Office 365 Spam Control

One of the biggest problem areas for businesses looking to improve their security posture is Office 365 spam control. Email is the primary method used by cybercriminals to obtain sensitive information and deliver malware and ransomware. Phishing emails and malspam are the biggest security threats faced by SMBs.

It is essential for businesses to train their workforce how to identify email threats; however, even with training, employees can be fooled. What is also needed are powerful, layered security defenses to prevent email threats from reaching inboxes.

What is clear from online forums such as Spiceworks and Reddit is Office 365 spam control measures often fall short of expectations. Many SMBs and MSPs report that an unacceptable volume of phishing emails and malware threats are not blocked by Microsoft’s anti-spam controls for Office 365. Consequently, IT professionals have to spend a great deal of their working day dealing with these threats.

Standard Office 365 Spam Control Measures Fall Short of Requirements

For many businesses, Office 365 spam control is limited to Microsoft’s Exchange Online Protection (EOP). This is the basic level of anti-spam and anti-phishing control that is provided with Office 365. EOP does provide a reasonable level of security for Office 365 and will block around 99% of spam email and 100% of known malware threats. The problem is the remaining 1% of spam email and zero-day malware threats – Malware variants that have not previously been identified – that are not blocked by EOP.

So how serious is the threat from zero-day malware and phishing? New malware and ransomware variants are being released at record levels, and it takes time for these new threats to be recognized as malicious and incorporated into signature-based email security systems. During that time, signature-based detection mechanisms will not block the threats. Osterman Research reports that while Microsoft EOP is effective at blocking known malware, it is much less effective at identifying zero-day malware threats. EOP is updated every 15 minutes with new definitions, but even that is not sufficient given the rate at which new threats are emerging. Phishing attacks are also becoming much more sophisticated and regularly bypass Office 365 defenses. A recent study by Avanan showed 25% of phishing emails were bypassing EOP and were being delivered to inboxes.

The Importance of Layered Email Security Defenses

The key to improving spam and phishing protection for Office 365 is adding extra layers of security. Email security should not be dependent on a single layer of protection, as no single solution will be capable of blocking all phishing and malware threats.

With overlapping layers of security, if a threat bypasses the first layer, it should be detected and blocked by the second layer of security. Microsoft’s EOP should form the first layer of security, but standard protection technologies such as fingerprinting, whitelisting and blacklisting, and sender reputation are no longer sufficient to block more sophisticated threats such as zero-day malware, spear phishing, email impersonation and BEC attacks.  An additional layer of security is therefore required.

Benefits of a Third-Party Office 365 Spam Filter

Microsoft does offer an advanced level of Office 365 spam control through Advanced Threat Protection (APT), which SMBs can purchase as an add-on. Microsoft’s APT Office 365 spam control is much more effective at blocking advanced malware and phishing threats, but even these two layers of email security only provide a low- to middle-market level of protection for Office 365 environments, according to independent tests by SE labs. For greater protection, a third-party spam filtering solution should be considered.

How to Improve Office 365 Spam Control

There are three key areas where additional protection is required: Advanced phishing attacks, zero-day malware, and data leak prevention. A third party spam filtering solution should incorporate advanced detection measures to block these threats.

Advanced Phishing Protection for Office 365

An Office 365 email security solution should scan inbound emails in real time and analyze the email headers, domain information, and message content for the key indicators of phishing and scam emails. Hyperlinks in emails should also be checked in real-time and an analysis of reputation of those domains and pages should be performed against multiple spam services. Advanced analysis of message content and attachments should also be performed, using techniques such as Bayesian analysis, heuristics, and machine learning. SPF and DMARC should also be included to detect and block email impersonation, which is common in phishing and spear phishing attacks.

Zero-Day Malware Protection

Heuristics and machine learning techniques are useful for identifying and blocking never-before-seen malware variants, but further protection is required to block zero-day malware threats. This is typically provided through sandboxing. A sandbox is a safe and secure environment where suspicious email attachments can be automatically opened and subjected to in-depth analysis to identify potentially malicious actions and command and control server call backs.

Data Leak Prevention

Not all threats are external to your business. Protection is required against threats from within. An email security solution should also scan all outbound messages to identify any email accounts that are being used to send spam, phishing emails, or malware. An additional Office 365 spam control should be incorporated to block attempted data theft and BEC attacks. This is usually achieved through keyword and data tagging. For instance, Social Security numbers can be tagged, and rules set to block attempts to send certain data types via email.

Choosing A Third-Party Spam Filtering Solution for Office 365

There is certainly no shortage of choice when it comes to email security for Office 365. Most of the major cybersecurity solution providers have an email security offering that works in tandem with EOP and APT to provide greater protection for Office 365 environments.

You should look for a solution that includes all of the above features, but also consider the usability of the solution. Many solutions will provide the level of protection you need, but are difficult and time consuming to implement, maintain and use. To help you select the best solution, check out business software review platforms such as G2 Crowd. These platforms allow actual users of the solutions to provide their feedback on the level of protection offered, and comment on ease of use, quality of support, and other important areas. The reviews will help you choose a solution that provides the right level of protection, at the right price, and does not add to your administrative burden.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news