!

"#$% &'&%(

FortiMail Solution Guide

Comprehensive Email Security for Enterprises and Service Providers

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 2

Contents
Executive Summary ........................................................................................................................................................ 3! Introduction to FortiMail .................................................................................................................................................. 4! Inbound Threats ......................................................................................................................................................... 4! Outbound Threats ....................................................................................................................................................... 4! Compromised Safety and Costs ................................................................................................................................. 4! FortiMail Enterprise-Class Email Security ................................................................................................................... 5! Comprehensive, Certified Protection .......................................................................................................................... 5! FortiMail Features and Benefits .................................................................................................................................. 5! Common Deployment Scenarios .................................................................................................................................. 10! Small/Mid Enterprise Deployment - FortiMail 200D / 400C ...................................................................................... 10! Large Enterprise Deployment FortiMail 2000B / 3000D ........................................................................................ 10! Managed Email Security Service Cloud Deployment FortiMail 3000D / 5002B (Chassis) .................................... 11! ISP/Mobile Provider IP Reputation Protection - FortiMail 3000D / 5002B (Chassis) ................................................ 11! Case Studies ................................................................................................................................................................ 12! Case Study One: Medium Enterprise ....................................................................................................................... 12! Case Study Two: Healthcare Clinic/Hospital ............................................................................................................ 13! Case Three: Global Mobile Provider / ISP ................................................................................................................ 14! Conclusion .................................................................................................................................................................... 15!

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 3

Executive Summary
Email has evolved into one of the most important methods of communication for any organization with an estimated 144 billion emails sent every day; 61% of which are business related1. With this, comes problems and organizations of all sizes are facing the same challenges - email today is critical to any business, email volumes are increasing year-by-year and all the while email-bourne threats such as spam, denial of service (DoS), phishing (fraud) and malware are evolving. Industry regulators have noted the double edged sword that is the importance of email in the enterprise whilst at the same time it being an inherently insecure medium and have issued email-specific regulations regarding data privacy, intellectual property protection, and archiving. Fortinets FortiMail email security appliances are dedicated enterprise-grade email security platforms for organizations of any size, protecting against inbound and outbound threats and aiding in regulatory compliance. Available in physical appliance and virtual appliance formats for deployment on-premises or in the cloud, in transparent, gateways and full mail server modes, this document discusses the various email security options offered by Fortinet and provides insights into choosing the solution that best fits your organizations business needs.

Radicati Group - Email Statistics Report, 2012-2016.

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 4

Introduction to FortiMail
Email is critical for any business or organization to be competitive and function effectively. It forms the backbone of most organizations day-to-day activities. Over 144 billion emails are sent each day, the majority of which are business related1 and without email, most businesses would grind to a halt. However, despite its criticality, email was never designed with security in mind and is transmitted over the internet in plaintext with few users realizing how easily emails can be spoofed (appear to have been sent by a different user). This inherent lack of security creates abundant opportunities for misuse and fraud. Over the years, email has become a primary target for criminals seeking to take advantage of lax security policies and users unaware of the risk that email can pose. Todays email threats are far more dangerous than any time previously due to the volume and complexity of the threats.

Inbound Threats
Inbound email threats are those that originate from outside your corporate or personal network and are primarily in the form of spam or unsolicited emails. The volume of spam has reduced significantly since 2011 due to work done to take down key spam focused botnets such as Bredolab, Pushdo/Cutwail, Rustock2, but still an estimated 14.5 billion spam emails are sent per day3. Despite this reduction in volume of spam however the risk remains. Whilst not the greatest volume of spam emails, the greatest threats from todays spam are those targeted at the theft of data and credentials aka phishing. Phishing attacks include: Attempts to lure business or commercial users into divulging account access credentials Attempts to lure users into installing malware

The installation of malware will often be to compromise the system with botnet software, the controller of which will often use to capture customer account login information, exfiltrate corporate data and forward it back to the cybercriminals command and control server or to distribute more spam and further propagate the network.

Outbound Threats
Outbound threats are those that originate from inside the organizations network. Email is a key egress point for data loss within organizations, as employees, contractors and other insiders have increased access to confidential, regulated, or proprietary information that is easily compromised through emails. This access, coupled with the transient nature of many in the workforce, such as contractors and consultants, increases the risk of data loss. Compromised email accounts are also being used to send outgoing spam, which not only eats up the network bandwidth and server resource, but causes legitimate user accounts being blocked from sending mail, and thus results in bad publicity. This is a particular risk in an ISP environment where large volumes of spam originating from a user IP can result in whole networks being blacklisted.

