Enterprise Email Security Gateway enhancements harmonize cybersecurity, user experience

by Tannikka Richardson
Office of Strategic Communications and Public Affairs
March 7, 2022 

Enterprise Email Security Gateway, the cybersecurity capability that has protected the Department of Defense’s email traffic for over a decade, has recently deployed improvements that both heighten security and improve user experience.

According to the Defense Information Systems Agency’s Enterprise Email Security Gateway Program Office, nearly 90% of all network threats are borne from internet email traffic, putting the program office on the front line of protection for the department. As a solution, Enterprise Email Security Gateway analyzes about 1.6 billion emails monthly and stops more than 1 billion or 85% of network threats each month.

The remaining 15% are analyzed by integrated solutions capable of detecting advanced, persistent cybersecurity threats and zero-day threats. One such system is Zero Day Network Defense, which is used to detect zero-day email threats. Zero Day Network Defense expands on standard email security measures to conduct behavior-based analyses of any code that’s embedded in an email.

“It’s not just about what we know, but what we don’t know,” said Dr. Ryan Smith, DISA chief engineer, Defense Capabilities and Security Center, Cyber Security and Analytics Directorate, Perimeter Division.

New Initiatives
To secure DOD’s networks from email-borne threats, DISA’s Enterprise Email Security Gateway Program Office executed a policy of identifying emails with URLs so they could be modified or rewritten by the customer mail server. An example is including a “Caution” tag by the URL. For users, this meant that URLs or web addresses in emails would, by default, be stripped of hyperlinks, rendering them unclickable.

As a result of a newly designed capability, Enterprise Email Security Gateway authenticates safe URLs, allowing users to receive many emails without caution tags, provided all URLs in the email are considered safe. By using the reputation of individual URLs to make a more nuanced security decision, Enterprise Email Security Gateway enables users to click and go to most safe URLs and still modify those that are not. Internet based emails considered safe enough to reach users are also given a URL verdict, which appears in the subject line of the email as an added security caution.

“Enterprise Email Security Gateway will label the email ‘suspect,’ which means you should be careful or ‘neutral,’ which is used when an email cannot be confirmed as good or bad. Malicious emails do not get through,” said Rick Honigford, member of the Enterprise Email Security Gateway Program Office.

In addition, as DOD moves to new office productivity and collaboration solutions like DOD365, DISA is taking steps to remove on-premise devices and build a cloud-based Enterprise Email Security Gateway solution that supports email protection and delivery to multiple DOD365 joint tenants. This change aims to reduce costs and streamline email delivery for mission partners.

As an enterprise offering, Enterprise Email Security Gateway policy and security changes and enhancements can be quickly deployed to more than 4 million of its DOD customers. One such enhancement that users may have noticed is sender verification. With sender verification, emails are labeled with a “Non-DOD Source” tag which tells users that the email originated is from outside of the NIPRNET – the Unclassified but Sensitive Internet Protocol Router Network.

“Enterprise Email Security Gateway Program Office personnel spend a lot of time trying to manage the risk of availability and security. It’s a delicate balance,” said Scott Robinson, Enterprise Email Security Gateway Program Office team member.

Transparent Protection
As the department has shifted operations in the wake of the COVID-19 pandemic and real-world emergencies, Enterprise Email Security Gateway has become even more critical. Over the last two years, DISA’s Enterprise Email Security Gateway Program Office has worked with DOD to evolve security to support several new missions including Operation Warp Speed, Election Security and the rapid implementation of Commercial Virtual Remote, CVR, for telework at the onset of the COVID-19 pandemic. The Enterprise Email Security Gateway Program Office also supported the Afghanistan Evacuation Operation by preventing emails from being latent or blocked to ensure consistent communications to troops and DOD personnel.

“A lot of what the Enterprise Email Security Gateway Program Office does is transparent to the user but we are consistently integrating new technologies to maintain DOD’s protection in the ever-changing landscape of email security,” said Duncan Carter, branch chief, DISA Cyber Security and Analytics Directorate, Perimeter Division.

Meet the Team
DISA’s Enterprise Email Security Gateway Program Office team that supported the implementation of the new URL reputation-based scoring capability includes staff from the DISA Cyber Security and Analytics Directorate, Perimeter Division, which is part of the agency’s Cyber Security and Analytics Directorate and worked alongside the Booz Allen Hamilton engineering team as the support contractor.

Key members Dr. Ryan Smith, chief engineer; Duncan Carter, branch chief; Thuy Che, EEMSG program manager; and Doug Engebretson, EEMSG lead engineer.