Microsoft Exchange is the most attacked system in the world, not just because it is vulnerable but because it is the most used. Trusting in Microsoft 100%, without redundant security layers will increase your risk of being attacked.

In July 2021, Microsoft's Security Intelligence team warned Office 365 users and admins that the latest phishing attacks use a crafty combination of methods to get past email filters. In follow-up Tweets released on the same day, Microsoft described the campaign that used various detection evasion techniques to be “sneakier than usual.” However, this recent warning to the public wasn’t the first time Microsoft Office 365 accounts have been under attack. In March 2021, Microsoft also made the news following a rise in credential phishing attacks. The attacks involved fake login pages and malicious landing pages intended to steal credentials from employees.

Therefore, it is not uncommon for medium or large companies to exclusively adopt the supplementary component of Office365. This happens for several reasons:

  1. Security must be layered. Exchange is the most attacked, not because it is vulnerable but because it is the most used. Therefore, trusting in Microsoft 100% will increase your risk and is not considered best practice. We recommend having another brand also to check incoming emails.
  2. Information compliance issues. There have been issues raised at the federation level of the system, in addition to low visibility of internal auditing. Historically, Microsoft has not proven to be not great with users’ privacy and many users have raised information compliance issues. If an IT admin or an external IT company looks at users’ work-related emails, the users may never be aware.
  3. The quality of system security. Exchange Online Protection is consecrated to a system with several important functionalities lacking a security base. And only by purchasing the Advanced Threat Protection (ATP) make it possible to have robust filtering, such as a level 2 sandbox system or some level 1 features like safe links and explorer. These features are only present in the top subscription.

Therefore companies look for O365 coupled with another specialized security system within Europe and outside the Azure cloud. Given the reduced visibility and management of the Microsoft system, the focus is on anti-phishing and issues of operationalization of the platform (auditing, message analysis, delegation of administration).

Knowledge from the experts

Anubisnetworks has long been established as a dedicated Email Security provider, covering hundreds of customers for their goal to complement MS365 for real email security. Amongst the criterions that make our customers choose us, we have:

  • Datacenters in Europe, and outside Azure Cloud (where MS365 is)
  • With a focus on anti-phishing, and a higher catch rate, derived from many more security-driven features, including 4 AntiVirus and many other threat intelligence systems from several established systems, such as Sophos, BitDefender, Check Point, and others.
  • Complete Auditing and transparent privacy policy (who is doing what and when)
  • With easy to use customization of threat level/delegation of support/management of users
  • Proximity support, thanks to the multi-tenant cloud system, which includes you and your partners and MSSPs under the same environment.

Source: AnubisNetworks

All categories