So you’re moving your email security to the cloud…
Email security is moving to the cloud, and moving fast. While for many companies, an on-premise email security solution may be necessary out of preference, company policy or compliance purposes, cloud-based email and email security, make good sense for most SMBs. 95% Of new IT purchasing is in the cloud, and much of that is for large subscriptions to Microsoft’s Office 365. However, Office 365’s Spam Filter using built-in EOP (Exchange Online Protection), and the pricey Advanced Threat Protection (ATP) some may also add, much of the off-the-shelf security offered by Microsoft simply isn’t enough for the email threats modern small and medium-sized businesses face today.
The Office 365 Spam Filter isn’t Enough for the SMB
If you are moving to Office 365 or already on O365 and have blind faith in the value its security filters provide, it may be time to critically rethink your decision. Office 365 is a powerful solution for productivity, but it doesn’t provide the email security and protection most modern businesses require – especially when more than 90% of cyber threats use email as their first avenue of attack.
With the growing use of cloud productivity suites, there is a lot riding on the security of personal data. In an attempt to sweeten the deal it offers its customers, Microsoft has added additional protection to the series of apps available within O365. Part of a strategy to fend off Google Cloud services, this has helped quadruple Microsoft’s market share from 6% to 25%. Even though O365 offers well-groomed yet affordable email hosting to its customers, their spam filtering, phishing, malicious attachment and URL protection leave something to be desired, especially when considering the increasingly sophisticated nature of cyber criminals and their attacks.
Why do malicious messages get through O365 spam filters?
Recent ransomware attacks all over the world have given many organizations an extra-strength dose of reality when it comes to the cyber-threats they face. While security measures against these threats can take on incredible power and complexity, nothing is fool proof – no matter the software in place, any system that has human users can fall victim to socially engineered attacks.
In order to deceive human users into clicking malicious links, opening dangerous attachments, give up sensitive information, funds and more, attackers use the most common features of email to achieve their goals. Though many spamming signatures are long-recognized and blocked, attackers are increasingly skilled at hiding the origin and the reputation of their emails and sender domains, while also using differing reply-to’s, non-malicious links and even benign word documents with malicious instructions to carry out their attacks. However, with Office 365 EOP and spam filters and, many of the modern techniques that attackers use are able to pass through filters, and there are hundreds if not thousands of threats that pass through O365 ATP suite every month and into the inboxes of small business users.
On top of failing to sufficiently protect users, usability and transparency are also important concerns to O365 organizations. With these points in mind, here are three chief shortcomings of Office 365’s spam filtering:
#1: Office 365’s basic spam filtering capabilities are Incomplete:
As per a recent analysis by Osterman Research, O365 falls short of providing protection against advanced, targeted threats. For example, if an attacker sends a non-malicious URL to a specific organization, but then links the URL’s content to malware after it has passed its initial scan, the URL will go undetected by the O365’s EOP. This will not only allow malicious content and software to pass through the EOP security gateway, but can give attackers an avenue to cause more sophisticated damage to an organization’s IT systems. Too many of today’s most common phishing email attacks make it through the O365 Spam Filters and, in light of this issue, it’s advisable for organizations and businesses to wrap advanced security capabilities around their O365 deployment to avoid security breaches by spammers. Time of click URL Defense is a must for modern email security.
Microsoft does offer more with its Advanced Threat Protection, including “time-of-click” scanning of malicious email links, but at nearly $30 extra per user per year (that’s on top of your subscription), it hardly provides the value SMBs need from their email solutions. On top of all this, the total cost of ownership associated with O365 can be punitive for many organizations, as it still lets too many of the most advanced attacks through, causing incidents and costing time for the IT departments of many businesses.
#2: Quarantine-Lite & Retention Headaches for Admins
On top of the filtering challenges presented by O365’s security products, many admins find the initial post-migration setup of EOP to be unnecessarily complex. The decisions they make in the beginning of their implementation can decide the fate of the organization’s security in the long term. All “Spam” and “High-Confidence Spam” mail is routed directly to the Junk Email Folder, where it remains for a period of 14 days only. On the 15th day, this spam mail is deleted automatically.
For most admins, this is not an ideal scenario, since individual users get access to move and open the potentially hazardous emails. On the other hand, the default ‘holding period’ is rather short, since false positives can also be moved into the spam folder and this mail will be deleted automatically if not accessed otherwise.
Even if an admin wants to override the default setting of 14 days, there’s not much upwards mobility. The maximum holding period can be pushed to 30 days, following which the spam mail will be deleted automatically.
This does not sum up the retention headaches with O365, as it’s hard to ignore the time consumed and damage done by the admin workflow of O365’s EOP Quarantine. The Quarantine display is limited to 500 messages and on one page, further constraining its functionality. While O365 is aimed at increasing productivity, this would seem to reduce productivity for both users and IT admins.
#3: The O365 Catch Rate:
While privacy is one of the main values many cyber-attackers aim to compromise, Microsoft’s email protection doesn’t seem to value a level of transparency its protection offers. One of the most glaring concerns with O365 is the lack of transparency that comes from its provider. Microsoft’s decision to back out of peer review has instilled doubts in the minds of many clients. As advertised by Microsoft, O365’s Spam Filter unique selling point is that it catches 99% of spam mail, while there are currently security providers in the market which are benchmarking 99.95% spam catch rate or more.
While that may not seem like much of a difference, that last percent of spam threats can contain of some of the most dangerous, malicious messages online today. With about 60 spam emails sent to every employee per day, if you are a company with 100 email accounts, a .95% difference is over 20,000 spam emails a year. If that doesn’t sound like a huge number, remember that it takes only one phishing or ransomware email to cripple your network, compromise an account or cost your business’s bottom line.
These are only 3 of the factors to consider when considering moving the Microsoft cloud. End User access to the Spam Quarantine, Blacklist Support, URL Defense, Deficient Reporting, Secure Encryption, Email Archiving and more are all critical issues that can make a huge difference in your cyber and email security planning. Your protection also needs to ensure continuity in face of an outage. While users love the productivity O365 offers, its security features have clearly been cause for dissatisfaction.
35% of O365 organizations are already using a third-party email security provider, and that number is rapidly increasing. Considering the effort and commitment that needs to be invested in deploying Office 365 or any email security solution, it should not come as a surprise that there is a lot at stake here for many small and medium businesses. In order to assure the comprehensive security that your SMB needs from O365, it’s important for all to take security into your own hands and couple up O365 with third-party to maximize the effectiveness of your solution.
Subscribe to our newsletter to discover more about how to best protect your O365 investment, or click through here to discover modusCloud Email Security, offering spam filtering, advanced threat protection, continuity, encryption, archiving and more for your email systems.