Compromised Safety and Costs

An IDC survey4 showed that despite a high level of concern about threats and the high frequency of attack, more than 60 percent of responding organizations report of using sub-optimal email security solutions with spam detection rates of 95 percent or less. Although nearly 80 percent of the responding organizations were extremely or very concerned about email information leakage, only 28 percent had implemented any data loss prevention (DLP) technology.

FortiGuard http://www.fortiguard.com/ http://www.spamlaws.com/spam-stats.html 4 IDC Securing Email Against Todays Threats: A Wake-Up Call on the Benefits of Comprehensive Messaging Security, IDC document number 214837, Oct. 2008
2 3

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 5

The costs to business created by spam are substantial. Radicati Research Group Inc. reported that spam costs businesses $20.5 billion annually, calculated in decreased productivity, labor expense, wasted storage, reduced network bandwidth, and so forth.

FortiMail Enterprise-Class Email Security

Comprehensive, Certified Protection
Fortinets FortiMail is a complete enterprise-grade email security platform for organizations of any size, from small businesses to Universities, government departments, large enterprises, carriers, and service providers. Purpose-built for the most demanding networks, FortiMail provides a fast, accurate, multi-layered approach to blocking spam, malware and preventing data loss, providing additional values-added functions such as data leakage prevention, identity based encryption (IBE), message archival and antiblacklisting, in a single holistic solution. FortiMail prevents your email systems from becoming a threat delivery system. FortiMails inbound filtering engine blocks spam and malware before the spam clogs your network and affect users. Its customizable, predefined dictionaries detect the accidental or intentional loss of confidential and regulated data. Its outbound inspection technology prevents outbound spam or malware from causing other antispam gateways to blacklist your users. The FortiMail dynamic and static user blocking gives you identity-based granular control over all of your policies and users. FortiMail has also demonstrated its ability to meet rigorous third-party testing criteria. In April 2013 FortiMail received its 23rd consecutive Virus Bulletin Anti-Spam Award based on high performance and aggressive catch rate. In addition, FortiMail has earned FIPS 140-2 validation and Common Criteria EAL 2+ certification.

FortiMail Features and Benefits

FortiMail delivers a wide range of features and benefits to organizations of all sizes. Here some of the reasons why you should consider adding FortiMail to your security infrastructure: Unparalleled performance The unique architecture of FortiMail provides real time inspection and blocking to stop email threats with as little resource impact as possible, often at the connection level. The architecture also removes the need for mail queuing if the destination mail server is available, which enables significant performance improvement over competing solutions. FortiMail has been proven to meet the requirements many of the worlds largest carriers and is the highest performing email security solution in the industry, delivering message protection for over 28 million messages per hour in a single appliance making it perfectly suited for high-volume environments, such as Telcos and service providers. Coupled with FortiGuard Labs industry leading real-time antispam, antivirus, antispyware, & antimalware protection, FortiMail provides you with extremely fast and accurate messaging security that will not become a network bottleneck. Antispam Efficiency FortiMails integrated multi-threat detection engine consistently achieves over 99% accuracy on spam detection (99.86% as recorded by VBSpam5) with a very low false positive ratio (0.01% in the same test5) without compromising on performance. This is possible by utilizing a layered threat detection system which identifies threats as early as possible in the email process. At the connection level, features such as the FortiGuard Sender IP Reputation Database, a real-time updated threat database managed by the FortiGuard Threat Research team, are used to identify and quickly neutralize known spam and botnet sources. Local threat mitigation techniques are employed to identify attack sources
5

