flatexDEGIRO secures critical e-mail communication via Retarus

Item: Email Security
Author: Jan Lange

flatexDEGIRO AG protects the email inboxes of its employees with Retarus Email Security. Incoming and outgoing messages are routed via Retarus’ cloud gateway. The online broker also encrypts regulatory-relevant messages on a role-based basis using S/MIME.

Initial situation

Self-managed mail relays

Claiming to be the leading platform for asset accumulation in Europe, flatexDEGIRO currently supports more than 3 million customers in 16 countries. The company has around EUR 70 billion in assets under custody and processes an average of more than 60 million securities transactions per year for its customers.

Via three brokerage platforms – DEGIRO, flatex and ViTrade – flatexDEGIRO offers access to trading on around 50 stock exchanges in Europe, North America and the Asia-Pacific region as well as over-the-counter direct trading. Brokerage and the banking business associated with securities trading are handled by flatexDEGIRO Bank AG, a subsidiary with a full banking license.

Before switching to Retarus, flatexDEGIRO used self-managed, GNU/Linux-based mail relays and spam filters. Additional security functions such as CXO fraud protection and virus protection were provided by an external security specialist. The self-managed systems required a considerable amount of maintenance.

Objective

Better scalability

Due to the limited scalability of the internal email security infrastructure, flatexDEGIRO was looking for a service provider based in the EU. This service provider was to check incoming emails before they reached the online broker’s internal infrastructure and also scan outgoing email traffic to ensure that no malicious messages left the company network.

The search and selection process took place in the second half of 2020. Key points in terms of the requirements catalog / specifications were the scalability, reliability and availability of the SaaS offering (Software-as-a-Service). Retarus was able to prevail against various market competitors in a PoC (proof of concept). Decisive factors included delivery from Germany, the similar corporate culture and German-speaking support.

Retarus' support was good during the introduction phase and still is.

Jan Lange, Head of IT Security, Executive Director, flatexDEGIRO

Implementation

Gradual introduction, new processes

Following the previous concept and PoC, Retarus Email Security was rolled out across the entire organization over a period of three months. To this end, the email flows were adapted so that incoming and outgoing emails were routed via the Retarus service. Due to the completely new service, flatexDEGIRO had to introduce a number of new processes, for example for the management of Retarus services and the onboarding of new domains and email addresses. The initially slightly increased false positive rate was quickly reduced through manual fine-tuning in cooperation with Retarus support.

In addition to email security, the company also introduced role-based email encryption using S/MIME. The desired separation of email delivery and security functions was achieved. There was no impact on the existing hardware due to the deployment as a cloud gateway.

Benefits and advantages

Practical Digest, Human Factor

Staff received training on how to handle messages that had been moved to quarantine. There were no acceptance problems, as Retarus’ services are otherwise essentially transparent for end users.

The most important and main use case for flatexDEGIRO is that incoming and outgoing emails are channeled via Retarus’ Secure E-Mail Gateway (SEG). For the financial services provider, effective protection against “chief executive fraud” (CXO fraud) is of paramount importance.

Now that email security and encryption has been implemented as originally planned, Retarus is flatexDEGIRO’s first line of defense when it comes to email security. The service already filters out a lot of junk at an early stage, saving employees unnecessary work and time.

Key Facts

In-house development replaced
Email Security with Sandbox, CXO Fraud Protection and Policy Engine
Encryption with role-based S/MIME encryption

Conclusion and outlook

Further services planned

flatexDEGIRO is extremely satisfied with Retarus’ email security, the stability of the service and the accompanying support. The online broker is therefore already considering introducing additional messaging and security services from Retarus in the future.

We are here for you!

Do you have questions about Retarus, our products and services, or wish to receive further information? Your personal sales representative will assist you with any inquiries.