Welcome to this intro on FortiMail and FortiMail Cloud.
At Fortinet, we believe the future of email security goes beyond email.
In this video, we’re going to talk about the risk posed by email and email-borne threats. We’ll then talk at length about FortiMail and FortiMail Cloud spending time focused on how FortiMail stands out from other solutions in the marketplace.
Now, let’s talk about the risk posed by email and email-borne threats.
Email isn’t going anywhere. It’s a business critical tool for employees and for everyone, for that matter. In fact, there are 5.6 Billion active email accounts worldwide which means many of us have more than one. Those accounts will be responsible for a collective 320 Billion emails being sent daily in 2021. Meanwhile, we’re seeing a shift in the services used by businesses to send email. According to Gartner and Business@Work data, 71% of companies are using cloud or hybrid cloud email services for their employees.
All of this means that email is at the core of organizations’ external and internal communications, their marketing efforts, their discussions with customers, prospects, partners and affiliates. Email is not going away and without email, businesses can’t get business done.
STATS
Email Remains a Business Critical Tool for Employe71% of companies are using cloud or hybrid cloud email:
“Enterprise adoption of cloud office systems (see Note 2), for which cloud email is a key capability, is continuing to grow, with 71% of companies using cloud or hybrid cloud email. Google’s G Suite and Microsoft’s Office 365 dominate the market. Use of G Suite grew 37% in 2019, slightly faster than Office 365 at 36% ( Businesses @ Work). However, Microsoft 365 remains more popular for larger public companies, but G Suite is growing and particularly in smaller/medium enterprises (see “Survey Analysis: Google and Microsoft Battle It Out in a Growing Cloud Email Market”).” – Gartner Market Guide for Email Security - Published 8 September 2020 - ID G00722358 - 39 min read
es…
Email remains a primary threat vector. According to Verizon Data Breach Investigations Report for 2020, 22% of Breaches were caused by what they refer to as “Social Actions” or actions where the intent was to play on user or employee behavior. As you can imagine, 96% of these social actions were delivered via email with 90% of those being classified as Phishing and another 9% as Pre-texting.
When you look at what the bad guys were able to obtain, Credentials topped the list by a mile at 62%. And that’s a huge problem because once the bad guys have legitimate credentials, this inevitably leads to further actions that don’t necessarily involve malware and other tools to perform their “actions on objective” or achieve their ultimate aims. In fact, any time you have credential theft it’s important to look further across your security infrastructure for what might have transpired next.
If we look at the risk posed by malware, on the left here you see the most frequent types of malware with password dumpers topping the list. That shouldn’t be a surprise given what we saw of credential theft on the prior chart. On the right, we see how prominent a role email plays in the delivery of threats whether they be through links to malsites, attachments or some type of threat or risk presented in the nature of the email’s content itself.
All of the statistics and charts we covered here so far should leave you with the impression that email security is more important than ever and having a proven solution is so critical. We talked about 71% of organizations using cloud-based email services today and in particular, Microsoft 365 and Google Workspace. These are great email and productivity suites. However, it’s important to note that with such extensive usage today, IT and Security teams may be exposing their organizations to an unacceptable level of risk as captured by independent testing firm, SE Labs. In their tests, both Microsoft 365 and Google Workspace native security tools fared poorly in total accuracy with a total accuracy rating of 39% for Google Workspace and 29% and 28% for Microsoft security tools. For comparison, Fortinet’s Total Accuracy Rating was 90%.
Now, that you understand the risk posed by email and email-borne threats, let’s turn our attention to Fortinet’s powerful FortiMail and FortiMail Cloud solutions.
Fortinet FortiMail provides advanced protection against the full spectrum of email-borne threats including phishing, spear phishing, spam, targeted attacks, ransomware, impersonation and Business Email Compromise or BEC attacks.
