Proofpoint & Microsoft – secure productivity
In our article about the possibilities of protecting Office365 Suite using Network Detection & Response – we showed that protecting the most popular software used by companies all around the world is not a simple task. The reason for this situation is far more complicated by the fact that not every organization has the budget for such a solution.
How Office365 suite apear to the attacker?:
- More then 200 million users sharing one platform.
- A single point of entry to a whole set of related applications.
- Internal propagation is very hard to detect.
- One vendor providing so much functionality and infrastructure elements is a high vulnerability risk – due to similar software development practices.
The recent narrowing of the partnership between Proofpoint and Microsoft is helpful in this situation. It’s fair to say that the mission of this alliance is to let users achieve more – in a way that’s secure for them and their resources. The focus is on email protection – an area in which Proofpoint has unparalleled experience. The choice seems natural given that still over 90% of attacks (including on the Office365 suite) start with email.
To effectively secure your email, it is imperative that you use the native email security mechanisms offered by Microsoft. However, research shows that more than 1,000 organizations surveyed by Proofpoint reverted to an external E-mail Security Gateway solution an average of 7.2 months after fully migrating their email to MS O365. The enormity of business email usage, the facts stated above and the defense-in-depth principle are a few of the reasons for this.
Proofpoint specifically points out the areas where it is able to provide security improvements to the organization:
- Automate administrative tasks:
– blocking malicious or sufficiently suspicious senders.
– creation of reports about the most frequently attacked users, type of attacks.
– type of attacks or most frequently detected malware.
- A level of security appropriate for a solution specializing in e-mail security, including:
– dynamic analysis – of traffic, headers and message content – to identify spam, domain forgery and sender impersonation.
– granular threat search using URLs, digests, e-mail addresses and campaign names.
email addresses and campaign names.
– URL isolation and scanning before the first click on a link. 80% of malicious URL’s are blocked at this stage.
Various industry reports show that email-related alerts, take up between 40%-60% percent of security analysts’ time in the SOC. Add to this the lack of threat intelligence in Microsoft mail protection and the need for manual switching between consoles – to effectively complicate the process of handling an incident related to the most popular office software platform and the main channel of corporate communication. More on that soon!