Email remains the soft underbelly of enterprise security because it is the most tempting target for hackers. They just need one victim to succumb to a phishing lure to enter your network.
Phishing (in all its forms) is just one of many attacks that can leverage a poorly protected email infrastructure. Account takeovers (due to reused passwords), business email compromises, payment fraud, specialised mobile malware, and spam messages that contain hidden malware or poisoned web links. That places a heavy burden on any email security solution.
This is nothing new: Some email security products – and email exploits – have been around in one form or another for decades.
What is new is having more cloud-capable products that can install across an entire enterprise in minutes and include a variety of related protective measures. These products can also play well with other clouds and leverage the built-in security from Microsoft and Google without having to rip it out or neutralise it entirely.
Some of the tools have seen significant updates over the past few years, incorporating what used to be considered separate products (such as data loss prevention or encryption tools) and have kept pace with the latest updates to email security protocols.
We examined nine email security suites:
- Abnormal Security’s Integrated Cloud Email Security
- Area 1’s Horizon
- Barracuda Email Protection
- Cisco Secure Email
- FireEye Email Security
- Voltage SecureMail
- Mimecast Email Security
- Zix Secure Cloud Email Security Suite
The email security market seems to be heating up. FireEye and McAfee have merged through two separate buyouts from Symphony Technology Group. Voltage is now owned by MicroFocus/CyberRes. Startup Abnormal Security launched its product in October. We also contacted several vendors that declined to participate: Avanan (which was acquired earlier this year by Check Point), Trend Micro, Proofpoint, ArmorBlox and Ironscales.
The reason for the descriptor “security suites” is because these products do more than just send and receive your emails.
A few products, such as Area 1 and Cisco, don’t support the mail retrieval POP and IMAP protocols and just focus on the SMTP sending mail stream. That finer point aside, these products also support the trio of secure email protocols (DKIM, SPF and DMARC). Some products began life by providing anti-phishing and anti-spam protection and have continued to innovate by using the latest machine learning techniques to detect new exploits.
Some offer additional features such as:
Email client support: Vendors offer their own email clients for a variety of operating systems, including web-based email and software for Windows, Linux, MacOS, Android and iOS devices.
Users now get their email from a variety of devices and having custom software that supports a diverse endpoint collection helps to keep everything secure. Some of the products including Abnormal, Barracuda, Zix and FireEye don’t have their own clients and rely on those from Microsoft and Google.
Cloud and on-premises versions: Many of the vendors package their security suite in a variety of forms. Cloud versions once protected only cloud-based email services, and on-premises versions protected only servers inside your data centre. That has changed.
For example, Barracuda’s hardware appliance can protect cloud services, and Area 1’s SaaS-based service can protect all email no matter what the location. Cisco has the most thorough set of packaging options. Some of the cloud-based vendors claim their products receive daily or weekly updates automatically, enabling them to incorporate new threat modalities and features almost continuously.
API-level integration: In the past, enterprises were faced with a difficult choice if they used cloud-based email services such as from Microsoft or Google: Either turn off native email security (such as Microsoft’s Advanced Threat Protection) or make do with adding an additional email relay if they wanted the features of one of these vendors.
Now, products like Area 1’s Horizon and Abnormal Security can integrate at the API level and leverage the combination of their own native cloud protection features along with what comes built-in by Microsoft and Google.
Support for data loss prevention and detection (DLP): This used to be the sole province of specialised security tools, but lately DLP has become integrated into more of the email security suites. DLP is useful to catch early phishing exfiltrations or a recently terminated employee who is stealing corporate data. Products from Abnormal and FireEye have plans to add DLP features, but don’t currently offer this support.
Support for mail archiving: Many of these suites now offer archiving features, although this is missing from the Abnormal, FireEye and Trustifi products.
Automatic email encryption and decryption: This used to be a messy add-on that required all sorts of fumbling on the part of email administrators and users. Now it is incorporated into some of the security suites directly. Zix and Voltage were both early providers of encryption services but others also offer this feature.
Support for browser isolation/sandboxing: This is another way to stop phishing attacks. The email security software can detect when a user clicks on a bad link or malware-infested attachment and stop the outbound connection from happening.
A note about pricing: Most of the vendors mentioned here have a confusing array of features, options and packaging. None have completely transparent pricing, although Mimecast has the best webpage that describes the various plans and options (although not their actual costs).
Pricing is typically US$2 to US$5 per user per month for these products, although some vendors (such as Abnormal) differentiate a user’s mailbox from a shared mailbox and charge less for the latter. Area 1 has a unique pricing scheme that I explain in its description. Per-user prices drop for larger and multi-year installations.
Abnormal Security Integrated Cloud Email Security (ICES)
Abnormal is the newest email security vendor, with its ICES product on the market since October 2021. It is completely cloud-based but covers your entire email infrastructure. It comes with both Office 365 and Google Workspace integrations and can operate both as an email gateway and as a relay if you are using other security products. It doesn’t offer DLP or archiving features, nor does it have any client support. Pricing starts at US$35 per user per year.