http://www.virusbtn.com/vbspam/archive/test?id=175

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 6

including Dynamic Sender Reputation, Denial of Service detection and Connection rate limiting. IP addresses found to be attempting to abuse the system will be rate limited and ultimately blocked. At the envelope level, post IP connection but before the message body is transmitted, additional checks are employed to ensure the email is valid. Recipient validation ensures that the user exists on the backend system before accepting further payload and multiple failed attempts can trigger the Directory Harvesting protection. Several checks are employed to ensure that the sender is who they are claiming to be including HELO and reverse path verification. RFC Compliancy validates the mail is being sent in a valid format and SMTP Error Rate control monitors for unusual activity at the SMTP level. Sender Policy Framework can also be enabled to validate that sending system is who it claims to be through DNS based validation. Additional advanced techniques such as Greylisting6 can be performed at this stage to temporarily reject mail from unrecognized senders to block the activity of botnets and mass email tools used by spammers which commonly do not queue and reattempt mail delivery as is normal for a regular Mail Transport Agent. At the content level, these methods are the most resource intensive as they require the transfer of the full message body. To avoid this overhead, FortiMail attempts to detect 90%+ of spam in the previous two levels. Content level inspection methods include FortiGuard spam object fuzzy checksums which identify known spam content and spamvertized URL detection (URLs which are commonly referenced in spam emails). FortiGuard AntiMalware is employed at this stage to detect and block malware-laden payloads from reaching their target. FortiGuard dynamic heuristics is a frequently updated system to detect known spam like behavior from previously unseen spam content and sources. Other methods which can be employed to further increase the catch rate at this level (above the already 99%+ level already commonly achievable) include Newsletter misuse detection, Bayesian filtering, FortiGuard URL filtering which supports 79 URL categories and DomainKeys Identified Mails (DKIM) support. Deployment Flexibility FortiMail can be deployed in the cloud or on premises, in gateway, transparent inline and server modes in a range of appliance or virtual machine form factors. This unparalleled flexibility makes FortiMail the ideal solution for any Email security requirement. Transparent mode allows for seamless, drop-in installation requiring no changes to the existing mail server network configuration. Both Transparent and Gateway modes offer the same spam and malware detection capabilities.

Inline Transparent

Onsite deployment along side mail server

http://en.wikipedia.org/wiki/Greylisting

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 7

Gateway mode delivers high performance MTA services and requires a simple modification to DNS and Mail Exchanger (MX) records to redirect emails to the FortiMail system. FortiMail performs spam and antivirus scanning and forwards clean, non-spam and non-infected messages to the corporate email server. Outbound mail proxy can also be used to further secure outbound mail

Gateway

Deploy on-site or in the cloud

Server mode provides all the security benefits of GW and TP modes and allows FortiMail to function as a full-featured SMTP mail and groupware server. Server mode supports secure POP3, IMAP and WebMail clients to make installation and support for every mail client easy. Server mode is ideal for companies that want to replace aging mail servers, combine email functions into one device, and for offering secure email services to remote offices. Server mode also supports simple mailbox migration to painlessly migrate from other vendor solutions. IP Reputation Protection

Server

Full mailserver and groupware functionality in addition to AS

FortiMail inspection technology throttles and blocks both inbound and outbound SPAM and malware on a single appliance, ensuring your domain mail server is not compromised or blacklisted. Whether its protecting against a rogue SMTP sender inside the organization, or an out of control virus with a spamming component, FortiMail can protect the Enterprises infrastructure and reputation so the lines of email communication remain efficient and clean flowing. Content Aware Data Leakage Prevention One of the major outbound threats to organizations is the loss of confidential or regulated data, especially via outgoing email. FortiMail includes customizable, predefined dictionaries that detect the accidental or intentional loss of data, aiding in PCI DSS, GLBA, SOX and HIPAA compliance. You can choose to block, reroute, encrypt and/or archive messages containing data matching a range of regular expression patterns, including credit card numbers, US social security number and Canadian social insurance numbers, bank routing numbers, CUSIP strings, and more. In addition, customers are able to create or upload their own custom dictionaries into the FortiMail appliance for more targeted business-specific compliance and protection. Customers of any size, especially those in highly regulated industries, will greatly benefit from the Data Leakage Prevention capabilities in the FortiMail solution. Secure Email Delivery - Identity based Encryption

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 8

FortiMail provides three different ways to encrypt email messages, including the ability to send email securely to someone without any pre-existing relationship, PKI, key exchange, or client software. Literally, anyone with a web browser and an email account can receive encrypted email from a FortiMail. This is called Identity Based Encryption (IBE), and alongside our support for TLS and S/MIME, allows us to provide a robust email encryption solution that meets all customer requirements. FortiMail Identity-Based Encryption (IBE) uses public key cryptography in which the public key is generated using the unique information about the identity of a user. You can enable automatic encryption of messages based on the attributes you choose, such as subject content, message body, or recipient domain. Thus, IBE allows secure delivery of confidential or regulated content without user provisioning, pre-enrollment for recipients. In addition, FortiMail is one of the very few products on market that offer IBE in both push and pull delivery options -- delivering encrypted emails directly to your users, or storing them on the FortiMail for retrieval, or a combination of the two options.

