Posted on September 28, 2017 by Arun Kirupananthan
In today’s security environment, email deserves serious attention. Ninety-one percent of cyber attacks arrive via links or attachments in emails. Eighty-five percent of companies have already fallen victim.
Meanwhile, it takes less than two minutes on average for a user to click on a malicious email and compromise your system. Yet, too many companies take a reactive approach to email protection.
In our recent webinar, guest host J. Peter Bruzzese explains how a proactive security strategy with third-party solutions like Mimecast bolsters Microsoft’s built-in defenses.
Watch “Taking a Defense-in-depth Approach to Office 365 Security” below:
J. Peter Bruzzese is a Microsoft Officer Servers and Services MVP with over two decades of experience. As he observes, there’s no “fluffing it” around – Office 365 has areas that need bolstering. However, he points out, this was also true of Exchange on-premises.
In the span of a 20-year career, Bruzzese does not remember a case where an organization deployed Exchange and then walked away. It has always been accepted practice to surround Exchange on-premises with an ecosystem of solutions for security, archiving, monitoring, backup, and recovery, or endpoint protection.
So, how does this change for the cloud? With Exchange on-premises, it was possible to choose different siloed solutions to provide the exact functionality needed. In the cloud, doing so would result in “daisy-chaining” solutions and multiplying the points of failure. This is a situation Microsoft discourages. The best response is an all-in-one solution that covers everything you need.
We asked our attendees whether they’d ever experienced a cyber attack impersonation, malicious attachment or URL. Ninety-percent responded with “all of the above.” It seems every day some major organization falls victim to a WannaCry or Petya.
In this environment, you need to contemplate a defense-in-depth approach. This involves a complete plan that spans your email gateway to the actual human user. While Microsoft’s efforts with Exchange Online Protection (EOP) and Advanced Threat Protection (ATP) are valiant, Bruzzese argues they don’t handle the full extent of the threat.
Office 365 and Exchange Online represent a single codebase “monoculture” deployed to millions of systems worldwide. Compromise one of these and you’ve compromised them all. As a multi-tenant environment with a large global attack surface, they present an enticing target.
While Microsoft data centers themselves are very secure, it only takes a single user to compromise and infect a system. As Bruzzese puts it, every breach is an inside job – willing or not. This means securing the gateway and endpoints is crucial. ESRA testing reveals EOP and ATP’s weakness in this area.
As 100% of our attendees guessed, Microsoft’s protection against spear-phishing and other advanced threats is incomplete. Mimecast conducted an ESRA test in partnership with an international shipping company. Over the course of 30 days, 1.5 million emails passed through EOP and ATP.
In that time, Mimecast flagged 252,100 that were inappropriate or harmful, including about 251,000 spam messages as well as 17 dangerous file types, 20 malware attachments and 454 impersonation attacks. While Microsoft’s product stops a lot of harmful traffic, it doesn’t quite do the job you’d expect of a robust, modern email security solution.
No amount of training will prevent the one human error that infects your system and compromises your data. While few organizations rely on EOP alone, many consider EOP combined with ATP “good enough.” This is a phrase you don’t want in your vocabulary when discussing email security!
Mimecast outperforms Microsoft EOP and ATP in two key areas: safe attachments and safe links. When an email attachment arrives, Microsoft ATP will “sandbox” it, opening it within an Azure VM container to determine whether it will “detonate.” This approach works well for malicious code programmed to go off right away, or within a brief time afterward.
However, sandboxing alone doesn’t protect against code designed to lay dormant before striking. Mimecast uses “time incrementation” to “trick” the attachment into detonating early while ATP doesn’t appear to.
In addition, Mimecast converts any incoming attachments to PDF, eradicating any malware or ransomware present in combination with sandboxing and time incrementation. This ensures it covers 100% of scenarios.
In the case of safe links, Microsoft maintains a static list of URLs known to be harmful. The blocked URL list undergoes continuous updates and offers time-of-click protection. However, this approach fails against hyper-targeted “spear-phishing” attacks that use contextual information to convince unsuspecting users to click. Mimecast uses a dynamic, ever-changing list of safe links criteria to detect and scan malicious URLs, providing more robust protection against modern threats.
Even showing a willingness to invest in email protection is often a powerful deterrent. It takes a would-be attacker little effort to use a free tool such as MX Toolbox Lookup to determine whether your mail server is protected by a third-party solution. This attacker then makes a few more assumptions about the state of your email security. If your organization looks like “low-hanging fruit”, it gets added to the list of targets.
Bruzzese compares this to a thief casing several houses in a neighborhood. One house has no fence, no sign, nor any other visible security measures. Another has a high fence, Beware of Dog sign and decals indicating their security alarm provider. Which house is the thief likelier to target?
A true all-in-one solution needs to offer more than security. Whether your organization has 1,000 mailboxes or 100,000, compliance is a key concern. Compliance is a key consideration when comparing Microsoft’s built-in protection to third-party solutions.
For example, Office 365 offers ways to retain and discover email as well as intelligent data governance. However, the solution is not an archive like we’ve come to expect from Exchange on-premises. For one, the data is in a legal hold solution, not held separate from the mailbox. This means email stays with the mailbox and bloats over time.
At the same time, Microsoft’s solution doesn’t offer a “single pane of glass.” In a hybrid configuration that combines Exchange Online with Exchange on-premises (present in most organizations today), there’s no way to consolidate e-discovery searches or ensure those searches are accurate. This could mean trouble in the event of litigation.
Bruzzese recommends a separate data archive located in the cloud. After all, if your aim is to reduce infrastructure, why maintain a physical archive? Mimecast offers enterprise-grade e-discovery with a single pane of glass.
“Hope for the best, but plan for the worst.” Bruzzese quotes this advice from Florida governor Rick Scott in the context of planning for email security. While Office 365 provides native data protection, it’s not a backup. If you delete an email and the 14 or 30-day window passes, it’s gone – for good.
This presents problems when inevitable email outages take Office 365 out of commission for 3, 6 or 9 hours at a time. An all-in-one solution like Mimecast offers a means of immediate continuity without loss of data access or security strength.
Mimecast has a constant “heartbeat” monitoring your email availability. In the event of an outage, you receive an SMS or alternate email alert. With one click you can switch to an alternative flow for your email with Mimecast’s MTA and switch back when the emergency is over. Your users never need to know there’s a problem.
When it comes to planning for email security, we’re either waiting to be victims or waiting to defend ourselves. It’s tempting to believe that when a threat does surface that “Microsoft will take care of it.” But, as Bruzzese asks, when have we trusted Microsoft to protect Microsoft?
Security, archiving and continuity are too important to your business to risk to chance. An enterprise-grade all-in-one solution from Mimecast enhances Microsoft’s built-in defenses and provides the same level of confidence and control in the cloud that you enjoyed with Exchange on-premises.
Download the Exclusive Gartner Report that explores the Magic Quadrant of Enterprise Information Archiving