Email security gateways are products that are used to prevent emails that violate an organization's policies -- particularly emails with malicious intent -- from reaching their destinations. All email security gateways can quarantine or block emails that contain detected malware, phishing attacks, spam and other malicious content. This prevents many attacks from reaching their intended recipients, which in turn reduces the number of successful compromises of hosts, user credentials and sensitive data.
Some security gateways also offer data loss prevention capabilities that prevent inadvertent or intentional leakage of sensitive information via email messages. This is mainly a concern for outbound traffic (email messages sent from within the organization).
There are many email security gateway products available. It is not feasible to exhaustively capture the characteristics of every single product, so this article focuses on the most widely used types of email security gateway products.
The architecture of email security gateways
There are several possible architectures for hosting email security gateways, including the following:
- The email server. Some email security gateway products are email server-specific (e.g., for Exchange servers only, for Domino servers only), and these products are typically installed directly onto the email server. Most products do not fall into this category.
- An on-site hardware appliance. The majority of email security gateway products offer a hardware appliance option. This dedicated appliance is installed on the organization’s network, and inbound and outbound email traffic is routed through the appliance for analysis and filtering.
- An on-site virtual appliance. Increasingly, vendors are offering on-site virtual appliances for email security gateways. These virtual appliances can be installed as part of a private cloud controlled by the organization, or they can simply be run on an on-site server without necessarily being part of a cloud architecture.
- A public cloud. Many email security gateway products are now available as public cloud-based services. They function the same way as the on-site appliances do; all inbound and outbound email traffic for an organization is routed through the service.
- A hybrid approach (combining public cloud and on-site presence). A relatively new approach being taken by some email security gateway vendors is to offer a hybrid architecture, which combines a public cloud-based service and a locally deployed hardware or virtual appliance.
None of these architectures are necessarily better than the others; each has advantages and disadvantages in terms of security, performance and reliability. However, all of these architectures ultimately deliver the same type of email analysis and filtering services to their user communities.
Email security gateways are strictly that -- gateways -- and they have no presence on client devices. The lack of a dependency on client-side security controls is important for achieving effective email security in many environments, especially those that have email users with client devices outside the organization’s control, such as bring your own device laptops, smartphones and tablets.
Typical environments suitable for email security gateways
Email security gateways are a necessity for virtually every organization today because email-borne threats are ubiquitous. Some organizations choose not to have an email security gateway because they feel their client-based security controls, such as antivirus software and antispam features provided by email clients, are strong enough email protection against threats -- making an email security gateway unnecessary.
Unfortunately, client-based solutions tend not to be as effective as email security gateways. Most email security gateways leverage dynamic threat intelligence feeds, which are updated every few minutes, to provide protection against the latest email-based threats. Client-based security controls rarely have access to such feeds, and it is hard to imagine all the client devices in an organization updating their email security software every few minutes around the clock. So email security gateways can typically offer better email protection against emerging threats than client-based security controls.
Email security gateways are also beneficial for organizations that host their own email services and those that outsource their email services, assuming the outsourcer isn't already providing email security gateway services.
Organizations that outsource email services should check with their outsourcer to see what security services are already being provided before inadvertently duplicating those services with an email security gateway.
The costs of email security gateway adoption and deployment
The cost models for adopting and deploying email security gateways vary considerably depending on the type of solution selected. For example, public cloud-based email security gateway services may charge a fee per email address or usage fees (based on, for example, the number or volume of email messages analyzed). Appliance-based email security gateways typically have a flat fee for the appliance itself and may also charge a subscription fee to supply the appliance with the latest threat intelligence information and other updates.
Because email security gateways are transparent to end users, client support should be minimal. Email security gateways do make mistakes, but most products are extremely accurate in their classifications of emails, so it's quite rare for an email to be blocked that should be permitted. Such instances may require a gateway administrator to intervene.
Some email security gateways offer add-on security capabilities, such as email encryption. These capabilities generally involve a separate charge in addition to the gateway itself and any support or maintenance subscriptions.
Beefing up organizational security with email security gateways
Email security gateways prevent malware, phishing attacks, spam and other unwanted emails from reaching their recipients and compromising their devices, user credentials or sensitive data. Because so many attacks today are email-based, an email security gateway can sharply decrease the number of successful attacks against an organization.
Because email security gateways are network- or server-based, not client-based, their use does not require any changes to the configuration or security controls on client devices. There are several email security gateway architectures to choose from, but all analyze and filter inbound and outbound emails to quarantine or block suspicious content.
Read about the key features of cloud email security.
Learn about important criteria to consider when evaluating email encryption.