1 WHITE PAPER FortiMail Solution Guide Comprehensive Security for Enterprises and Service Providers
2 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 2 Contents Executive Summary... 3 Introduction to FortiMail... 4 Inbound Threats... 4 Outbound Threats... 4 Compromised Safety and Costs... 4 FortiMail Enterprise-Class Security... 5 Comprehensive, Certified Protection... 5 FortiMail Features and Benefits... 5 Common Deployment Scenarios Small/Mid Enterprise Deployment - FortiMail 200D / 400C Large Enterprise Deployment FortiMail 2000B / 3000D Managed Security Service Cloud Deployment FortiMail 3000D / 5002B (Chassis) ISP/Mobile Provider IP Reputation Protection - FortiMail 3000D / 5002B (Chassis) Case Studies Case Study One: Medium Enterprise Case Study Two: Healthcare Clinic/Hospital Case Three: Global Mobile Provider / ISP Conclusion... 15
3 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 3 Executive Summary has evolved into one of the most important methods of communication for any organization with an estimated 144 billion s sent every day; 61% of which are business related 1. With this, comes problems and organizations of all sizes are facing the same challenges - today is critical to any business, volumes are increasing year-by-year and all the while -bourne threats such as spam, denial of service (DoS), phishing (fraud) and malware are evolving. Industry regulators have noted the double edged sword that is the importance of in the enterprise whilst at the same time it being an inherently insecure medium and have issued -specific regulations regarding data privacy, intellectual property protection, and archiving. Fortinet s FortiMail security appliances are dedicated enterprise-grade security platforms for organizations of any size, protecting against inbound and outbound threats and aiding in regulatory compliance. Available in physical appliance and virtual appliance formats for deployment on-premises or in the cloud, in transparent, gateways and full mail server modes, this document discusses the various security options offered by Fortinet and provides insights into choosing the solution that best fits your organization s business needs. 1 Radicati Group - Statistics Report,
4 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 4 Introduction to FortiMail is critical for any business or organization to be competitive and function effectively. It forms the backbone of most organizations day-to-day activities. Over 144 billion s are sent each day, the majority of which are business related 1 and without , most businesses would grind to a halt. However, despite its criticality, was never designed with security in mind and is transmitted over the internet in plaintext with few users realizing how easily s can be spoofed (appear to have been sent by a different user). This inherent lack of security creates abundant opportunities for misuse and fraud. Over the years, has become a primary target for criminals seeking to take advantage of lax security policies and users unaware of the risk that can pose. Today s threats are far more dangerous than any time previously due to the volume and complexity of the threats. Inbound Threats Inbound threats are those that originate from outside your corporate or personal network and are primarily in the form of spam or unsolicited s. The volume of spam has reduced significantly since 2011 due to work done to take down key spam focused botnets such as Bredolab, Pushdo/Cutwail, Rustock 2, but still an estimated 14.5 billion spam s are sent per day 3. Despite this reduction in volume of spam however the risk remains. Whilst not the greatest volume of spam s, the greatest threats from today s spam are those targeted at the theft of data and credentials aka phishing. Phishing attacks include: Attempts to lure business or commercial users into divulging account access credentials Attempts to lure users into installing malware The installation of malware will often be to compromise the system with botnet software, the controller of which will often use to capture customer account login information, exfiltrate corporate data and forward it back to the cybercriminals command and control server or to distribute more spam and further propagate the network. Outbound Threats Outbound threats are those that originate from inside the organizations network. is a key egress point for data loss within organizations, as employees, contractors and other insiders have increased access to confidential, regulated, or proprietary information that is easily compromised through s. This access, coupled with the transient nature of many in the workforce, such as contractors and consultants, increases the risk of data loss. Compromised accounts are also being used to send outgoing spam, which not only eats up the network bandwidth and server resource, but causes legitimate user accounts being blocked from sending mail, and thus results in bad publicity. This is a particular risk in an ISP environment where large volumes of spam originating from a user IP can result in whole networks being blacklisted. Compromised Safety and Costs An IDC survey 4 showed that despite a high level of concern about threats and the high frequency of attack, more than 60 percent of responding organizations report of using sub-optimal security solutions with spam detection rates of 95 percent or less. Although nearly 80 percent of the responding organizations were extremely or very concerned about information leakage, only 28 percent had implemented any data loss prevention (DLP) technology. 2 FortiGuard IDC Securing Against Today s Threats: A Wake-Up Call on the Benefits of Comprehensive Messaging Security, IDC document number , Oct. 2008
