If your business only uses the Office 365 spam filter that is provided with your Office 365 subscription, you will no doubt have encountered issues with spam, phishing emails, and even malware being delivered to your inboxes. According to a 2017 report from SE Labs, the Office 365 spam filter only provides a level of protection in the “low to middle end of the market.” The basic Office 365 spam filter is not effective at blocking more advanced email attacks and zero-day malware threats.
Office 365 Only Includes a Basic Spam Filter
There are several reasons for this. First and foremost, EOP is only intended to provide a baseline level of protection. Its purpose is to block spam, basic phishing threats, and known malware, and it performs those functions reasonably well. EOP will block around 99% of spam email, according to Osterman Research, and 100% of known malware threats. EOP struggles with blocking new phishing threats and zero-day malware – programs and code that have not previously been identified as malicious.
The reason the basic Office 365 spam filter falls short when it comes to protecting against more advanced and new threats is because the Office 365 spam filter is updated retrospectively. When sources of spam emails are identified, they are added to static lists. Further emails from those IPs are then blocked. When new malware is identified, their signatures are added to the virus definition lists of the anti-virus engine. If the signature is not in the list, malware will not be detected as malicious.
There are no mechanisms in EOP that can detect spam email from previously unknown spam sources and EOP does not have machine learning capabilities to predict new attack methods. If you want advanced phishing and malware protection for Office 365 that includes those capabilities, you will need to purchase an additional Office 365 security solution to layer on top of EOP. EOP will still be there playing its part in keeping your inboxes protected, but a more powerful solution will provide the extra detection capabilities that you need.
Upgrading the Office 365 Spam Filter
There are two options available for improving the Office 365 spam filter. You can pay for a Microsoft add-on service – Advanced Threat Protection (APT) – or you can choose from one of many third-party Office 365 spam filtering solutions. To get APT, you will need to subscribe to the Office 365 E5 license tier, which for many businesses is too expensive, especially considering that even with EOP and APT you will only be getting a low- to middle-market level of protection.
With only EOP serving as the Office 365 spam filter, other steps must be taken to block phishing emails. This usually means administrators either have to block “From: addresses” – which comes with the risk of blocking genuine emails sent from legacy servers – or manually block IP addresses retrospectively using the connection filter.
The problem with retrospectively blocking spam emails and IP addresses associated with phishing emails is that spammers and cybercriminals don´t stay in the same space for very long. As soon as it is evident that existing IP addresses are being blocked, they move into a new space with a new IP address – evading detection by the Office 365 spam filter and once again threatening businesses. For Office 365 administrators this is a time-consuming, thankless, endless task.
While you may be happy with the level of protection provided by EOP and APT together, there is an important point to consider. The key to good email security (and security in general) is layered defenses. For an attack to succeed, more than one layer of security must be penetrated by an attacker. If one layer fails, another is present to continue providing protection.
In an attacker learns how a security solution from a provider can be bypassed, threats will not be blocked. This is far easier when the solutions come from the same provider. Homogenous security systems are easier to attack that heterogenous security. A third-party solution should therefore be considered. With layers of security provided by different companies, it becomes much harder for an attack to succeed.
How SpamTitan and the Office 365 Spam Filter Differ
TitanHQ’s email security solution for Office 365, SpamTitan, provides additional layers of security that differ considerably from EOP and APT and will block the threats that those solutions struggle to identify. SpamTitan uses a defense in depth approach to email security, which works in harmony with the protections offered by Microsoft.
More Accurate Detection of Spam Email
In order to improve the Office 365 spam filter and block more spam, additional methods are required that are not included with EOP. These methods increase the spam detection rate from around 99% to more than 99.9%. One of those methods is greylisting. Whitelisting is used to allow all emails from a particular address or domain, regardless of your spam filtering rules. Blacklisting is the opposite and blocks all messages from an email address or domain, regardless of the content.
Greylisting is the term given to an additional check performed on messages that fall into the middle category. Messages with a certain spam confidence score are subjected to this process. The emails are rejected, and a request is sent to the originating mail server for the emails to be resent. Few are returned from spammers´ servers as they are typically too busy to respond to the requests. If a response is received, the delay provides a good indication of whether the message is spam. With greylisting and other more in-depth spam detection methods, SpamTitan has a detection rate of 99.97% with a low false positive rate of just 0.03%.
Advanced Protection Against Phishing, Spear Phishing, Malware, and Ransomware
Defense in depth requires a host of different detection mechanisms and redundancy. With SpamTitan this starts with dual anti-virus engines. Both are excellent in their own right but dual protection maximizes the chance that malware will be detected. However, signature-based threat detection is not as effective as it once was. Static lists are not effective for detecting new malware threats.
In order to block zero-day threats, heuristics, Bayesian analysis, and machine learning are combined with threat intelligence feeds. This allows SpamTitan to anticipate and predict new attack methods and block zero-day malware and phishing threats.
Not all malware is delivered directly. Malicious URLs are often used for this purpose. To protect against malware downloads from the web and the web-based component of phishing attack, SpamTitan performs a link analysis using multiple malicious URL detection tools. SpamTitan also includes outbound scanning – which can detect compromised business email accounts and data leak protection technology alerts administrators to sensitive information in emails, such as Social Security numbers.
Administrators can configure SpamTitan to meet their objectives and can easily set spam tolerance thresholds at the domain, user-group, and user level. They have highly granular control over the spam filter, but maintenance is straightforward and simple through an intuitive web-based interface. SpamTitan is a powerful solution but has been developed with the end user in mind and it is easy to use and maintain.
Further advantages of SpamTitan over the Office 365 spam filter include a range of deployment options. SpamTitan is available as a gateway solution or a cloud-based filter, with multiple hosting options available for the latter. SpamTitan can also be easily integrated with the management interfaces used by MSPs via APIs. SpamTitan also integrates with LDAP and Active Directory for quick synchronization, and the solution is highly scalable.
Try SpamTitan for Free and See the Difference it Makes
If your business is currently relying on the Office 365 spam filter to detect spam emails and protect your networks from malware, ransomware, and phishing attacks, do not hesitate to give us a call to find out more about SpamTitan.
Our team of sales technicians will be happy to discuss any issues you are currently experiencing and will tell you if they can be resolved with SpamTitan. You can also schedule a personalized product demonstration and try SpamTitan for yourself under a 2-week free trial, with full support provided during the trial period. You can then see for yourself the difference that SpamTitan makes.