Office 365 Email Security

Office 365 is a powerful collection of productivity enhancing products for businesses, but one often heard complaint from IT professionals is Office 365 email security doesn’t really make the grade. Microsoft offers two levels of email security for Office 365, the first – Exchange Online Protection (EOP) – is included in the license cost for all users. EOP is something of a bare bones solution that provides a rudimentary level of protection from email threats.

The second, higher level of protection for Office 365 comes from Microsoft’s Advanced Threat Protection (APT) offering. APT includes a much more comprehensive set of security features than EOP, but this comes at a cost. APT is an add-on package that must be paid for in addition to the standard Office 365 license cost, although it is included in the E5 subscription package. The APT offering includes time-of-click protection from malicious links in emails (ATP Safe Links), threat-intelligence-based protection from malicious email attachments (ATP Safe Attachments), and anti-spoofing measures that protect against email impersonation attacks (ATP Spoof Intelligence).

The problem with EOP and APT is the level of protection provided by these solutions is not at the level of leading email security solutions from well-established software vendors whose sole focus is cybersecurity, which is to be expected. Research conducted by the independent intelligence-led security software testing company, SE Labs, found that even with Microsoft’s most advanced APT security package, the level of protection provided was only at a low to middle market level.

That’s not to say that email security is poor with Office 365. EOP has a good spam detection rate and the antivirus engines that are incorporated into the solution are effective at blocking known malware threats and will allow you to secure office 365 email from low-level attacks. Many businesses use APT and are happy with the level of protection provided and small business may find EOP to be perfectly adequate if they do not typically get targeted by cybercriminals and rarely receive an email threat. But with cybercriminals increasingly attacking Office 365 users and phishing attacks on the rise, additional protection for Office 365 is strongly recommended.

Microsoft Office email security struggles with detecting and blocking sophisticated phishing emails. Avanan conducted a study in 2019 to determine how effective Office 365 email security was at blocking phishing emails and found that 25% of phishing emails bypassed Office 365 email security controls, including emails with malicious hyperlinks and malicious email attachments. For an average SMB, 25% of phishing emails equates to a lot of threats being delivered to inboxes. All it takes is for one employee to click for a costly data breach to occur. Third-party Office 365 email security solutions from dedicated security vendors have more advanced machine learning and predictive capabilities that are much better at identifying new phishing threats and will allow you to secure office 365 email against advanced threats.

Protection against zero-day malware is another weak point with Office 365. Zero-day malware is new malware threats that have not been seen before and the volume of new malware threats now being released is considerable. SMBs and enterprises now need much more advanced email security solutions to protect against advanced phishing, spear phishing, and business email compromise attacks and zero-day malware and ransomware threats.

The idea is not to replace the protections offered by Microsoft, but to compliment them with additional security measures to adopt a defense in depth approach. A good strategy for improving Office 365 email security, is to layer a third-party email security solution on top of Office 365. Rather than relying on security from one vendor, you will be protected by multiple vendors which will help to ensure that more threats are blocked.

In many cases, the third-party solutions are cheaper than the standalone cost of APT, which starts at $2 per user per month. There are powerful email security solutions available that will give you better threat detection capabilities at around half that cost.

Third-party Office 365 email security solutions combine traditional detection methods with algorithmic analysis of inbound and outbound messages and machine-learning capabilities to detect zero-day threats.

Many third-party solutions include multiple threat intelligence feeds, domain checking, DMARC recipient verification to identify email impersonation attacks, and sandboxing to analyze suspicious attachments for command and control center callbacks and other malicious actions.

If you want to protect your business from email threats, Microsoft’s APT really is the minimum level of protection you should have in place for Office 365. If you really care about security, then you should consider a third-party Office 365 email security solution.