1 Sender

Notification of encrypted email

Recipient

User authenticates

User views decrypted email

High availability (HA) and scalability FortiMail supports a high availability configuration that offers full synchronization of configuration and mail data between two FortiMail systems to ensure maximum availability of email services. It also allows high-volume organizations (e.g., Service Providers, higher education, etc.) to cluster up to 25 FortiMail boxes with linear scaling with clusters of up to 25 devices for the most testing environments. Management overhead is minimized with centralized management and quarantine, logging and reporting. On-box or off-box policy-based message archiving FortiMail includes policy-based email archive functionality for inbound or outbound email, which is required by many organizations for compliance purposes. Archiving can be combined with other features such as DLP or IBE to meet government and regulatory compliance for standards such as Sarbanes Oxley by archiving communications which have been deemed sensitive e.g. due to their content, for review at a later date by an archive administrator or auditor. As well as use for compliance purposes, the archive system can be used for archival of all user messages e.g. for disaster recovery purposes. The FortiMail systems offer local as well as external email archiving options. Even when using external storage for long term archival, archived messages are fully indexed and retrievable from FortiMails central management interface. Advanced Messaging Tracking When handling such a large volume of email traffic, the ability to quickly and accurately determine the disposition of a message is critical. Being able to easily drill down to a specific user's email, which will be the proverbial needle in the haystack, is an essential function for any email administrator. FortiMail provides an easy to use browser based search facility which enables the administrator to search for messages based on the sender, recipient, subject, time

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 9

etc., see what happened to it (was it rejected, forwarded, blocked, archived) and view the disposition of that mail (why was a decision made e.g. to reject due to a particular spam or virus trigger). Safety and Savings You Can Have It All With Fortinets FortiMail security messaging solution, you dont have to sacrifice security for cost savings. FortiMail delivers everything you're looking for in an enterprise email security solution at the right price point: High-performance: FortiMails custom-built hardware and software processes and filters messages in realtime, and will not affect your users or delay their legitimate communications. Maximum deployment flexibility: FortiMail can be deployed in the cloud or on premises in virtual machine or hardware appliance and is the only solution on the market with Gateway, Transparent and Server Modes making it suitable for all your requirements. Reduced TCO: Device-based licensing eliminates the need to change license as your network grows, and reduces your TCO. The single user interface reduces management burden. No 3rd party software - No additional licensing fees; common add-on licenses for other vendors such as HA, IBE and Archiving are included in the base FortiMail cost. - Operational efficiency: one vendor to work with, no finger pointing and lower administration costs - Less risk to the business, increased quality and speed in delivery

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 10

Common Deployment Scenarios

Small/Mid Enterprise Deployment - FortiMail 200D / 400C
FortiMail is an ideal cost effective solution for deployment within small and medium enterprise. In a high availability configuration management is centralized and all data is replicated on the second device allowing for true resilience. Management of the FortiMail is simple and the system is backed by continued FortiGuard threat updates so that impact on operational resource, something that is at a premium in the smaller enterprise, is kept to a minimum. Whilst FortiMail can be deployed in transparent or gateway mode to protect an existing mail server, server mode brings with it the greatest cost savings as it allows the FortiMail to be deployed also as a full mail server with calendaring accessible via webmail, IMAP and POP3, ideal for deployment when used by a large number of external employees e.g. sales.

!"#$%"$#

Large Enterprise Deployment FortiMail 2000B / 3000D

Key requirement for large enterprise is datacenter resilience. FortiMail supports this via Config Sync Only High Availability. In this mode , configuration is synchronized between the devices and both are able to process mail giving the benefit of scalability. Management, mail queues, quarantines and logs are centralized on the primary device, reducing complexity and minimizing the operational overhead.

!"#$"#%&'(()%*+( ,'#-'#. /%&%0'1&'#( 2 31&'#1'& /%&%0'1&'#( 4

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 11

Managed Email Security Service Cloud Deployment FortiMail 3000D / 5002B (Chassis)
FortiMail has been designed with the MSSP in mind with multi-tenant support across the range, delegated administration and bulk provisioning. Common MSSP features including branding, central management, clustering and outbound mail protection are included with all appliances. Delegated administration allows the role of administering a sub-set of functions to be passed on to the customer, enabling them to maintain control, without jeopardizing the security of the system and other customers. These features allow the MSSP to deploy FortiMail as a fully branded Managed Email Security Service for use by multiple customer with a rapid time to market.

