To Protect against phishing is one of the mandatory things which is in the priority list of any organization. We will take you through some of the top tools you can use. And how to protect your employees against phishing who happens to be a weakest link in this war against phishing by training them using various simulators.

We were just back from Gartner conference where we heard regarding security Windows 10 and Office 365. Microsoft Office 365 adoption is going on a great pace. This along with Windows 10 and is one of the top priorities for IT department in any organisation. Microsoft is ending support for fixing security problems for Windows 7 on January 14, 2020. This is also reason why organisations are rushing for Windows 10 upgrade. Security is one one of the most liked features in Windows 10.

Yet we keep on hearing about phishing attacks through Emails. Why does Office 365 does not protect against phishing. We put some research on what is available in market.

What is a phishing attack –

This is also known as phishing which is defined as an act of sending an email to the user in order to steal his personal information like bank account details, credit card information, login credentials, etc. Such email falsely claims to be from an established organization and makes the user surrender his private information. These confidential data are misused for identity theft. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

As per www.phishing.org – 85% of organisations have been impacted, 100 billion spam mails are sent each day, Damages exceeds one billion dollars. How do you protect your organisation against phishing?

What tools are available to protect against phishing attacks and safe guard Emails?

In this post, we’ll review how different protection services provide holistic end-to-end protection against today’s most sophisticated phishing campaigns.

Here are the top 5 vendors to watch out for in Email security market.

1) Proofpoint – Proofpoint enterprise email protection.

Proofpoint Email Protection stops malware and non-malware threats such as impostor email (also known as email fraud). Deployed as a cloud service or on-premises, it provides granular filtering to control bulk “graymail” and other unwanted email. And business continuity capabilities keep email communications flowing, even when your email server fails.

Proofpoint enterprise email protection features
A) Threat Protection.
B) Spam Protection.
C) Data Loss Prevention.
D) Encryption.
E) Deployment Options.
F) Integrations.

See complete data sheet here

2) Cisco – Cisco Email Security.

Cisco® Email Security enables users to communicate securely. It helps organizations combat business email compromise (BEC), ransomware, advanced malware, phishing, spam, and data loss with a multilayered approach to security.

Cisco Email Security Appliance features.
A) Global threat intelligence.
B) Spam blocking.
C) Graymail detection and safe unsubscribe.
D) Advanced Malware Protection.
E) Outbreak filters.
F) Web interaction tracking.
G) Outbound message control.
H) Forged Email Detection.
I) Data Loss Prevention.

See complete data sheet here

3) Microsoft – Exchange Online Protection.

An incoming message initially passes through connection filtering, which checks the sender’s reputation and inspects the message for malware. The majority of spam is stopped at this point and deleted by EOP. Messages continue through policy filtering, where messages are evaluated against custom transport rules that you create or enforce from a template. For example, you can have a rule that sends a notification to a manager when mail arrives from a specific sender. (Data loss prevention checks also occur at this point, if you have that feature; for information about feature availability, see the Exchange Online Protection Service Description.) Next, messages pass through content filtering, where content is checked for terminology or properties common to spam. A message determined to be spam by the content filter can be sent to a user’s Junk Email folder or to the quarantine, among other options, based on your settings. After a message passes all of these protection layers successfully, it is delivered to the recipient.

Exchange Online Protection features.
A) Anti-spam protection.
B) Spam management.
C) Anti-malware protection.
D) Mail routing and connectors.
E) Transport rules.
F) Administration.
G) Reporting and logging.
I) Service Level Agreements (SLAs) and support.

4) Symantec – Symantec Email Security cloud.

Symantec Email Security.cloud you can block virus, malware, spam, phishing, and targeted attacks before they reach your inbox.

Symantec Email Security.cloud features.
A) Emerging threat prevention.
B) Phishing defense.
C) Malware and spam protection.
D) Symantec Global Intelligence Network.
E) Isolate.
F) Integrate.
G) Gain high operational efficiency at a low TCO.

See complete data sheet here

5) Mimecast – Secure Email Gateway

Mimecast Secure Email Gateway uses sophisticated, multi-layered detection engines and intelligence to protect email data and employees from malware, spam, phishing, and targeted attacks – 100% from the cloud.

A) Always-on security.
B) Increased protection.
C) Enhanced visibility and control.
D) End user self-service.

See data sheet here

Besides this Office 365 also has many security features like –

A) Multi-Factor Authentication.
B) Mobile Device Management.
C) Advanced Threat Protection.
D) Encrypted Email.
E) Data Loss Prevention.
F) Azure Identity Protection.
G) Privileged Identity Management.

Read in details about what your organisation can do with built in security features to prevent phishing attacks. And what to do after it has happened in this link.

Employees are weakest link in war to protect against phishing attacks so train them –

No system is completely effective and even with best security tools things can go wrong. Your users are the weakest link in defending against cyber crime like phishing. They need to stay informed about the latest phishing threats and how to avoid becoming a victim to keep themselves and your organization safe.Training your employees is one of the must do things to avoid these risks.

Why wait for real attack. Try out internal phishing exercises. These free phishing simulators will help you to protect against phishing attacks by putting employees in real life situations and gauging how prepared you are.

You can also reach us to help you in your automation journey by filling this form.

Categories: Tech Tips

Leave a Reply

Your email address will not be published. Required fields are marked *