Is Office365 secure enough?
There is an increasing amount of companies moving their corporate e-mail to the Office365 cloud
Office365 is a platform for hosted e-mail and collaboration, but not a Cibersecurity Platform
Office365 is a shared platform in the cloud that can be attacked as a whole or some of its services
There is a great amount of third party add-ons without control, that can put in risk your Office365 environment.
Office365 support is very generic, and documentation too extensive
Office365's as well as MS-Exchange's default is to accept e-mails to inexistent mailboxes, and this generates waves of bounces with likely zero-day malware
Office365 is one of the hackers' preferred target to penetrate organizations, specially because it doesn't treat DMARC p=reject correctly and obliges one to write mail flow rules to handle specific cases.
Office365's default is not PCI-DSS compatible and allows unencrypted traffic
Office365 is a very extensive platform to be up-to-date with deploying security fixes
The AVAS SEG Leverage
Mailimit
Just to give an example, a phishing attack targeted to a single user, left the Oregon State without e-mail and blacklisted, because the user sent over 8M spam emails https://www.infosecurity-magazine.com/news/oregon-state-employee-falls-for/
Auditlog
Every change in the security settings is stored in the Auditlog, thus facilitating eDiscovery, forensics and as a fundamental tool of Change Management.
Mailaudit
All the traffic flow is accesible via Web Interface, facilitating e-Discovery. This way any eventual outgoing phishing or spam can be rapidly located if a user was hacked
Private Cloud
Every Mail-Exchanger and Outbound Relay server in AVAS SEG is dedicated, has dedicated IP addresses and holds the company's own antivirus/antispam rules
Anti-DDoS
The AVAS SEG console permits the listing of words, phrases, IP addresses and blocks, whole domains and e-mail addresses to block, to protect you from specific attacks
Anti-spoofing rules
Extensive use of Planisys DNS to ensure the right settings of DMARC, SPF and DKIM to protect your brand in the Internet, and give visibility to third parties to reject ilegitimate e-mails claiming to originate in your organization
Recipient Verification
Allows to stop at the earliest moment all e-mails directed to inexistant mailboxes to avoid generating a wave of dangerous bounces (backscattering)
False Positive Treatment
AVAS SEG lets you identify false positives in virus signatures, and also check malicious domains
Log shipping
AVAS SEG provides a log shipping option for feeding SIEMs, typically providing a logstash forward to Splunk or Elasticsearch
Transport Encryption
AVAS SEG forces the use of TLS to encrypt all emails directed to Office365, and to set PCI-DSS option to encrypt all stages of incoming email
Exceptions
AVAS SEG permits to declare IP addresses or domains that are poorly configured and are important to keep communication with, to put them into a whitelist
Conclusion
- 91% of cyber-attacks start through e-mail, and 93% are targeted to specific people within the organization (spearphishing)
- Office365 needs a complement to make focus in E-mail Cybersecurity like AVAS SEG
- it is imperative to better protect the end user in order for him not to receive any phishing e-mails, and in case his workstation or cellphone is compromised, containg the damage
- AVAS SEG e-mail Security integrates with Office365 through 3 steps Receipient Verification (RV) – Transport Encryption (TLS) y Declaration of Planisys as "partner organization" (Mail flow connector)