This comprehensive coverage is complemented by a wide range of deployment options and operation modes to meet the various on-premise, cloud-based and hybrid email use cases organizations have today. This includes powerful appliances and Virtual Machines for organizations that want full control over their email infrastructure as well as our FortiMail Cloud email security as a service solution for organizations that prefer a SaaS based model and consumption-based billing.
What sets us apart?
Let’s talk about how we see the evolution of email security at Fortinet.
We believe the future of email security and FortiMail is platform- or fabric-enabled to counter the growing sophistication of threats and multi-vector campaigns. As part of the Fortinet Security Fabric, Indicators of Compromise and other telemetry can be shared for enhanced security across your entire security infrastructure and FortiMail. IT and security teams are able to more completely connect the dots to identify multi-vector campaigns by sophisticated actors. And intensive and repetitive workflows including response can be automated to reduce the burden on security operations teams.
Unlike many of our competitors, we regularly test FortiMail with independent third-party testers like SE Labs, ICSA Labs and Virus Bulletin to validate FortiMail’s efficacy against threats. And we consistently earn high marks.
FortiMail is powered by threat intelligence from FortiGuard Labs. With over 500,000 Fortinet customers worldwide, FortiGuard Labs has unmatched visibility into telemetry and the threat landscape at large and this threat intelligence underpins everything FortiMail does to provide the email security outcomes you expect on your behalf.
Last, Fortinet delivers industry-leading cost to performance. Our customers are able to get the high performance they need in their email security solution without breaking the proverbial bank. This allows them to allocate savings elsewhere knowing they aren’t compromising their security in the process.
FortiMail is a powerful Secure Email Gateway solution that provides multi-layered security against the full spectrum of email-based threats from known threats to zero day threats to more advanced impersonation and business email compromise attacks. In the graphic, you can see this represented with the sophistication and risk of threats increasing as you move right. We also see a number of overlaid badges that represent various capabilities brought together seamlessly to work together to prevent and detect threats in email. At the lower edge of the graphic, you see some of the specific types of technologies and practices at work. This graphic reflects the power of the Fortinet Security Fabric which we’ll talk about later in the video.
These layers always attempt to filter email threats as quickly and efficiently as possible starting with known threats and then moving through the more complex and intensive methods and integrations with the security fabric.
Known threats are detected using our Global FortiGuard Threat Intelligence System. Using multiple threat feeds and machine learning techniques, we are constantly learning about new attacks and updating our database in real time to block known threats and threat actors as early in the communication as possible. Known spam IP sources, known spam content and phishing and malicious URLs are blocked.
More complex methods are included on the device and via fabric integration to help address more targeted attacks.
[IF USING ONE OR MORE THREAT MITIGATION SCENARIOS, then use the following statement to transition into those:]
Lets drill down into some more detail…
When we talk about the nature of threats we see in email, it’s important to look at them as content-based, URL-based and attachment-based threats. Of course, a single email could entail multiple elements. However, for our purposes, we’ll keep these separate.
Content based threats include spam, phishing and although not a threat, just annoying and time consuming – greymail or solicited newsletters.
Features such as FortiGuard URL Filtering, Spam content detection and IP reputation as well as methods such as SPF, DKIM and DMARC are used to quickly deal with volumetric spam.
For rapidly changing evasive spam campaigns, features such as behavioural analysis will look for spam which is similar to recent campaigns based on fuzzy matching technology. Outbreak protection will temporarily buffer suspicious email. Meanwhile, data analytics is used across our global FortiGuard network to detect if the email is part of a wider globally coordinated spam campaign.
These methods allow FortiMail to be one of the highest rated Secure Email Gateway Solutions on the market according to independent third party testing.
The days of allowing .exe files through your mailserver are hopefully long gone, but there is still a huge number of files which can be used as an initial infection and compromise stage within the network. Office documents, PDF files can all be abused to infect the unwary user.
FortiMail uses multiple levels of threat prevention and detection techniques to address these types of threats.
Again, FortiGuard Threat Intelligence is key. First, we make use of the FortiGuard AV engine to scan and detect known and previously unseen malware via CPRL signatures which can detect whole families of malware.