Domain A

Domain B

Domain C

Domain n

!.

ISP/Mobile Provider IP Reputation Protection - FortiMail 3000D / 5002B (Chassis)

A deployment scenario specific to ISPs and Mobile Providers is IP reputation (blacklisting) protection. In this scenario, FortiMail is deployed for outbound scanning in order to detect malicious emails (spam or malware) leaving the network. By blocking such emails, the provider network is protected from being blacklisted.

456&, 6%233)*

!"#$%"$#

&'()*+, -'.#)"/

0((,'#1$%, #%233)*

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 12

Case Studies
Case Study One: Medium Enterprise
Common requirements: Email Security Spam, phishing and malware is a significant issue for all organizations. User education is helping but multi-layer email security is still a core requirement of a defense in depth strategy. Preventing phishing threats: Users continue to face a barrage of fraudulent emails, looking to fool users into divulging account details and other personal information. Regulation: Many organizations are facing internal, as well as industry and government regulations for secure communication. For example, SOX section 404 compliance requires secure and authenticated delivery of email messages to ensure privacy and confidentiality.

FortiMail Benefits: Multi-layered protection: Coupled with FortiGuard Labs industry leading real-time security services, FortiMail provides complete multi-layered antivirus, antispam, antispyware, and antiphishing security protection with a performance that will not affect your users or delay their communications. Identity Based Encryption (IBE): IBE ensures email privacy all the way to the recipient without the need for installing of clients, manual key management, user provisioning or pre-enrolment or any previous relationship with the recipient. IBE is the most simple to use email encryption solution available. Compliance: Pre-defined HIPAA, SOX, and GLB lexical dictionaries are customizable and are included on every FortiMail appliance. Data Leak Protection: Pre-defined "Smart Identifiers" intelligently detect the accidental or intentional loss of confidential or regulated data. You can choose to block messages containing data matching a range of patterns or create policies to enforce the encryption of messages carrying this data, such as Credit Card or Social Security Numbers, which aids in PCI/DSS and HIPAA compliance. Email Archiving: The ability to copy and archive emails based on compliance policies to either on or off box storage.

Cost effective: No per user license fees. Additional value-add features such as Archiving and IBE are included on all FortiMail appliances and in any mode of operation without an extra license or fees. Deployment Example: A Medium Enterprise organization, headquartered in the USA but with global satellite offices This company was looking for secure email solutions to prevent spam and phishing emails from creating risk to their organization. An existing FortiGate customer, they wanted to employ a defense in depth strategy combining the FortiMail Email Security with best of breed Unified Threat Management (firewall, intrusion prevention, web filtering). Whilst not considered as part of the requirement initially, Identity Based Encryption and Email Archiving features, included without any costly license as part of the base solution was the deciding factor in making the case for FortiMail as these allowed the customer to achieve important compliance goals at no additional cost. A cluster of FortiMail 400C devices was deployed in config only HA across multiple datacenters for resilience using equally weighted MX records to distribute load between the locations. The current configuration easily supports the required 6,000 users with room for growth.

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 13

Case Study Two: Healthcare Clinic/Hospital

Common requirements: Confidentiality: Patient information and medical data sent by emails, such as lab reports sent to a physician, emails from a doctor to another practitioner consulting for a second opinion, are private and highly sensitive. Regulation: HIPAA and similar regulations around the world require that healthcare providers ensure the confidentiality of patient information and medical record. Unauthorized disclosure of protected health information (PHI) is punishable by fines Extended use of IT: To mitigate financial risks many health care providers have resorted to faxing or post mails to deliver sensitive information which significantly increase operational costs.