5 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 5 The costs to business created by spam are substantial. Radicati Research Group Inc. reported that spam costs businesses $20.5 billion annually, calculated in decreased productivity, labor expense, wasted storage, reduced network bandwidth, and so forth. FortiMail Enterprise-Class Security Comprehensive, Certified Protection Fortinet s FortiMail is a complete enterprise-grade security platform for organizations of any size, from small businesses to Universities, government departments, large enterprises, carriers, and service providers. Purpose-built for the most demanding networks, FortiMail provides a fast, accurate, multi-layered approach to blocking spam, malware and preventing data loss, providing additional values-added functions such as data leakage prevention, identity based encryption (IBE), message archival and antiblacklisting, in a single holistic solution. FortiMail prevents your systems from becoming a threat delivery system. FortiMail s inbound filtering engine blocks spam and malware before the spam clogs your network and affect users. Its customizable, predefined dictionaries detect the accidental or intentional loss of confidential and regulated data. Its outbound inspection technology prevents outbound spam or malware from causing other antispam gateways to blacklist your users. The FortiMail dynamic and static user blocking gives you identity-based granular control over all of your policies and users. FortiMail has also demonstrated its ability to meet rigorous third-party testing criteria. In April 2013 FortiMail received its 23 rd consecutive Virus Bulletin Anti-Spam Award based on high performance and aggressive catch rate. In addition, FortiMail has earned FIPS validation and Common Criteria EAL 2+ certification. FortiMail Features and Benefits FortiMail delivers a wide range of features and benefits to organizations of all sizes. Here some of the reasons why you should consider adding FortiMail to your security infrastructure: Unparalleled performance The unique architecture of FortiMail provides real time inspection and blocking to stop threats with as little resource impact as possible, often at the connection level. The architecture also removes the need for mail queuing if the destination mail server is available, which enables significant performance improvement over competing solutions. FortiMail has been proven to meet the requirements many of the world s largest carriers and is the highest performing security solution in the industry, delivering message protection for over 28 million messages per hour in a single appliance making it perfectly suited for high-volume environments, such as Telcos and service providers. Coupled with FortiGuard Lab s industry leading real-time antispam, antivirus, antispyware, & antimalware protection, FortiMail provides you with extremely fast and accurate messaging security that will not become a network bottleneck. Antispam Efficiency FortiMail s integrated multi-threat detection engine consistently achieves over 99% accuracy on spam detection (99.86% as recorded by VBSpam 5 ) with a very low false positive ratio (0.01% in the same test 5 ) without compromising on performance. This is possible by utilizing a layered threat detection system which identifies threats as early as possible in the process. At the connection level, features such as the FortiGuard Sender IP Reputation Database, a real-time updated threat database managed by the FortiGuard Threat Research team, are used to identify and quickly neutralize known spam and botnet sources. Local threat mitigation techniques are employed to identify attack sources 5
