This is the fifth in our five-part series evaluating anti-phishing tools. To start at the beginning, read Automated phishing response tools: 4 things to consider”
In previous blogs we highlighted the 4 things to consider when assessing automated phishing response tools. And, discussed in-depth, the following 3 aspects:
Incident response: Email Threat Remediation: The Secret Weapon to Fighting Phishing. Since no security product will protect against ALL the threats no matter how “sophisticated”, “intelligent”, or “advanced” your email threat detection, there will always be a phishing attack that will make it to your end user. In this blog we discussed the importance of incident response and remediation capabilities, including what considerations should be taken into account when choosing these tools. This includes automated and manual remediation capabilities, multi-vector search capabilities, integration with SOAR platforms and more.
User engagement via in-the-moment warnings: How to Train your Users Right Before They Get Phished. In this blog we addressed the importance of post-delivery capabilities to engage and educate users of suspicious threats – from customized warnings when they open an email or click on a suspicious link to easy ways to determine an email’s relative threat. No matter how good your security awareness training is, it means nothing if your employees don’t use it when it matters most.
Effective email threat (and specifically, phishing) detection: How to Compare Email Threat Detection Capabilities. Here we discussed the importance of understanding email threat detection capabilities, particularly around phishing. Most tools claim some kind of an advantage that helps them detect phishing threats, but understanding what those techniques are and how to use them is critical. Machine learning, for example is a technique, not a goal – how is it being used, and does its application make sense?
Now it is time for a quick review of corporate and technical maturity. This discussion around maturity assists in the evaluation criteria for a potential vendors readiness for enterprise-scale implementations. It’s great to see the level of innovation and advancement that many companies are bringing to the email security space. But that doesn’t mean you can overlook critical indicators that can help you determine if your new potential partner is ready for primetime.
When evaluating the maturity of your email security partner, consider looking into the following:
- Company maturity – does your security partner demonstrate its maturity year over year in all aspects of operations? A good indicator is a yearly SOC2 Type2 (or equivalent) audit that is performed by an independent 3rd party. These audits are a testament to both investment in repeatable and mature processes and a dedication to security best practices.
- Confidentiality – inquire what happens to the emails being processed. Does the vendor create a copy and store them somewhere else? Who has access to the data and what controls are in-place? Make sure the vendor follows adequate on-boarding and off-boarding procedures.
- Diversified client base – check that the vendor you choose is processing and securing a volume of emails and protects a variety of customers. It takes a critical mass and a diverse customer base to see and identify emerging threats. You should benefit from the power of community intelligence capabilities that cloud security analytics can provide.
- Enterprise controls – verify that the solution gives you and your security team the granular controls you need to identify and categorize threats and adjust the actions to your own risk profile. You should be able to adjust and calibrate the policies, notifications and actions based on your specific needs and organizational structure.
- On-boarding, Customer Success and Support – What happens post sales? Does the vendor have a team that is invested in your success as much as you are? Make sure your team will be in good hands post the initial sales cycle. What resources can the vendor provide for on-boarding? Do they have Customer Success and Support teams?
If you’d like to learn more about how GreatHorn’s API approach to email security keeps your environment secure without ever going offline or delaying email, schedule a personalized demo. Don’t want to commit to a demo? Watch our Intro to GreatHorn webinar recording