Advanced Email Security Solution

The Vendor is required to provide an advanced email security solution layered on top of the District's existing Google Workspace for Education environment.
- Objective is the detection and prevention of phishing attacks, business email compromise (BEC), and related email-based threats that bypass Google Workspace's native security controls.
- The District currently manages approximately 16,000 mailboxes:
• 3,200 staff mailboxes (full email access)
• 11,200 student mailboxes (grades 6-12, Google Workspace for Education)
• 1,700 light-use mailboxes (limited access accounts allocated to support staff who do not have checking email as part of their native, core job requirements, such as cafeteria workers, bus drivers, and custodians
- Core Detection Requirements
• Advanced phishing detection: the solution must detect phishing emails that successfully pass google workspace's native spam and phishing filters, including sophisticated job scams, malicious google drive share links, and credential harvesting attempts targeting both staff and students
• Intent-based analysis: the platform must evaluate email content for attacker intent rather than solely for the presence of known malicious indicators. Detection must remain effective against well-crafted, contextually plausible phishing emails
• Internal and compromised account threat detection: identification of threats originating from within the district's own domain, including east-west visibility for emails sent from compromised staff or student accounts to peers
• Malicious attachment and link analysis: detection of weaponized attachments including documents with embedded macros, obfuscated payloads, executable content, and redirect chain analysis for URLS including google drive-shared content
• Pre-delivery quarantine: detected threats must be removed or quarantined before reaching the user's inbox. Vendors must specify target quarantine response time.
- Investigation & Incident Response
• Detailed investigation view: Each flagged email must be reviewable with full analysis detail accessible from a central analyst console
• Retroactive remediation: Administrators must be able to initiate mailbox-wide searches and quarantine actions for threats identified after delivery
• Campaign sweep capability: Following identification of a suspicious email, the platform must support searching across all monitored mailboxes to identify and remediate similar campaign variants, even when message IDs differ.
- Google Workspace Integration
• Native Google Workspace API integration: The solution must integrate via Google Workspace APIs. MX record changes, mail routing modifications, or email proxy configurations must NOT be required. The solution must not impact existing DMARC, DKIM, or SPF configurations
• Fail-open architecture: In the event of a solution outage, email delivery must not be interrupted. The solution must pull via API and never prevent message delivery
• No end-user software installation: Protection must be applied at the platform level without requiring software installation on user devices
• Compliance rule preservation: The solution must not alter or override the District's existing Google Workspace compliance rules, including student-to-student email restrictions and outbound mail policies.