Office 365 has many benefits, so it is no surprise that it is proving so popular with businesses, but one common complaint is the number of spam and malicious emails that sneak past Microsoft’s defenses. If you have a problem with spam and phishing emails still being delivered to your end users, there is an easy solution to improve the Office 365 spam filter and block more threats.
Office 365 Email Protection
More than 155 million commercial users are now on Office 365 and that figure is growing at a rate of around 3 million users per month. Unfortunately, the popularity of Office 365 has made it a target for hackers, who are testing their campaigns in their own Office 365 environments to make sure their malspam messages are delivered. Businesses using Office 365 are being sought out and attacked.
Microsoft has been proactively taking steps to improve the Office 365 spam filter to make it more effective at blocking spam and phishing attempts. Office 365 phishing protections have been improved and more malicious emails are now being blocked; however, even with the recent anti-phish enhancements, many businesses still have to deal with an unacceptable volume of spam, phishing emails are still reaching inboxes, and malware is sneaking past Office 365 protections.
Office 365 Spam Protection
Office 365 provides a reasonable level of protection from spam. You can expect Microsoft to block around 99% of all spam emails. While that figure is good, the 1% that are not blocked can amount to a sizeable number of emails. Around 4.5 billion email messages are sent each day and around 46% of those messages are spam. Each inbox may only receive a handful of spam messages but each message that has to be opened, checked, and dealt with by employees is a drain on productivity.
Office 365 Phishing Protection
Spam is a nuisance, but it does not typically pose a threat to businesses. Malspam on the other hand certainly does. Malspam is the name given to spam email that is used for malicious purposes, such as scam and phishing emails and when spam messages are used to distribute malware. This is an area where default Microsoft Office email protection falls short of requirements for many businesses.
Businesses using Office 365 as a hosted email solution are likely to have their email filtered using Exchange Online Protection (EOP). EOP is included in an Office 365 subscription and it does a reasonable job of blocking spam, phishing emails, and malware. Given the number of email-based attacks that are now being conducted by cybercriminals, and the high costs of dealing with those attacks, being ‘reasonably’ well protected from malspam is simply not good enough.
Many businesses have found that EOP blocks basic phishing attacks but comes up short at blocking more advanced email threats such as spear phishing and advanced persistent threats. EOP is best at blocking large scale phishing campaigns where attackers use huge email lists and ‘spray and pray’ tactics. These tried and tested techniques are becoming less effective thanks to improvements in spam filtering.
The relatively poor return on these scams has seen many threat actors invest more time in their campaigns and develop new methods of attack. There is a growing trend for more targeted attacks using more sophisticated phishing methods. EOP is not very effective at blocking these types of phishing attacks. One study conducted by Avanan showed 25% of phishing emails were delivered to inboxes and were not blocked by EOP. These targeted attacks are also being conducted on SMBs, not just on large enterprises.
To improve the Office 365 spam filter, you can upgrade to Advanced Threat Protection (APT), the second level of protection for Office 365 offered by Microsoft. The level of protection is much better with this paid service, although APT is still not effective at blocking zero-day threats and falls short of the level of protection provided by most third-party anti-spam and anti-phishing solutions for Office 365. A SE Labs study conducted in the summer of 2017 found that even with the additional level of protection, which is only available in the Office 365 E5 license tier, protection only ranked in the low-middle of the market.
Office 365 Malware Protection
An Osterman Research study showed EOP eliminates 100% of known malware threats but is not nearly as effective at identifying zero-day threats. New malware variants are now being released at a rate of around 350,000 a day, according to AV-TEST.
These new malware threats are a serious risk. If they are not detected as malicious and are delivered to inboxes, malicious attachments can be opened by employees. You can train your workforce to be more security aware, but it is unreasonable to expect every employee to be able to identify every malicious message and act appropriately. Mistakes are inevitable. Those mistakes can be extremely costly. According to the 2019 Ponemon Institute/IBM Security Cost of a Data Breach Study, the global average cost of a data breach is $4.88 million and $8.19 million in the United States!
The number of cases of hackers exploiting vulnerabilities in Office 365 and the volume of direct attacks on Office 365 users have seen an increasing number of businesses turning to third-party email protection solutions for Office 365. These solutions are layered on top of EOP and greatly improve Office 365 spam filter capabilities.
