When Microsoft 365 was first launched in 2011, it wasn’t immediately clear that it would be the major success that it has turned out to be. While the popularity (and ubiquity) of M365 was not to underestimated, at the time there remained concerns about the viability of a cloud-based version, with people concerned about the security and uptime with cloud software.
As of Microsoft's 2023 Shareholders' meeting, M365 has risen to over 74.9 million subscribers. Misperceptions about general levels of cloud security have abated, and Microsoft has made commendable efforts to keep M365 safer and more secure, yet it still remains a major target for cyber criminals and hackers are becoming more sophisticated and targeted in their approach. That’s why it makes it more surprising that many organizations feel that the security within M365 is sufficient. It really isn’t--even with multiple tiers of security features, M365's email security capabilities can miss certain data security requirements that customers may have.
In fact, a research report issued by Egress in 2023 found a prevalence of outbound data loss with 91% of organizations admitting they had experienced email data loss over the last 12 months. So to augment your security architecture, it requires an additional layer and Fortra Advanced Email Security solutions are the perfect complementary security solution for M365.
Hackers & Microsoft 365 Email Security
M365 requires that additional layer because once an attacker gets into one M365 account, they can then potentially use that to access other accounts and do far more damage. That’s why hackers have really upped their game when targeting M365, these are just some of the ways in which they do so:
- More realistic phishing campaigns - M365 phishing scams are becoming much more realistic, whether that’s using a pretend live chat feature, mimicking a meeting request from a colleague or a non-delivery email that asks the user to resend. Clicking on the link in such communication will take the user to a phishing site that looks like an M365 page.
- New ways of using malware – hackers can now include malware in images and documents, and when sent to a user from what may look like a legitimate email address, can inject that malware even during a preview. M365 does not check the source of a document before previews, nor does it have anti-steganography tools which can leave significant security holes for organizations.
- Bypassing M365 security – sometimes hackers will find a way around M365's security completely.
Clearswift Secure Email Gateway + Microsoft 365 Email Security
Deploying the Fortra's on-premise Clearswift Secure Email Gateway (SEG) alongside M365 can address all the above attacks and more, without compromising any of the features that make M365 such a popular business tool.
The enhanced Adaptive Data Loss Prevention (A-DLP) defenses within Clearswift's SEG appliance means that it can offer more comprehensive (and easier to configure) A-DLP and compliance controls, an additional layer of ransomware and Advanced Persistent Threat (APT) protection, and better visibility of policy violations and tracking of message flow. It can be deployed on-premise, in the cloud or as a managed service depending on user preference, but offering the same levels of protection irrespective of how it is deployed.
Any good security solution will remove any risk without blocking communications unnecessarily and minimizing impact on day-to-day business effectiveness. Clearswift's on-premise SEG does this via redaction of documents and emails to remove sensitive data, anti-steganography functionality to prevent exfiltration of sensitive information within image files and Optical Character Recognition (OCR) functionality to detect sensitive information within image files and scanned documents.
Ignore the Doomsayers by Implementing an Additional Protective Layer
Deploying Clearswift's SEG appliance will also provide an additional layer of protection against phishing, ransomware, malware, and APT-based attacks. Any organization can remove the active content from common office document formats and deliver the sanitized underlying data through to its users, removing the active content that is commonly used in successful ransomware attacks. Because it removes all the active content, then there is no ability to fool the defences within M365 either.
Providing this extra layer of protection is essential for M365 to be as safe and secure as organizations want. This is why augmenting M365 with a more integrated Email Security solution–comprised of Clearswift's on-premise SEG, Fortra's Cloud Email Protection and Suspicious Email Analysis, has shown more comprehensive benefits and levels of threat protection unparalleled in the industry.