6 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 6 including Dynamic Sender Reputation, Denial of Service detection and Connection rate limiting. IP addresses found to be attempting to abuse the system will be rate limited and ultimately blocked. At the envelope level, post IP connection but before the message body is transmitted, additional checks are employed to ensure the is valid. Recipient validation ensures that the user exists on the backend system before accepting further payload and multiple failed attempts can trigger the Directory Harvesting protection. Several checks are employed to ensure that the sender is who they are claiming to be including HELO and reverse path verification. RFC Compliancy validates the mail is being sent in a valid format and SMTP Error Rate control monitors for unusual activity at the SMTP level. Sender Policy Framework can also be enabled to validate that sending system is who it claims to be through DNS based validation. Additional advanced techniques such as Greylisting 6 can be performed at this stage to temporarily reject mail from unrecognized senders to block the activity of botnets and mass tools used by spammers which commonly do not queue and reattempt mail delivery as is normal for a regular Mail Transport Agent. At the content level, these methods are the most resource intensive as they require the transfer of the full message body. To avoid this overhead, FortiMail attempts to detect 90%+ of spam in the previous two levels. Content level inspection methods include FortiGuard spam object fuzzy checksums which identify known spam content and spamvertized URL detection (URLs which are commonly referenced in spam s). FortiGuard Anti- Malware is employed at this stage to detect and block malware-laden payloads from reaching their target. FortiGuard dynamic heuristics is a frequently updated system to detect known spam like behavior from previously unseen spam content and sources. Other methods which can be employed to further increase the catch rate at this level (above the already 99%+ level already commonly achievable) include Newsletter misuse detection, Bayesian filtering, FortiGuard URL filtering which supports 79 URL categories and DomainKeys Identified Mails (DKIM) support. Deployment Flexibility FortiMail can be deployed in the cloud or on premises, in gateway, transparent inline and server modes in a range of appliance or virtual machine form factors. This unparalleled flexibility makes FortiMail the ideal solution for any security requirement. Transparent mode allows for seamless, drop-in installation requiring no changes to the existing mail server network configuration. Both Transparent and Gateway modes offer the same spam and malware detection capabilities. Inline Transparent Onsite deployment along side mail server 6
7 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 7 Gateway mode delivers high performance MTA services and requires a simple modification to DNS and Mail Exchanger (MX) records to redirect s to the FortiMail system. FortiMail performs spam and antivirus scanning and forwards clean, non-spam and non-infected messages to the corporate server. Outbound mail proxy can also be used to further secure outbound mail Gateway Deploy on-site or in the cloud Server mode provides all the security benefits of GW and TP modes and allows FortiMail to function as a full-featured SMTP mail and groupware server. Server mode supports secure POP3, IMAP and WebMail clients to make installation and support for every mail client easy. Server mode is ideal for companies that want to replace aging mail servers, combine functions into one device, and for offering secure services to remote offices. Server mode also supports simple mailbox migration to painlessly migrate from other vendor solutions. Server Full mailserver and groupware functionality in addition to AS IP Reputation Protection FortiMail inspection technology throttles and blocks both inbound and outbound SPAM and malware on a single appliance, ensuring your domain mail server is not compromised or blacklisted. Whether it s protecting against a rogue SMTP sender inside the organization, or an out of control virus with a spamming component, FortiMail can protect the Enterprise s infrastructure and reputation so the lines of communication remain efficient and clean flowing. Content Aware Data Leakage Prevention One of the major outbound threats to organizations is the loss of confidential or regulated data, especially via outgoing . FortiMail includes customizable, predefined dictionaries that detect the accidental or intentional loss of data, aiding in PCI DSS, GLBA, SOX and HIPAA compliance. You can choose to block, reroute, encrypt and/or archive messages containing data matching a range of regular expression patterns, including credit card numbers, US social security number and Canadian social insurance numbers, bank routing numbers, CUSIP strings, and more. In addition, customers are able to create or upload their own custom dictionaries into the FortiMail appliance for more targeted business-specific compliance and protection. Customers of any size, especially those in highly regulated industries, will greatly benefit from the Data Leakage Prevention capabilities in the FortiMail solution. Secure Delivery - Identity based Encryption
