It’s crucial that organizations using Office 365 find and implement a strong, multi-layered email security solution for their users. Office 365 has quickly become one of the most popular cloud-based platforms, making it a prime target for attackers looking for an easy way to compromise email data. In the cloud, email has remained the number one threat vector, with attacks like phishing attacks, spam and ransomware becoming major issues for many businesses.
In this guide, we’ll take you through the top email security solutions for use with Office 365. This article will cover many different kinds of email security technologies that can be used in isolation, or combined with other tools. These solution include Secure Email Gateways, which filter malicious emails before they enter users’ inboxes, Phishing Protection platforms that automatically remove phishing attacks, and email encryption solutions that secure email communications.
We’ll cover the key features of these solutions, what makes them perfect to secure emails with Office 365, and what types of customers they are most suitable for.
Abnormal Security is a cloud-native email security provider. The Abnormal platform uses behavioral AI to protect against inbound threats such as business email compromise, spear phishing, supply chain compromise, and malware, as well as internal account takeover. A Microsoft Preferred Solution, Abnormal offers a native API integration with Microsoft 365 that allows users of the MS Office 365 email client to implement security without making MX record changes or turning off Microsoft’s built-in security features.
Abnormal uses behavioral AI to create a baseline of each user’s regular communication patterns, then analyzes each email for over 45,000 indicators of deviant behaviors that may suggest compromise. A risk profile is created for each email; Abnormal rewrites the URLs in suspicious emails and, if deliverable, inserts relevant warning banners into the email body, notifying the user of the threat type and severity. In addition to preventing inbound attacks, Abnormal also scans internal communications for malicious east-west activity. Accounts displaying anomalous behavior are automatically logged out of their active session and the platform will trigger automatic Microsoft 365 password resets, preventing attackers from regaining access.
Abnormal’s native integration with Microsoft 365 enables organizations to deploy the solution within minutes, without needing to set custom policies to work around Microsoft Defender for Office 365. This enables organizations to implement unified email security, controlled via one admin console, without the need for an additional Secure Email Gateway layer. Customers praise Abnormal for its easy integration with Microsoft 365, its powerful threat detection, and the engaged support team. We recommend Abnormal to all organizations looking to protect their users against email threats within Office 365, and particularly those valuing easy deployment and ongoing management.
IRONSCALES provides powerful protection for Office 365 against phishing attacks, credential theft, and business email compromise. IRONSCALES is fully cloud-based and works at the mailbox level. This means IRONSCALES can identify suspicious email activity, such as spoofed domains, and alert end users with warning banners inside their mailbox. This helps to prevent phishing and business email compromise, without impacting end-user productivity. IRONSCALES also uses multiple anti-virus engines to identify and remove emails with malicious links and attachments automatically. In tests by Expert Insights, IRONSCALES outperformed Microsoft Defender for O365 (ATP) for phishing detection and prevention.
Phishing attacks are perhaps the biggest threat facing businesses using Office 365. IRONSCALES provides a robust layer of security with its email protection platform. IRONSCALES also provides a suite of security awareness training tools that allow admins to easily create simulated phishing emails, and test users’ effectiveness in spotting suspicious email attacks. IRONSCALES also offers protection against malicious links and attachments in Microsoft Teams environments.
IRONSCALES combines machine learning technologies and human threat intelligence to identify malicious emails and remove them from end-user inboxes. Machine learning engines use contextual analysis, looking at factors like domain, time emails were sent, attachments, location, and suspicious language to identify phishing emails and to remove them automatically in just milliseconds. IRONSCALES also allows end-users to report emails that don’t look right with a button located directly in the Office 365 mail app, on desktop or mobile. This intelligence is shared across their client base, so a phishing attack reported by one end-user is shared with IRONSCALES customers all over the world.
IRONSCALES is built for use with Office 365. It integrates seamlessly with your Office 365 environment, via Graph API, without requiring any reconfigurations or new mail flow rules. Deploying the service is extremely easy – deployment takes 2 clicks and doesn’t require any MX record changes. IRONSCALES is an ideal platform for stopping phishing attacks on organizations using Office 365.
Trustifi helps organizations secure their email communications against inbound threats such as spear phishing, malware, and account takeover attempts, as well as encrypt outbound emails to protect sensitive email data at rest, in storage and in transit. With a native integration for Office 365 and a range of customizable protection settings, Trustifi makes it easy for businesses to secure their inboxes and ensure compliance with data protection standards.
Trustifi’s Inbound Shield scans all inbound emails for malicious content, ranking each email according to its threat level and threat type. If an email is deemed malicious, Trustifi quarantines or removes it according to admin-configured policies. The Inbound Shield also offers blacklisting and whitelisting to prevent repeat attacks from known malicious addresses, and to ensure that emails from safe external senders aren’t mistakenly blocked, helping to reduce false positives.
Trustifi’s Outbound Shield enables organizations to apply AES 256-bit encryption to their outbound emails, ensuring that all sensitive data is sent securely and in compliance with data protection standards such as HIPAA, PCI-DSS, and FINRA. Via the Office 365 plug-in, end users can easily encrypt emails without having to leave their inbox and log into a separate portal. Recipients can easily open encrypted emails through the Trustifi web portal—even if they don’t have a Trustifi account themselves. For added security, admins can enable two-factor authentication that requires recipients to verify their identities before accessing encrypted emails.