Outbreak Protection is again used to compare the attachments against our real time threat intelligence database gathered from our global threat detection network. If a fast propagating attachment is being sent from known spam IP, we quickly step in to prevent this from propagating further.
At this point the Security Fabric comes into play and files can be sent to either an on-premise or cloud-based FortiSandbox for the attachment to be exploded in the Sandbox environment and its behaviour checked.
Finally, if the file has passed all of these checks but you are still security conscious – Content Disarm and Reconstruction can be used to remove Macros, scripts, active code, attachments and URLs from Office and PDF documents to prevent them being used as carriers of threats into the network.
If there is robust filtering built into the mail solution, threat actors will often pivot to URLs and hope they can bypass security by linking to it in the email body with a call to action for example “Click here for your tax rebate”.
Again FortiMail has multiple levels of URL threat prevention:
FortiMail checks all URLs against the FortiGuard URL database and blocks all known malware and phishing content. Additional filters can be employed for adult and non-business content as well as newly registered domains which prevents new-phishing sites from being exploited.
Previously mentioned Outbreak Detection will identify new propagating threats and content disarm and reconstruction can remove linked URLs
FortiSandbox
The final layer of protection is focused in the highly targeted attacks commonly known as business email compromise. These attacks are commonly targeted at high value targets within the organization – the C-levels and people with ability to sign off financial transfers or divulge critical organizational information.
When we talk about capabilities that can be used to stop Business Email Compromise Attacks, we see Impersonation Analysis, Sender Policy Framework, DKIM and DMARC techniques being brought to bear.
Behind the scenes in the FortiMail console, FortiMail captures all email security events and provides detailed reporting with configurable views, charts and graphs. In addition to the broad monitoring through the dashboard, FortiMail provides administrators extensive flexibility in policy creation and configuration management.
FortiMail makes set up and management as easy as possible. Even less experienced administrators can configure the advanced capabilities of FortiMail, such as FortiSandbox integration.
Now that you’ve seen how FortiMail brings a range of capabilities together to stop all manner of email-based threats, let’s dive into FortiMail’s various deployment models and operating modes.
Fortinet offers multiple secure email gateway options for any sized organization and deployment. For organizations that prefer to manage their own email security infrastructure whether that be in an on-premise or cloud-based environment, Fortinet offers FortiMail appliances and virtual machine instances. For organizations that want to offload management of their underlying security infrastructure, FortiMail Cloud provides a managed, hosted solution.
There are four typical deployment options for FortiMail.
Gateway mode: Available for FortiMail Cloud, virtual machines, and appliances, gateway mode involves pointing the MX record to the FortiMail Secure Email Gateway. Most organizations use FortiMail in Gateway mode.
Microsoft 365 API Support: FortiMail can now operate out-of-line, by using the Microsoft 365 Graph API to connect to and scan mailboxes. Customers can also use this feature in conjunction with Gateway mode. Support for Microsoft 365 is available across deployment models.
Transparent mode allows organizations to deploy FortiMail in-line to provide sanitization without changing the MX record. Transparent mode is typically used by ISPs or large telcos and other service provides that want to offer email security services across their customer bases. Transparent mode is not available in FortiMail Cloud.
Server mode: FortiMail can act as an exchange server using the FortiMail webmail interface in addition to providing email security.
In our threat mitigation scenarios, we talked about how FortiMail brings together a number of powerful components to protect against the full spectrum of email-based threats. For appliances and virtual machines, our bundles start with anti-virus and anti-malware protection as well as virus outbreak protection as part of a base offering. For organizations concerned for employees clicking on malicious links, or concerned about impersonation and business email compromise attacks, our Enterprise Advanced Threat Protection Bundle makes the most sense. Notice on the right that we also offer advanced threat protection with Microsoft 365 API support for organizations using M365 but needing proven, security protection that goes above and beyond that offered by Microsoft.