8 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 8 FortiMail provides three different ways to encrypt messages, including the ability to send securely to someone without any pre-existing relationship, PKI, key exchange, or client software. Literally, anyone with a web browser and an account can receive encrypted from a FortiMail. This is called Identity Based Encryption (IBE), and alongside our support for TLS and S/MIME, allows us to provide a robust encryption solution that meets all customer requirements. FortiMail Identity-Based Encryption (IBE) uses public key cryptography in which the public key is generated using the unique information about the identity of a user. You can enable automatic encryption of messages based on the attributes you choose, such as subject content, message body, or recipient domain. Thus, IBE allows secure delivery of confidential or regulated content without user provisioning, pre-enrollment for recipients. In addition, FortiMail is one of the very few products on market that offer IBE in both push and pull delivery options -- delivering encrypted s directly to your users, or storing them on the FortiMail for retrieval, or a combination of the two options. 1 Notification of encrypted Sender Recipient 2 User authenticates 3 User views decrypted High availability (HA) and scalability FortiMail supports a high availability configuration that offers full synchronization of configuration and mail data between two FortiMail systems to ensure maximum availability of services. It also allows high-volume organizations (e.g., Service Providers, higher education, etc.) to cluster up to 25 FortiMail boxes with linear scaling with clusters of up to 25 devices for the most testing environments. Management overhead is minimized with centralized management and quarantine, logging and reporting. On-box or off-box policy-based message archiving FortiMail includes policy-based archive functionality for inbound or outbound , which is required by many organizations for compliance purposes. Archiving can be combined with other features such as DLP or IBE to meet government and regulatory compliance for standards such as Sarbanes Oxley by archiving communications which have been deemed sensitive e.g. due to their content, for review at a later date by an archive administrator or auditor. As well as use for compliance purposes, the archive system can be used for archival of all user messages e.g. for disaster recovery purposes. The FortiMail systems offer local as well as external archiving options. Even when using external storage for long term archival, archived messages are fully indexed and retrievable from FortiMail s central management interface. Advanced Messaging Tracking When handling such a large volume of traffic, the ability to quickly and accurately determine the disposition of a message is critical. Being able to easily drill down to a specific user's , which will be the proverbial needle in the haystack, is an essential function for any administrator. FortiMail provides an easy to use browser based search facility which enables the administrator to search for messages based on the sender, recipient, subject, time
9 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 9 etc., see what happened to it (was it rejected, forwarded, blocked, archived) and view the disposition of that mail (why was a decision made e.g. to reject due to a particular spam or virus trigger). Safety and Savings You Can Have It All With Fortinet s FortiMail security messaging solution, you don t have to sacrifice security for cost savings. FortiMail delivers everything you're looking for in an enterprise security solution at the right price point: High-performance: FortiMail s custom-built hardware and software processes and filters messages in realtime, and will not affect your users or delay their legitimate communications. Maximum deployment flexibility: FortiMail can be deployed in the cloud or on premises in virtual machine or hardware appliance and is the only solution on the market with Gateway, Transparent and Server Modes making it suitable for all your requirements. Reduced TCO: Device-based licensing eliminates the need to change license as your network grows, and reduces your TCO. The single user interface reduces management burden. No 3rd party software - No additional licensing fees; common add-on licenses for other vendors such as HA, IBE and Archiving are included in the base FortiMail cost. - Operational efficiency: one vendor to work with, no finger pointing and lower administration costs - Less risk to the business, increased quality and speed in delivery
10 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 10 Common Deployment Scenarios Small/Mid Enterprise Deployment - FortiMail 200D / 400C FortiMail is an ideal cost effective solution for deployment within small and medium enterprise. In a high availability configuration management is centralized and all data is replicated on the second device allowing for true resilience. Management of the FortiMail is simple and the system is backed by continued FortiGuard threat updates so that impact on operational resource, something that is at a premium in the smaller enterprise, is kept to a minimum. Whilst FortiMail can be deployed in transparent or gateway mode to protect an existing mail server, server mode brings with it the greatest cost savings as it allows the FortiMail to be deployed also as a full mail server with calendaring accessible via webmail, IMAP and POP3, ideal for deployment when used by a large number of external employees e.g. sales. Internet Large Enterprise Deployment FortiMail 2000B / 3000D Key requirement for large enterprise is datacenter resilience. FortiMail supports this via Config Sync Only High Availability. In this mode, configuration is synchronized between the devices and both are able to process mail giving the benefit of scalability. Management, mail queues, quarantines and logs are centralized on the primary device, reducing complexity and minimizing the operational overhead. Corporate Mail Servers Internet Datacenter A Datacenter B
