The migration of email infrastructure from on-premises to the cloud has accelerated to such an extent that by 2021, Gartner estimates 70% of organizations will use cloud email services. So, naturally, the number one threat vector for organizations today is email. Microsoft Office 365 is the predominant SaaS service in the market, and while Microsoft provides a base level of email security it’s much like a lot of their products: just enough.
Built into every O365 Email subscription is EOP (Exchange Online Protection), along with the option to purchase Advanced Threat Protection (ATP) for an added layer of security. While much better than nothing, Office 365 EOP and spam filters don’t prevent many of the modern techniques attackers use to pass through filters. Hundreds if not thousands of threats pass through O365 ATP suite and into the inboxes of small business users every month.
Because of these numbers, and how vulnerable email is, Gartner recommends adding cloud email supplemental security to protect cloud mailboxes with layered security and diversified threat intelligence. So, since the cloud security umbrella is wide (and for the sake of not writing a 200-page thesis), we’ll focus on cloud email security.
Let’s get into the details of some key areas that at a base level should be securing your office 365 email beyond SPAM filtering. Microsoft’s ATP does provide basic threat protection and reporting, along with some key features, such as URL rewriting, attachment sandboxing, and (probably the most advertised) easy integration requiring no additional mail hops, mailflow rules, or connectors.
However, for about $35 a month, any hacker in the world can create an Office 365 account to figure out how to circumvent these security protections. We know from security analysts that there is code put in by hackers to specifically evade Microsoft’s default security. Down the road this might be a viable solo option. But having been introduced in 2015, the product is still relatively immature—especially compared to security vendors who’ve been doing this for decades.
Another large drawback is reporting and forensics. While, yes, there is reporting, visibility and control in the Microsoft security interface is limited, making it difficult to deep-dive into a specific incident, find the root cause, determine which users are impacted, if a user account was compromised, if data was lost, etc. At the same time, ATP limits reporting based on time constraints. For example, it takes a few hours to return a mail protection detail report for messages older than 7 days. For data older than 90 days, reports are inaccessible.
To summarize, while not a complete enterprise solution, you should definitely use Microsoft as a primary security provider and layer additional security solutions from third parties that have more tailored AI, security that’s invisible to hackers, and expansive reporting.
Unknown and Dynamic Threats – these threats can be missed and continue to linger in cloud mailboxes. Faster, automated detection and remediation tools are needed to mitigate the spread of email-borne threats inside your organization.
Targeted Platform-Wide Attacks – The broad-based adoption of cloud email opens organizations to new threat vectors. Attackers have increasingly targeted cloud mailboxes for takeover to launch attacks against the organization. Cloud email platforms are among the most impersonated domains. A successful credential phish can expand the attack surface to include the full office suite, with options to launch insider or spearphishing attacks.
Advanced Threats – Advanced threats like ransomware, Business Email Compromise (BEC) and targeted phishing attacks such as spearfishing can breach the native security defenses of cloud email platforms.
Perimeter Security – Cloud email platforms are susceptible to threats from within the office suite. A credential phish can lead to an account takeover, giving access to internal communications, and creating a launchpad for internal phishing and business email compromise attacks. Since perimeter security is unaware of insider threats, it’s important to scan every mail entering or leaving each cloud mailbox. Continuous mailbox analysis is the key to protecting against insider threats.
If you want to do some quick research, Google a relatively new category of email security called Cloud Email Security Supplement (CESS). According to Gartner, “CESSs focus on specific threats, often in the realm of hard-to-detect phishing and can leverage full access to cloud-hosted inboxes via APIs for detection and remediation.” Some requirements in this category make it unique:
If you’d like to expand your knowledge-base even further, a lot of smart people here at Anexinet would love to talk with you about this all day. Please feel free to reach out to us with any questions. We’d love to help you ensure your Office 365 email is secure.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
|cookielawinfo-checbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.