logo, select the appropriate interface language. For example, among standard notifications you can personalize:

• invitation letter for each new user
• email blocking report
• confirmation letter for guaranteed filtering mode
• various reports for administrators

Local notifier

Panda Email Protection offers users to install a local notifier (Notifier) ​​on their computer - a small utility with an icon in the system tray that allows you to manage the operation of the SaaS service with respect to their mail.

It is able to notify the user about the delivery of new letters, to report on virus warnings and undeliverable letters. In addition, it allows you to manage messages, filtering system operation modes, the contents of spam quarantine, etc. Those. it offers users to have on hand the most popular management options from among those presented in the user's web management console.

Different types of clouds

As a rule, SaaS e-mail filtering solutions offer a service in a public cloud, when the entire work of the service is carried out in external data centers, and the “pure mail” is delivered to the mail server.

Panda Email Protection in this plan goes a little further, offering the following uses of clouds:

• hybrid cloud: in this case, the cloud service has a local utility Notifier for more convenient and operational management

• Private cloud: in some cases, large organizations are forced to secure email at the expense of their internal infrastructure. In this case, the entire cloud platform Panda Email Protection can be installed in the user's data center, allowing him to get all the benefits of a scalable and fully functional world-class solution, but still use it as an internal (local) solution completely under his control.

Conclusion

The struggle to increase competitiveness, especially against the background of mobility, geographical distribution and BYOD, forces enterprises to focus on their core business, leading everything else to outsourcing: transportation services, accounting, a call center, security services and much more. IT in general and email security in particular is no exception.

SaaS e-mail security solutions offer a number of advantages for medium and large enterprises that can not only reduce costs and optimize resource use, but also increase the overall level of security (by defining the detection of threats outside the network) and high availability of e-mail. All this directly affects the efficiency of the enterprise and its competitiveness.

Moreover, Panda Email Protection's SaaS solution, for example, can easily be used by service providers and IT outsourcing companies to provide their customers with personalized and managed mail security services with different licensing models. And this allows you to reduce operating expenses and significantly expand both your own portfolio and the geography of service provision.

Unfortunately, such solutions in Russia and the CIS countries are not used often, and therefore some manufacturers even stopped producing and offering them in our market. But those companies that have overcome, by and large, far-fetched fears have been successfully using such solutions for many years.