11 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 11 Managed Security Service Cloud Deployment FortiMail 3000D / 5002B (Chassis) FortiMail has been designed with the MSSP in mind with multi-tenant support across the range, delegated administration and bulk provisioning. Common MSSP features including branding, central management, clustering and outbound mail protection are included with all appliances. Delegated administration allows the role of administering a sub-set of functions to be passed on to the customer, enabling them to maintain control, without jeopardizing the security of the system and other customers. These features allow the MSSP to deploy FortiMail as a fully branded Managed Security Service for use by multiple customer with a rapid time to market. Domain A Domain B Domain C. Domain n ISP/Mobile Provider IP Reputation Protection - FortiMail 3000D / 5002B (Chassis) A deployment scenario specific to ISPs and Mobile Providers is IP reputation (blacklisting) protection. In this scenario, FortiMail is deployed for outbound scanning in order to detect malicious s (spam or malware) leaving the network. By blocking such s, the provider network is protected from being blacklisted. SMTP Traffic Internet Policy Routing All other traffic
12 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 12 Case Studies Case Study One: Medium Enterprise Common requirements: Security Spam, phishing and malware is a significant issue for all organizations. User education is helping but multi-layer security is still a core requirement of a defense in depth strategy. Preventing phishing threats: Users continue to face a barrage of fraudulent s, looking to fool users into divulging account details and other personal information. Regulation: Many organizations are facing internal, as well as industry and government regulations for secure communication. For example, SOX section 404 compliance requires secure and authenticated delivery of messages to ensure privacy and confidentiality. FortiMail Benefits: Multi-layered protection: Coupled with FortiGuard Labs industry leading real-time security services, FortiMail provides complete multi-layered antivirus, antispam, antispyware, and antiphishing security protection with a performance that will not affect your users or delay their communications. Identity Based Encryption (IBE): IBE ensures privacy all the way to the recipient without the need for installing of clients, manual key management, user provisioning or pre-enrolment or any previous relationship with the recipient. IBE is the most simple to use encryption solution available. Compliance: Pre-defined HIPAA, SOX, and GLB lexical dictionaries are customizable and are included on every FortiMail appliance. Data Leak Protection: Pre-defined "Smart Identifiers" intelligently detect the accidental or intentional loss of confidential or regulated data. You can choose to block messages containing data matching a range of patterns or create policies to enforce the encryption of messages carrying this data, such as Credit Card or Social Security Numbers, which aids in PCI/DSS and HIPAA compliance. Archiving: The ability to copy and archive s based on compliance policies to either on or off box storage. Cost effective: No per user license fees. Additional value-add features such as Archiving and IBE are included on all FortiMail appliances and in any mode of operation without an extra license or fees. Deployment Example: A Medium Enterprise organization, headquartered in the USA but with global satellite offices This company was looking for secure solutions to prevent spam and phishing s from creating risk to their organization. An existing FortiGate customer, they wanted to employ a defense in depth strategy combining the FortiMail Security with best of breed Unified Threat Management (firewall, intrusion prevention, web filtering). Whilst not considered as part of the requirement initially, Identity Based Encryption and Archiving features, included without any costly license as part of the base solution was the deciding factor in making the case for FortiMail as these allowed the customer to achieve important compliance goals at no additional cost. A cluster of FortiMail 400C devices was deployed in config only HA across multiple datacenters for resilience using equally weighted MX records to distribute load between the locations. The current configuration easily supports the required 6,000 users with room for growth.