Here we see our managed, hosted FortiMail Cloud solution and related bundles. You’ll see close parity between the capabilities here and of that in the previous chart. However, FortiMail Cloud provides more of a SaaS model for organizations that want email security-as-a-service.
We’ve put together this high-level view to better understand how licensing works between deployment models across FortiMail and FortiMail Cloud Solutions.
We offer additional products and services.
Email Continuity.
Email Continuity for FortiMail Cloud is designed to protect valuable productivity by providing emergency mailbox services when organizations experience an outage in their email services. Email Continuity works by maintaining a rolling store of emails with Fortinet. When email services are disrupted by an outage, employees are able to access that store to continue to send and receive email with minimal impact to productivity.
FortiIsolator
For organizations that want tighter control over the risk from browsing the web by employees, FortiIsolator provides browser isolation to protect employees from malicious sites, malicious files and URLs they may encounter. FortiIsolator allows users to browse the web in an isolated environment which renders safe content in a remote container.
For organizations concerned about keeping sexually explicit images out of the environment, the dynamic image analysis service is a great add-on to do just that.
The Dynamic Image Analysis Service protects your organization and employees from illicit and sexually explicit images in email.
We’ve talked at length about FortiMail’s capabilities to provide protection from the full-spectrum of threats. We’ve also talked about the comprehensive range of deployment options and operation modes FortiMail has to align to the needs of any organization. Now, let’s talk about the additional areas that set FortiMail apart from other providers in the marketplace – FortiGuard Labs threat intelligence, the Fortinet Security Fabric and FortiMail’s validated high performance.
FortiMail’s efficacy is underpinned by threat intelligence from FortiGuard Labs. With global visibility into threats across 500,000 Fortinet customers, FortiGuard Labs analyzes over 100 billion real-world security events a day from our customer telemetry covering the network, endpoint, web, email and sandbox threat vectors. Out of that, FortiGuard Labs generates approximately 1 billion security updates per day to Fortinet security products including FortiMail.
‘If you see a social action, look for where the attacker is going, not where they are.” – Verizon Data Breach Investigations Report 2020.
These words are so true. Email attacks largely take place in the earlier stages of the Kill Chain or other attack cycle you consider. So, it’s important to consider what the broader intent is of an email attack versus just stopping it. That’s why the future efficacy and value of your email security solution must also consider how it is tied into and informing and informed by your larger security infrastructure. That’s where Fortinet continues to invest and excel – to create highly effective email security as validated by third-party testing firms and connected into a broader security fabric.
Fortinet FortiMail is part of the Fortinet Security Fabric, helping organizations see and connect the dots to threats across their entire attack surface.
Behind the security fabric, FortiGuard Labs provides the threat intelligence foundation for all Fortinet Security Fabric components, keeping services like FortiMail up-to-date to help you prevent, detect and respond to the latest email-borne threats.
The Fortinet Security Fabric provides full protection across the entire digital infrastructure.
The network at the core of the fabric enables multiple network security use cases including enterprise-level NGFW, internal segmentation and SD-WAN
The Fabric Management Center provides a single pane of glass, simplifying operations and enabling automation of workflows.
Complete visibility and control of all traffic and threats at every point across the attack surface from the edge, at the core and in hybrid and multi-cloud environments.
AI-powered breach prevention provides automated operations, orchestration and response
Fortinet believes in using third-party testing firms to prove our value. As you can see, we received high marks including a 99.9% malware detection rate from ICSA Labs, Triple-A validation from SE Labs. By the way, if you’re using Microsoft 365 or Google Workspace, they received a Total Accuracy score of 29% (Advanced Threat Protection) and 39% (Enterprise) score, respectively.
I’d be more than happy to share the reports with you, if you like.
And as I said before, we continue to invest and innovate FortiMail. Here are just some of the advancements we have and continue to make in our solution.
Here are just a few examples of what our customers say about FortiMail from Gartner’s Peer Insights website.
[PAUSE]
Thank you for watching.