flatexDEGIRO secures critical email communication using Retarus

Item: Email Security
Author: Jan Lange

flatexDEGIRO AG uses Retarus Email Security to protect its employees’ email inboxes. In the process, the company’s inbound and outbound messages are routed via Retarus’ cloud gateway. The online brokerage also employs role-based S/MIME encryption for messages subject to regulatory requirements.

Initial Situation

Self-managed mail relays

Aspiring to be Europe’s leading platform for asset generation and growth, flatexDEGIRO currently supports more than 3 million customers in 16 countries. The company manages EUR 70 billion in assets and processes more than 60 million securities transactions per year on average on behalf of its customers.

By way of three brokerage platforms – DEGIRO, flatex and ViTrade – flatexDEGIRO provides trading access to around 50 stock exchanges in Europe, North America and the Asia-Pacific region as well as direct over-the-counter (off-exchange) trading. The brokerage and banking business related to securities trading are handled by flatexDEGIRO Bank AG, a subsidiary which holds a full banking license.

Before switching to Retarus, flatexDEGIRO had been relying on self-managed, GNU/Linux-based mail relays and spam filters. Additional security functions, such as CXO fraud protection and virus protection, were provided by an external security specialist. The systems managed by flatexDEGIRO itself generated a considerable amount of maintenance efforts.

Objective

Better scalability

Due to the limited scalability of its internal email security infrastructure, flatexDEGIRO was looking for a service provider based in the EU. This service provider would be tasked with checking incoming emails before they reach the online brokerage’s internal infrastructure, while also scanning outgoing email traffic to ensure that no malicious messages leave the company network.

The search and selection process were carried out in the second half of 2020. As far as the requirements catalog and specifications were concerned, scalability, reliability and availability of the various SaaS (Software-as-a-Service) products on offer were considered critical points. In a PoC (proof of concept), Retarus was able to prevail against several competitors. Factors such as delivery from Germany, a similar corporate culture and German-speaking support proved decisive.

Retarus' support was good during the rollout phase and remains excellent.

Jan Lange, Head of IT Security, Executive Director, flatexDEGIRO

Implementation

Gradual introduction, new processes

In line with the agreed approach and PoC, Retarus Email Security was rolled out across the entire organization over a period of three months. This involved adapting email flows to route inbound and outbound emails via the Retarus solution. Owing to the introduction of this completely new service, flatexDEGIRO had to introduce a number of new processes, for instance to facilitate the management of the Retarus services and the onboarding of new domains and email addresses. While there was initially a slight rise in the false positive rate, this was quickly reduced through manual fine-tuning in close cooperation with Retarus’ support experts.

In addition to email security, the company introduced role-based email encryption using S/MIME. The planned separation of email delivery and security functions was also achieved. Due to the solution being deployed as a cloud gateway, there was no impact on existing hardware .

Benefits and advantages

Practical Digest, Human Factor

Staff were given training on how to handle messages moved to quarantine. There were no acceptance issues, as Retarus’ services are generally transparent for end users.

The most crucial, primary use case for flatexDEGIRO is the channeling of inbound and outbound emails via Retarus’ Secure E-Mail Gateway (SEG). For the financial services provider, effective protection against CxO fraud (business email compromise targeting executives) is of paramount importance.

Now that the email security and encryption system has been implemented as originally planned, Retarus represents flatexDEGIRO’s first line of defense when it comes to email security. The service already filters out a lot of junk mail at an early stage, saving employees needless work and time.

Key Facts

Proprietary, in-house solution replaced
Email Security including Sandboxing, CXO Fraud Protection and Policy Engine
Role-based S/MIME encryption

Conclusion and outlook

Further services planned

flatexDEGIRO is extremely satisfied with Retarus Email Security, the stability of the service and the accompanying support. As a result, the online broker is already considering implementing additional messaging and security services offered by Retarus.

We are here for you!

Do you have questions about Retarus, our products and services, or wish to receive further information? Your personal sales representative will assist you with any inquiries.