13 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 13 Case Study Two: Healthcare Clinic/Hospital Common requirements: Confidentiality: Patient information and medical data sent by s, such as lab reports sent to a physician, s from a doctor to another practitioner consulting for a second opinion, are private and highly sensitive. Regulation: HIPAA and similar regulations around the world require that healthcare providers ensure the confidentiality of patient information and medical record. Unauthorized disclosure of protected health information (PHI) is punishable by fines Extended use of IT: To mitigate financial risks many health care providers have resorted to faxing or post mails to deliver sensitive information which significantly increase operational costs. FortiMail Benefits: DLP and Compliance: Pre-defined HIPAA, SOX, and GLB lexical dictionaries are customizable and on every FortiMail appliance. Automatically enforce privacy policies with PHI content scanning. Thanks to dictionaries or lexicon search that identifies PHI elements, FortiMail is able to detect and protect confidential information. Ease of use: FortiMail IBE is as easy to use as regular mail system. There is no need of certification and key management. No additional hardware or software to install. No user provisioning and pre-enrollment requirements. FortiMail allow leveraging mail as a means of health record communication. Automatically and manually triggered encryption: IBE can be triggered automatically when there is a policy match. Or the user can manually trigger IBE by specifying certain keywords in the message Subject or Body. Flexibility: Provide both Push and Pull secure mail delivery capabilities. Pull messages reside on the appliance, while Push messages reside in the recipient inbox. Cost effective: IBE is available on all FortiMail appliances and in any mode of operation without an extra license or fees. Integrated security with no per-user or per-mailbox pricing. Deployment Example: A Medium-sized Health Insurance Company in US This customer has a requirement to become HIPAA compliant, and secure all potentially sensitive information contained in outbound messages, without the intervention of the senders. The customer also wishes to enable the internal users to manually trigger IBE. A FortiMail-1000B is deployed as the last internal hop outbound and is configured to scan all outgoing messages for sensitive content or keywords specified by the company management. The customer takes advantage of the predefined HIPAA dictionary to enable its content monitoring policy. All potentially sensitive information is detected and secured. The automatic message encryption also occurs when a sender specifies certain keywords in the FortiMail system, such as [secure] or [confidential]. For example, when a user puts [secure] in the message Subject or Body, the FortiMail will trigger IBE to encrypt the message automatically.
14 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 14 Case Three: Global Mobile Provider / ISP Common requirements: IP Reputation protection: Due to extended periods away from the home networks, road warriors using 3G access methods and mobile devices are susceptible to compromise and infection from botnets. These botnets are often used for the distribution of spam, which can lead to service provider networks becoming blacklisted. Scalability: With large numbers of users, often in the millions, a solution that is flexible and can scale to accommodate the large volumes of s is required. Cost: Internet provision by mobile provider and ISP industries is highly commoditized, it is just expected and expected to work. Users do not expect to pay a premium for the service so any additional costs to secure on the network must be highly controlled. FortiMail Benefits: Unmatched scalability: With devices capable of delivering message protection of up to 28 million messages per hour in a single appliance, FortiMail is the leader in high performance security. Bidirectional scanning on a single appliance: Some competing solutions require multiple devices to scan incoming and outgoing s, this is not the case with FortiMail. Simple to deploy: FortiMail can be deployed simply, inline to protect all outbound (and inbound) mail transparently with no change to the network. Multi-layered protection: Coupled with FortiGuard Labs industry leading real-time security services, FortiMail provides complete multi-layered antivirus, antispam, antispyware, and antiphishing security protection with a performance that will not affect your users or delay their communications. Cost effective: The high performance MTA feature of the FortiMail solution delivers much higher performance per $ than competing solutions. FortiMail provides integrated security with no per-user or per-mailbox pricing. Features commonly licensed on competing solutions such as high availability, IBE and archiving are included in the base cost of the platform Deployment Example: A Large Mobile Service Provider located in regions across the globe Having had several of its IP networks blacklisted due to outbound spam abuse by botnet infected devices, this customer was using significant amounts of resource to deal with abuse reports and to work with DNS Blacklist owners to restore their IP reputation. The customer wanted to reduce the operational management overhead, restore its IP reputation more permanently and improve customer satisfaction. The FortiMail 3000C was quickly and painlessly integrated within their network and was able to detect and block outbound spam, preventing the abuse reports against the network. FortiMail was further able to integrate with the provider s business systems to identify users and generate threat reports based on the users mobile number so that they could be notified when their device was behaving in a malicious manner (sending spam or virus content). Because of the success of the initial deployment, similar solutions have been rolled out at regional nodes across the globe.
15 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 15 Conclusion Fortinet s FortiMail security solution proves that you don t have to sacrifice security for cost savings. Purposebuilt for the most demanding security requirements, the FortiMail appliances utilize Fortinet s years of experience in protecting networks against spam, malware, and other message-borne threats. Features such as Identity Based Encryption, Archiving and multi-tenancy capabilities make the system ideal for all deployment scenarios from the Enterprise to the MSSP. High performance, coupled with FortiGuard Labs industry leading realtime antivirus and antispyware updates, flexible deployment options, and no per-user licenses, makes the FortiMail the most powerful and cost effective security solution available. FML-WP-SOLN-R