While the use of collaboration tools is on the rise, email remains a vital component of corporate communications. It’s also a primary vector for malware distribution and attacks on endpoint devices. Most of these attacks attempt to exploit users rather than defeat security controls. In the 2018 Survey on Endpoint Protection and Response by the SANS Institute, 53 percent of IT professionals said their organizations had fallen victim to social engineering and phishing attacks, while half said they’d been impacted by ransomware.
Hackers target humans because they’re the weakest link in the security chain, and they use email as an attack vector because it’s a sure way of reaching their intending victims. As a result, the best way to reduce the risk of these security incidents is to prevent malicious emails from ever hitting users’ mailboxes.
That’s increasingly difficult with traditional email security solutions, which primarily use signatures to detect and block threats. Signature-based tools are largely reactive — a threat is identified, a signature is developed and the security solution is updated. This does little to combat zero-day threats, unknown malicious files and attacks that come in before their signature can be implemented. The SANS survey found that traditional security tools detected just 47 percent of attacks.
At the same time, IT pros face competing priorities when it comes to email security. Obviously, businesses don’t want users clicking on ransomware links, but they also don’t want important emails blocked or quarantined. IT is urged to minimize false positives so that email security doesn’t impact operations or the bottom line.
It’s no longer sufficient to use signatures to scan emails for known attack vectors and block specific types of content and attachments. Organizations need a layered approach that employs real-time behavioral analysis, machine learning, sandboxing and other advanced techniques.
Microsoft provides robust email security with two complementary tools:
Exchange Online Protection uses active content and connection filtering and optional policy-based controls to detect spam, malware and other email-borne threats before they reach the corporate firewall. Financially backed SLAs ensure protection from 100 percent of known viruses and 99 percent of spam.
Advanced Threat Protection provides two additional capabilities — Safe Links and Safe Attachments. While Exchange Online Protection can detect malicious links by scanning content, Safe Links analyzes URLs in real time when users click on them. If a link is malicious, Safe Links blocks it or warns the user not to visit the site. Safe Attachments uses behavioral analysis and machine learning to determine if attachments are safe. Suspicious attachments are sent to a sandbox then deleted if they are deemed unsafe.
The spoof intelligence capabilities in Advanced Threat Protection are designed to determine if an email sender is impersonating someone in your organization. Advanced Threat Protection also uses machine learning to better detect phishing emails.
Exchange Online Protection is part of Exchange Online and also available as a standalone cloud-based service for $1 per user per month. Advanced Threat Protection is available for $2 per user per month under certain Office 365 and Exchange Online plans.
Email security is challenging, but Microsoft offers state-of-the-art tools that effectively block malicious emails, links and attachments. Contact AdaptivEdge to discuss how you can best implement this defense-in-depth approach to email security.
Written and composed by Principal, Steve Soper