There is another reason why it is wise to choose a third-party solution to improve Office 365 email protection rather than opting for Microsoft’s APT. It is important to have layered defenses to protect against cyberattacks, and while layers can be added through the same company, it pays not to put all your eggs in one basket. When businesses have their email on-premises, they typically have many layers to their defenses, and they do not all come from the same solution provider. If a threat is not detected by one solution provider, there is more chance of it being detected by another solution provider than another solution from the same company. The same thinking should be applied to your cloud-hosted Office 365 environment.
An Easy Way to Improve the Office 365 Spam Filter
Businesses that want to further improve the Office 365 spam filter (and those looking for an Office 365 Advanced Threat Protection alternative) need to consider implementing a third-party anti-spam solution.
Fortunately, there is a solution that will not only improve Office 365 spam filtering, it is quick and easy to implement, requires no software downloads, and no hardware purchases are necessary. In fact, it can be implemented, configured, and be up and running in a few minutes.
SpamTitan is a powerful cloud-based email security solution that has been developed to provide superior protection against spam, phishing, malware, zero-day attacks, and data loss via email.
In contrast to the Office 365 spam filter, SpamTitan uses predictive techniques such as Bayesian analysis, machine learning, and heuristics to block zero-day attacks, advanced persistent threats, new malware variants, and new spear phishing methods.
SpamTitan searches email headers, analyzes domains, and scans email content to identify phishing threats. Embedded hyperlinks, including shortened URLs, are scanned in real time and subjected to multiple URL reputation checks, while dual antivirus engines scan and block 100% of known malware. SpamTitan also includes sandboxing, where potentially malicious files and programs can be subjected to in-depth analysis in safety. In the sandbox, files are analyzed for malicious actions and C2 server callbacks.
SpamTitan also incorporates data loss prevention tools for emails and attachments, which are not available with EOP. Users can create tags for keywords and data elements such as Social Security numbers to protect against theft by insiders. SpamTitan also serves as a backup for your mail server to ensure business continuity.
With SpamTitan you get a greater level of protection against spam and malicious emails, a higher spam catch rate (over 99.9%), greater granularity, improved control over outbound email, and better business continuity protections.
If you have transitioned to Office 365 yet are still having problems with spam, phishing, and other malicious emails, or if you are an MSP that wants to offer your clients enhanced Office 365 email security, contact the TitanHQ team today.
The TitanHQ team will be happy to schedule a personalized product demonstration and help you put SpamTitan through the paces in your own environment in a no-obligation free trial.
FAQs on Improving the Office 365 Spam Filter
How does SpamTitan differ from the Office 365 spam filter?
SpamTitan has many advanced features not included in Office 365 and provides a defense in depth approach against malware, phishing and other email threats. SpamTitan include predictive techniques such as Bayesian analysis, heuristics, and machine learning to block new threats, dual AV engines and sandboxing to block malware threats, data leak prevention measures, dedicated RBLs as standard, and allows customized policies to be created for users, domains, domain groups, and the overall system, along with many more features to improve protection for Office 365 environments.
How does sandboxing work?
SpamTitan incorporates a powerful, next-generation sandbox solution. Suspicious messages that pass initial checks are sent to the sandbox for in-depth analysis to identify any malicious actions such as C2 callbacks. If these checks are passed, the message is delivered, if malicious activity is detected, the message will be quarantined or deleted, depending on the policy set by the administrator. Sandboxing is essential for blocking zero-day malware threats.
Why is it necessary to scan outbound emails?
If spam or malicious emails are sent from your mailboxes, you are likely to have your IP added to a spam blacklist and your emails may not be delivered. Outbound scanning can quickly detect a compromised inbox or rogue employee and block outbound emails before any harm is caused. Rules can be set to prevent certain attachments from being sent and data elements can be tagged to protect against data leaks.
How does SpamTitan protect against email spoofing attacks?
SpamTitan supports DKIM signing and incorporates the DMARC (Domain-based Message Authentication, Reporting and Conformance) email-validation system, which has been designed to detect and block email spoofing attacks. A DNS TXT record is used to create an overall policy governing SPF and DKIM, allowing you to accept messages, quarantine them, or reject them if they fail the DMARC check.
How much does SpamTitan Cost and are there any discounts?
The cost of SpamTitan varies depending on the number of mailboxes you want to protect and the length of the contract, with sizable discounts offered to organizations that commit to a 2- or 3-year term. The easiest way to find out how much SpamTitan is likely to cost is to use our cost calculator.