Area 1 Security Horizon
Horizon is a cloud-only product that can be used across all enterprise email. It is notable for its API-level integration with both Microsoft Office 365 and Google Workspace security. In addition to its DMARC/DKIM/SPF support, it will assess authenticated receive chain headers on inbound messages and automatically sign them. It also offers a two-phased browser isolation model: first doing pre-emptive sandboxing of potential phishing campaigns and then further isolation when individual messages are detected.
It is missing a few key features, including a lack of support for POP and IMAP mail retrieval and any archiving functionality. It also doesn’t have its own mail clients – other than using webmail. While it doesn’t have any DLP abilities or any outbound encryption features, it fills these gaps by offering integration with both of Virtru’s services.
Horizon comes in three different versions: Advantage, Enterprise and an optional Phishguard add-on to the enterprise package. Advantage is for organisations with fewer than 5,000 mailboxes and doesn’t include phishing and managed threat response found in the enterprise version.
Pricing starts at US$25,000 per year for up to 500 users, rising to US$35,000 per year for up to 1,000 users for the Advantage package. For smaller installations, that works out to US$50 per user which makes Horizon one of the more expensive products.
Barracuda Total Email Protection
Barracuda’s Total Email Protection is a SaaS-based product. There is also a separate hardware appliance called Email Security Gateway. Both versions will protect both cloud and on-premises email, but the appliance is missing features such as protection to stop account takeovers and DMARC support. Neither version has separate email clients.
The products have a full array of complementary protective features including DLP, mail archiving and encryption. Barracuda offers optional add-on tools for machine-learning phishing detection called Sentinel and automated incident response. Pricing starts at US$31 per user per year.
Cisco Secure Email
Cisco’s Secure Email supports only SMTP and doesn’t protect inbound email POP or IMAP connections. It also doesn’t offer any archiving options, although it will work with Commvault’s product. Cisco packages its own web-based AsyncOS client that runs on either Windows or MacOS. It requires the following web browsers: Safari, Google Chrome, Firefox and Microsoft Edge. It doesn’t offer any other clients.
The product comes in two different packages: an appliance that can either be a physical or virtual server or a Saas-based hosted service. The latter is also available in a specialised version called Cloud Mailbox that is just for Office 365, which also has an optional Premier Bundle that includes a series of machine-learning engines to improve detection.
Secure Email has a full DLP suite that has more than 100 policy templates for compliance purposes, along with a variety of extra-cost encryption options for sending mail.
Cisco also integrates with its other security tools, including the Talos Sender Reputation Service and browser isolation from Cisco Umbrella. Pricing for 100 users starts at US$22.70 per user per year for the appliance, plus another US$10,000 to purchase the hardware. For the cloud-based service the price for 100 users is US$26 per user per year.
FireEye Email Security
FireEye offers both an on-premises appliance and a cloud hosted solution – either of which can support your entire email infrastructure, and it can operate both as a gateway and a relay to other security products. It began supporting both Google and Microsoft cloud email services this past summer. It lacks any DLP, encryption or archiving features, and doesn’t have its own email clients although it will support webmail clients. No pricing was provided by the vendor.
Microfocus/Voltage Secure Email
Microfocus/CyberRes is now the corporate parent for one of the longest-standing email encryption products on the market from Voltage (the company claims 75 million users). It comes in both cloud and on-premises versions.
However, the product is showing its age because it doesn’t support IMAP protocols and is missing any DLP features. It comes with a variety of its own clients, including Linux, Android, iOS and Blackberry. Pricing for basic services starts at US$25 per user per year for 200 users and drops for larger installations. Add-ons can be purchased in different packages.
Mimecast Email Security v3.0
Mimecast is another vendor that has been around for many years. Its cloud-only email security will protect only other cloud-based email services. While it doesn’t have a Linux client, all other clients are supported. It also offers comprehensive features such as email archiving, DLP and browser isolation from invading malware.
Mimecast has several different plans, the least expensive is the Basic Perimeter plan that starts at US$3 per user per month. The higher-priced plans include features such as a DMARC analyser, phishing awareness training, and additional protective features.
Trustifi began its focus on email encryption and now offers separate products called Inbound Shield for phishing protection and a DLP package. Mail archiving is not part of this collection, however. All are cloud-only services. It is a mail relay only, and has its own clients, including webmail. Pricing starts at US$70 per user per year, which makes it one of the most expensive services of those covered in this roundup.
ZixSecure Cloud Email Security Suite
Zix offers both cloud and on-premises products but supports only webmail clients. Archiving is available but at an extra cost. Unlike most of the other vendors, Zix does not currently support IMAP or POP integration and runs across just SMTP protocols.
Zix will custom build DLP filters for no additional charge. It offers attachment disarming, which removes macros or converts files to render them benign before delivery to a user's inbox. Zix doesn’t support either the Microsoft or Google mail APIs.
For smaller installations, Zix is the highest-priced product of those covered here. For 100 users, the annual rate is US$85 per user per year which drops for 1,000 users to US$51 per user per year.