Cisco Blogs
Share

Top Three Considerations When Securing Office 365 Email 


September 21, 2017 - 0 Comments

Moving to the cloud is a no brainer. It’s far more cost effective than maintaining internal systems. No wonder companies have been transitioning to cloud platforms, like Microsoft Office 365, over the last few years. It’s great for the bottom line. Companies with fewer than 1,000 users can expect to save up to 24% on average according to Gartner. Plus, employees can be more productive with all the collaboration tools in Office 365. But as more and more companies have made the transition, the Office 365 platform has become an incredibly attractive attack surface.

According to Verizon’s 2017 Data Breach Investigations Report, attackers used email to communicate with their target in 95 percent of breaches. The Cisco 2017 Midyear Cybersecurity Report also found that attackers turn to email as the primary vector for spreading ransomware and other malware. With ransomware and business email compromise on the rise, Office 365 customers should consider adding advanced email security capabilities to protect their cloud mailboxes.

Stop More Threats with Better Threat Intelligence

Threat intelligence is the critical information that informs security solutions. For email security, this includes details like sender reputation, file signatures of known malware, and more. Advanced email security capabilities should leverage robust threat intelligence to detect and block threats before they launch.

Cisco Talos, the largest threat detection network in the world, is the Cisco Email Security foundation. For starters, Talos analyzes 600 billion emails per day. This number is more than what other competitors see in an entire month! Why is this important? Because more data means a broader view of the threat landscape. The 600 billion emails per day is also only a fraction of what Talos sees because it correlates data from the best intelligence feeds available and from all points in the attack kill chain. The breadth and depth of this data means Talos stops more threats before they reach our customers. Talos also shares the latest threat insight via updates to our customers’ email security solutions every three to five minutes.

Senderbase Email and Web Reputation

The Talos Email and Web Traffic Reputation Center (formerly known as SenderBase) is the world’s most comprehensive real-time threat detection network. You can see global spam and email data and a real-time visualization of threats on TalosIntel.com.

Combat More Malware Hidden in Files with Retrospection

Thanks to innovative techniques used by attackers, malware doesn’t always reveal itself during initial inspection. With retrospective security, when a file that was allowed into a network is later revealed to have been malicious, defenders are able to ‘turn back the clock’ and effectively deal with the threat. Advanced email security needs the ability to combat files that contain malware – no matter when they become malicious.

Advanced Malware Protection (AMP) combats ransomware hidden in malicious attachments. It blocks known malware and remediates breaches fast with AMP retrospective security, if malware happens to infiltrate your network. If an unknown file comes in, Threat Grid provides a sandbox, or secure environment, to automatically evaluate the file’s behavior against more than 913 behavioral indicators and for a wider variety of file types than other competitors. AMP on Email Security is part of our AMP everywhere architecture, which shares malware analysis and verdicts globally so that all AMP customers benefit. This leads to improved threat efficacy. But the even better news for Office 365 customers is that AMP can also automatically remediate malware in Office 365 mailboxes. Administrators can forget about the manual process of cleaning up infected mailboxes. This automated response means security teams can get that time back to focus on more strategic projects.

Stop URL-Based Attacks Before They Reach the User

Attacks like phishing, ransomware and business email compromise often target users by including malicious links in emails. Email security solutions must include deep URL inspection to keep users safe.

With Cisco Email Security, administrators have different options to protect against risky links such as dropping the message, rewriting, or replacing the hyperlink with text that reads “This URL is blocked by policy,” as one example. Also, Cisco Email Security has the ability to look more closely into the context of the message to determine if the site is harmful before taking action. And before the recipient receives the message, URLs are checked against the latest threat intelligence, which is updated every three to five minutes. Often times websites may initially appear clean because attackers compromise fresh sites with zero-day malware to evade detection. If the reputation of a site remains unknown, the recipient is protected by the re-written URL. Other email security vendors only have click time analysis, which works only at the time the user clicks on the link to the risky site. With better web security intelligence, Cisco Email Security drops the emails with risky links automatically and before they reach the user’s inbox. Consequently, we stop URL-based threats faster.

Our advanced threat capabilities are the reason why customers are choosing Cisco Email Security to protect their Office 365 email. Office 365 customers can have enterprise-class email security to get the best threat efficacy when they transition. Cisco is committed to email security and this means we will continue innovating so you can reap the full benefits of moving to the cloud and protect your business with effective email security that is simple, open and automated. That makes cloud mailbox services safer to consume.

To learn more about Cisco Cloud Email Security visit www.cisco.com/go/emailsecurity.

 

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.