FortiMail Benefits: DLP and Compliance: Pre-defined HIPAA, SOX, and GLB lexical dictionaries are customizable and on every FortiMail appliance. Automatically enforce privacy policies with PHI content scanning. Thanks to dictionaries or lexicon search that identifies PHI elements, FortiMail is able to detect and protect confidential information. Ease of use: FortiMail IBE is as easy to use as regular mail system. There is no need of certification and key management. No additional hardware or software to install. No user provisioning and pre-enrollment requirements. FortiMail allow leveraging mail as a means of health record communication. Automatically and manually triggered encryption: IBE can be triggered automatically when there is a policy match. Or the user can manually trigger IBE by specifying certain keywords in the message Subject or Body. Flexibility: Provide both Push and Pull secure mail delivery capabilities. Pull messages reside on the appliance, while Push messages reside in the recipient inbox. Cost effective: IBE is available on all FortiMail appliances and in any mode of operation without an extra license or fees. Integrated security with no per-user or per-mailbox pricing. Deployment Example: A Medium-sized Health Insurance Company in US This customer has a requirement to become HIPAA compliant, and secure all potentially sensitive information contained in outbound email messages, without the intervention of the senders. The customer also wishes to enable the internal users to manually trigger IBE. A FortiMail-1000B is deployed as the last internal hop outbound and is configured to scan all outgoing messages for sensitive content or keywords specified by the company management. The customer takes advantage of the predefined HIPAA dictionary to enable its content monitoring policy. All potentially sensitive information is detected and secured. The automatic message encryption also occurs when a sender specifies certain keywords in the FortiMail system, such as [secure] or [confidential]. For example, when a user puts [secure] in the message Subject or Body, the FortiMail will trigger IBE to encrypt the message automatically.

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 14

Case Three: Global Mobile Provider / ISP

Common requirements: IP Reputation protection: Due to extended periods away from the home networks, road warriors using 3G access methods and mobile devices are susceptible to compromise and infection from botnets. These botnets are often used for the distribution of spam, which can lead to service provider networks becoming blacklisted. Scalability: With large numbers of users, often in the millions, a solution that is flexible and can scale to accommodate the large volumes of emails is required . Cost: Internet provision by mobile provider and ISP industries is highly commoditized, it is just expected and expected to work. Users do not expect to pay a premium for the service so any additional costs to secure on the network must be highly controlled.

FortiMail Benefits: Unmatched scalability: With devices capable of delivering message protection of up to 28 million messages per hour in a single appliance, FortiMail is the leader in high performance email security. Bidirectional scanning on a single appliance: Some competing solutions require multiple devices to scan incoming and outgoing emails, this is not the case with FortiMail. Simple to deploy: FortiMail can be deployed simply, inline to protect all outbound (and inbound) mail transparently with no change to the network. Multi-layered protection: Coupled with FortiGuard Labs industry leading real-time security services, FortiMail provides complete multi-layered antivirus, antispam, antispyware, and antiphishing security protection with a performance that will not affect your users or delay their communications. Cost effective: The high performance MTA feature of the FortiMail solution delivers much higher performance per $ than competing solutions. FortiMail provides integrated security with no per-user or per-mailbox pricing. Features commonly licensed on competing solutions such as high availability, IBE and archiving are included in the base cost of the platform

Deployment Example: A Large Mobile Service Provider located in regions across the globe Having had several of its IP networks blacklisted due to outbound spam abuse by botnet infected devices, this customer was using significant amounts of resource to deal with abuse reports and to work with DNS Blacklist owners to restore their IP reputation. The customer wanted to reduce the operational management overhead, restore its IP reputation more permanently and improve customer satisfaction. The FortiMail 3000C was quickly and painlessly integrated within their network and was able to detect and block outbound spam, preventing the abuse reports against the network. FortiMail was further able to integrate with the providers business systems to identify users and generate threat reports based on the users mobile number so that they could be notified when their device was behaving in a malicious manner (sending spam or virus content). Because of the success of the initial deployment, similar solutions have been rolled out at regional nodes across the globe.

FORTINET FortiMail Solution Guide - Comprehensive Email Security for Enterprises and Service Providers

PAGE 15

Conclusion
Fortinets FortiMail email security solution proves that you dont have to sacrifice security for cost savings. Purposebuilt for the most demanding email security requirements, the FortiMail appliances utilize Fortinets years of experience in protecting networks against spam, malware, and other message-borne threats. Features such as Identity Based Encryption, Email Archiving and multi-tenancy capabilities make the system ideal for all deployment scenarios from the Enterprise to the MSSP. High performance, coupled with FortiGuard Labs industry leading realtime antivirus and antispyware updates, flexible deployment options, and no per-user licenses, makes the FortiMail the most powerful and cost effective email security solution available.

FML-WP-SOLN-R1-201304