Microsoft email security for Office 365
January 30, 2017—
3 min read
Email security is an increasingly important issue as we learn of new breaches occurring every day. This issue is not something to take lightly with the estimated cost of cybercrime to reach $6 TRILLION by 2021. In this article, we will review the existing Microsoft email security for Office 365.
93% of all network breaches include a phishing or spear phishing attack.
Every platform has their own set of email security problems, but if you use Microsoft Exchange Online Protection (EOP) you should be safe - right? Wrong. Microsoft EOP is unable to protect you from advanced spear phishing and zero-day attacks. You need advanced email protection.
What is phishing and spear phishing?
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Phishing attacks are mass emails that request confidential information or credentials under false pretenses, link to malicious websites, or include malware as an attachment.
Read more here: Phishing, definition.
Spear phishing is similar to phishing in that hackers send counterfeit emails in an attempt to trick victims into forfeiting their information. However, this specific type of attack targets a single individual. Hackers will even do extensive research and go back and forth in an email chain with a victim to make the exchange seem legitimate before asking for confidential information.
84% of organizations fell victim to spear phishing attacks in 2015.
The fact is, email security is broken…
Using the basic Microsoft email security, the problem is twofold:
- 1. Technology: Most email “security” systems are really just glorified spam filters. They were designed to stop known mass email attacks. The underlying architecture of these solutions isn’t suitable to catch zero-day threats or one-off spear phishing emails.
- 2. People: Many employees will click on or respond to a well-crafted phishing or spear phishing email if it lands in their email inbox. Despite education efforts, 20 to 30 percent of recipients open standard phishing messages that arrive in their inbox and 12 to 20 percent of those click on any enclosed phishing links. These already high rates more than double when looking at spear phishing attacks.
…and Microsoft EOP is unable to protect you.
Yes, Microsoft email security (EOP) can be moderately effective against known threats. The problem is that it is almost entirely helpless in fighting unknown threats ... whether from zero-day code buried in an Excel file or a business email compromise (BEC) spear phishing attack. Of course, these are exactly the kind of attacks that tend to cause the most damage.
Here’s what EOP is missing from a security perspective:
- The ability to identify new and evolving threats for which it doesn’t have a known signature.
- The ability to sandbox all attachments, such as .zip files.
- Real-time URL sandboxing to ensure links are safe and guard against time-bombed URLs.
- Robust spoofing detection.
- Administrative and user notifications in the case of suspected phishing attempts.
Advanced Email Security with Vade
Beyond the basic Microsoft email security, the key to advanced email protection is an artificial intelligence engine that can stop both known signature-based attacks and zero-day and spear phishing attacks. Vade email security suite is able to recognize new threats based on previous patterns. Our machine learning software is constantly getting smarter as it processes and recognizes emerging threats.
Vade 24/7 security threat centers also constantly monitor hundreds of millions of email boxes and feed that information about new and evolving threats into the system.
Signature-based protection isn’t going to protect you from spear phishing and zero-day attacks. That’s why you need advanced protection backed by artificial intelligence.
Advanced Microsoft email security defenses include:
- Initial Filtering: Emails are analyzed for known phishing and malware signatures, including executable files. This quickly weeds out all spam and mass attacks.
- Anti-Malware: We read the code embedded not just in executable files but in Office documents, PDFs, and more.
- URL Sandboxing: All URLs are examined to be sure they do not link to malware, phishing sites, or any other malevolent site. This is done whenever the URL is clicked on… thus avoiding time-bombed URLs.
- Artificial Intelligence: Any remaining messages are analyzed for unknown malware and phishing tactics to prevent spear phishing and zero-day attacks that would otherwise get through the filters.
- Human Intelligence: Vade mans a 24/7 global threat intelligence center with email security experts.
… and a few additional secret sauces we can't talk about.
Easy Deployment for Advanced Email Security
Deployment of Vade is simple. It can be installed on your Office 365 installation in less than ten minutes either as an additional Microsoft email security process to existing solutions like EOP or Barracuda or as a replacement email security system.
Email Security for Office 365
It’s broken. Here’s how to fix it.