Abstract: The present invention relates to an email security system and an operation method thereof for blocking and responding to targeted email attacks, which perform inspection of unauthorized email server access attack, and the method comprises the steps of: configuring security threat information synchronization data by synchronizing targeted email security threat information configured by performing a targeted email security threat inspection on an inbound mail with targeted email security threat information configured by performing a targeted email security threat inspection on an outbound mail; performing a targeted email security threat inspection corresponding to a new inbound mail or a new outbound mail using the security threat information synchronization data; and performing a targeted email security threat response process according to the targeted email security threat inspection of the new inbound mail or the new outbound mail.

Abstract: An operation method of an email security system comprises the steps of: configuring security threat information synchronization data by synchronizing targeted email security threat information configured by performing a targeted email security threat inspection on an inbound mail with targeted email security threat information configured by performing a targeted email security threat inspection on an outbound mail; performing a targeted email security threat inspection corresponding to a new inbound mail or a new outbound mail using the security threat information synchronization data; and performing a targeted email security threat response process according to the targeted email security threat inspection of the new inbound mail or the new outbound mail.

Abstract: A service providing device according to an embodiment of the present invention comprises: a collection unit for collecting mail information transmitted between one or more user terminals; a security threat inspection unit for performing matching of a mail security process corresponding to the mail information in stages according to a preset security threat architecture, inspecting the mail information according to the matched mail security process, and storing and managing mail security inspection information according to the inspection results; and an email security diagnosis service unit for calculating quantitative analysis information, corresponding to a threat level element classification reference of a mail system to be diagnosed, from the architecture processing information from the security threat inspection unit, and creating an email security diagnosis analysis report based on the quantitative analysis information to provide the email security diagnosis analysis reporting to a user terminal of a man