What are the core features and architectural elements of Check Point Harmony Email & Collaboration?
A quick walk-through of HEC.
💡
This is part of an on-going series in cybersecurity foundations. Check the cyber 101 article tag index from time to time for more content.
For today's topic, I wanted to briefly describe the core architecture, features, and functionality of Check Point Harmony Email & Collaboration (HEC). Let's jump into it. 😄
M365 Integration Architecture
💡
Note: HEC also supports integration/workflows with Google Workspace. The features/functionality/integration is very similar.
Harmony Email & Collaboration is a purely API-based security service. This is in contrast to other email security solutions (which often involve a combination of DNS MX record changes and API integrations).
The basics look like this:
- HEC is implemented via a Microsoft enterprise application. This is done at the M365/Azure admin level (nothing required at endpoints nor Outlook itself)
- The enterprise app proceeds to deploy path/process workflow elements in the form of:
- Transport rules - These are conditional policies that process messages as they flow through M365/Exchange.
- Connectors - These define how email flows between an M365 organization and external email servers or services.
- Groups - These are collaboration/security objects that organize access
- Journaling rule - Captures copies of messages for archival, compliance, inspection purposes.
- Once the "plumbing" elements are setup, Check Point hosted infrastructure is effectively integrated into mailflow communication for inline scanning and processing. This allows the solution to monitor email messages for security concerns.
Feature review
So what specifically CAN Harmony Email & Collaboration do? Here's a feature review:
- URL Rewriting - HEC can rewrite URLs contained in both email body and attachments. That way, if a user clicks a link that they shouldn't, they're redirected to a Check Point security inspection resource that would block it if needed.
- SaaS Application Integration - The platform has the ability to connect to a variety of SaaS services (e.g. Sharepoint, Dropbox, Google Drive, Msft Teams, Slack, etc)
- Data Loss Prevention - HEC can control the flow of information in and out of the organization based on various criteria. This could be things like:
- Dictionaries (PII, PHI, Financial, Encrypted Content, etc)
- Microsoft Sensitivity Labels
- Regular Expressions
- DMARC Management (Add-on) - This basically allows customers to aggregate the data that DMARC records produce and see recommendations for improving.
- Archiving (Add-on) - A feature designed to help organizations who need to store email for long periods of time. Sometimes this is necessary for legal, regulatory, or compliance purposes. This allows customers to have an immutable backup of email.
For more information, check out these resources:
Configuring Security Engines
Introduction to Harmony Email & Collaboration
DMARC Management
