Topsec Cloud Solutions
and Microsoft 365
Why an additional security layer is vital when you have moved or are thinking about moving your email to the cloud
Microsoft 365 is the most adopted cloud email and office application solution available on the market today. Most IT admins say the reason they made the move to Office 365 is because “they no longer have the time to spend administering their on-premises exchange’’ However, most overestimate the security capabilities of Office 365.
Office 365 security threats
-
From within Office 365
It’s a well-known fact within the cyber security industry that a lot of threats originate from email accounts within Office 365’s own environment
-
Inbound email
Office 365 defaults for connection time checks such as SPF, DKIM and DMARC are non-secure.
Office 365 has other insecure default behaviours for legacy compatibility reasons and because they have to take a one size fits all approach to connection time security. For example, Office 365 will accept emails from non-existent domain names and domains which do not represent an FQDN.
-
Configuration
Configuration can be a big issue when the person responsible for setting up Office 365 fails to configure it correctly, failure of correct provisioning can leave you vulnerable to so many major security threats.
-
One size fit’s all
Office 365 is commonly described as a one size fits all type solution with regards to security, what does this mean for you? Basically, because Office 365 is a multi-tenant environment it’s security features will not allow for flexibility when it comes to unique targeted email borne threats against end users.
-
The accessibility of Office 365 presents another problem.
- Predictable circumvention. Any hacker in the world can create an Office 365 account to figure out how to circumvent the security.
- ATP is Version 1. Introduced in 2015, its features and functionality are relatively immature when compared to solutions established security companies like Topsec have been honing for decades
- Opaque reporting and forensics functionality. Visibility and control in the Microsoft security interface is limited. This makes it difficult to deep-dive into a specific incident, find the root cause, which users are impacted, if a user account was compromised, if data was lost, etc. At the same time, ATP limits reporting based on time constraints. For example, it takes a few hours to return a mail protection detail reports for messages older than 7 days. For data older than 90 days, reports are inaccessible.
-
It’s not a security license
Office 365’s E3 and E5 licenses are Office suite licenses that include security elements but are not fully focused on email security and threat prevention.
Why do you need additional layer of security?
Given these factors, Office 365 has a number of shortcomings with regard to email security.
Protection from hackers
Office 365 is commonly used by hackers as a means to simulate their attacks, so it’s easy for attackers to test their methods until they can bypass Office 365’s security filters.
Security focus
Our mission statement is to fully focus on protecting the communication of our end users. Microsoft Office 365 is a multifunctional product with no particular focus on email security.
Prevents human errors – Outbound Monitoring
If an employee account gets hacked, outgoing emails becomes a threat. Using an additional security layer provides you with the benefits of monitoring abnormal trends in outgoing email.
TOPSEC SOLUTION
What TOPSEC do for you?
Conclusion
With the world’s most talented engineers and a seemingly infinite budget, why does Microsoft fall victim to phishing attacks that get past ATP and Exchange Online Protection (EOP) for Office 365? (25% of all Phishing Attacks get through MS 365).
The reasons have nothing to do with any specific failure by Microsoft, but much to do with the widespread adoption of Office 365 as an enterprise collaboration suite. Because Office 365 is the most used platform, it is also the most attacked. This creates strengths and weaknesses in ATP.
Organizations should use a third-party email security layer sitting in front of Office 365 that have more tailored AI, security that is invisible to hackers, and flexible and responsive reporting, control and support.
A layered security module is imperative when moving your email to a multi-tenant cloud environment like Office 365.
TESRA
Many organizations believe that their current email security systems are up to the task of protecting them from malware, spam, and other email-borne threats. However, this is not true as most email security systems fall short and do not keep their organization safe. The entire industry needs to be working towards a higher standard in quality, protection, and email security.
Based on the principle “what gets measured, gets managed,” Topsec has used the numbers to establish a framework to measure the effectiveness of Microsoft Office 365 as an email security system. This report provides the details of the test results and explains what these results mean.
What is a TESRA?
The Topsec Email Security Risk Assessment is a test that passively inspects emails that have been let through by third-party incumbent email systems as safe and ended up on an organization’s email management system. Topsec put these emails through their own email security systems to reinspect the emails for false negatives i.e., emails that are spam or contain malware or malicious attachments.
Analysis by Test Level:
Total Caught as Spam: 1,500,777 detected as Spam. 500,259 rejected and 1,000,518 quarantined.
The TESRA test covered 13,553 email users over a 90-day period of email received from various organizations. Within that timeframe, more than 10 million emails were inspected by Topsec. These emails had already been passed as safe by the organization’s implementation of Microsoft Office 365 services with Exchange Online Protection or Advanced Threat Protection. The Topsec security test occurred passively after the incumbent email security systems had executed all their security filters and determined that nearly 1,504,010 or 15% of the 10, 014,185 emails were actually “bad” or” likely bad”. The overall false negative rate in the TESRA test of Microsoft Office 365 was 15% of all emails inspected by Topsec.
Most of these emails that got through were spam, with 99.79% of the false negatives passed by the incumbent email security systems that were caught by Topsec were spam emails. Most spam email is not lethal; however, these messages can lead to more sophisticated attacks. As we move down the funnel the number of false negatives decreases, however, these attacks are more lethal.
1,809 Impersonation attacks
At the next level, 1,809 of the emails caught by Topsec were impersonation attacks that were missed by Microsoft Office 365. These types of malicious emails are socially engineered emails that attempt to impersonate a trusted party, a CEO for example, with the intentions of prompting the recipient to do something they should not doin a timely manner, e.g., transferring funds to a bank account as soon as possible. As these emails do notcontain malware or malicious attachments, they are harder to detect. The number of these targeted email attacks have significantly increased in recent years.
1,206 Dangerous File Types
In the next level, 1,206 emails caught by Topsec were dangerous file types. Dangerous file types covermany file types which are not sent over email including .exe (executables) and .src (source) files. Topsec recommends that customers block or quarantine these dangerous file types by default.
218 Malware Attachments
Moving down a level, 218 emails were identified to contain‘known malware’ which is a term used for malware which has previously been seen in the environment and reported as malware. Missing any known malware is a massive sign of weakness in an IT security system and is very worrying.
How TESRA works?
- Topsec is given access to an organization’s inbound emails after they have been inspected by their incumbent email security system. These emails are not manufactured for the test, they are the actual email the organization receives over the period of the test.
- Topsec gets a BCC copy of all emails that have been delivered to the organization’s email management system which has already been passed by the incumbent email security system.
- The Topsec Email Security service then inspects the email for spam, malware, attachments, and impersonation attacks that was previously missed by the incumbent email security system.
- At the end of the test, the information was collated and put into the TESRA report.
Conclusion
Many organizations think that their current email security systems are keeping them safe from new and emerging email-borne threats, however, the TESRA test proves that this is not the case. These days, hackers are more sophisticated, resourced and targeted which leads to more effective email attacks. They continue to search to find holes and flaws in services such as Microsoft Office 365, so it is vital that you put as many layers of security in place as your budget will allow.