Trustifi deploys in Office 365 via an API integration, and the solution comes with pre-configured settings to provide instant protection upon deployment, which admins can customize to meet the specific security and compliance requirements of their organization. We recommend Trustifi as an intuitive, user-friendly solution for any-sized organization looking to protect their Office 365 client against inbound threats, as well encrypt their most sensitive email content.
ESET is a global cybersecurity provider offering solutions for organizations across web, endpoint, email, and network protection. Their Cloud Office Security solution provides comprehensive security for Microsoft Office 365 applications, including anti-malware for Microsoft 365 Exchange Online, Teams, OneDrive, and SharePoint. This solution helps to reduce the risk of spam, malware, and ransomware, and other targeted attacks including phishing and spear-phishing. One of the benefits of this solution is that it provides holistic protection for Office 365 as well as security for the email channel.
ESET Cloud Office Security provides a strong level of threat protection to complement the controls offered by Office 365. It scans inbound and outbound emails for harmful content and malicious URLs then automatically deletes, quarantines, or blocks malicious emails. It also scans content in Teams, OneDrive, and SharePoint for malicious links or attachments, automatically quarantining or deleting malicious documents or messages. Admins can customize threat protection policies, with a range of configuration options available. These include policies for the level of threat detection required, the remediation steps for suspicious email messages, and options for email quarantines. These policies can be set at an individual user level, for groups, or for the entire organization. Within the admin console, you can also view reports and logs, set up reports to be emailed to admins, and release emails from quarantine.
Deploying ESET Cloud Office Security to Office 365 is extremely easy and takes only a matter of minutes. The core strength of this solution is its virus scanning and anti-malware, which works across Microsoft Office applications. It provides comprehensive protection for Office 365, going beyond the capabilities of many competing email security platforms that focus only on email protection. This solution should not be considered as an alternative to an email security gateway solution, but instead as a strong layer of protection across O365, with enhanced protection for email, OneDrive, SharePoint, and Teams. We’d recommend ESET Cloud Office Security as an ideal solution for organizations seeking holistic protection for Office 365.
SpamTitan provides powerful email security that offers comprehensive protection against advanced email threats such as CEO Impersonation protection, phishing attacks, malware, and ransomware. SpamTitan can be deployed as a cloud-based solution or on-premise, and provides effective protection for Office 365 email accounts with inbound email filtering, data loss protection, and encryption. The solution provides advanced reporting and admin policies. It is a strong email security platform for Office 365, with competitive pricing and an easy to manage admin console which makes the solution well suited for SMBs, enterprises, and MSPs.
SpamTitan provides strong inbound threat protection, with multi-layered threat protection engines, including link analysis, full attachment sandboxing, zero-day attacks protection, mail spooling, and spoofing protection. SpamTitan offers protection against advanced inbound threats such as ransomware, and also provides outbound email protection, with SPF, DKIM, and DMARC checking. Admins can configure granular threat protection policies, including setting allow and deny lists, customizing data loss protection rules, and setting policies by users, domains, and domain groups. SpamTitan also provides email encryption, helping to secure Office 365 emails and meeting compliance regulations.
SpamTitan is easy to manage and quick to deploy into the Office 365 environment. SpamTitan provides far more effective email filtering than the default Office 365 systems, while also offering more granular controls and policies than Microsoft allows. SpamTitan also provides backups for Office 365 mail servers to ensure business continuity. This means that if Office 365 is unavailable, users can continue to view incoming emails in a secure SpamTitan portal. SpamTitan also offers a strong range of outbound mail controls for Office 365. SpamTitan is popular with customers, who praise the service for its ease of deployment, cost-effective pricing, and high-quality technical support.
Libraesva Email Archiver is a solution designed for email governance, risk, and compliance management. It creates 1:1 copies of all emails in a central email archive to ensure the security and availability of a large volume of data over the years. The archiver seamlessly integrates with any mail server, including native integration with Office 365 and Microsoft Exchange. With its exclusive Outlook Add-In, which supports both Windows and Mac, users can easily access their archived email.
To ensure regulatory compliance, Libraesva Email Archiver offers quick complex and detailed searches, ensures data privacy and security by design, and provides certified time-stamping for each archived email. It also supports legal hold, email encryption (AES256), granular permission management, privacy officer management, auditing, and anti-tampering. As a solution designed for MSPs and ISPs, it is natively multi-tenant and has a complete API for full integration with various environments.
Libraesva Email Archiver is available as an on-premise virtual appliance for VMware or as a private cloud service compatible with Cloud Object Storage S3. It also offers native mailbox connectors for Microsoft Office 365 and Exchange, with privacy management compliant with GDPR regulations. The archiver’s Outlook Add-In and Web-App allow for seamless access to archived emails.
The archiver is compatible with multiple storage types, including local disks, network disks, and object storage (S3 compatible). It reproduces the folder structure of archived mailboxes or PST files in the archived email, ensuring an organized and user-friendly solution that makes it easy for businesses to safeguard their critical information with a high level of compliance and efficiency.
Avanan is a cloud-based email and application security solution that offers advanced protection against phishing, malware, and account compromise attacks. Avanan’s email security platform operates from within the email environment and is designed to work seamlessly with Office365 and Google Workspace (formerly GSuite), so users can deploy it via an Office 365 app, or configure it manually within a few minutes. Once deployed, Avanan analyses all communication via inbound, outbound, and internal email, as well as all connected Office 365 cloud applications like OneDrive and Teams, then secures them against advanced social engineering and data loss threats.
Avanan uses machine learning to analyze historical emails and learn each users’ communication patterns, enabling the platform to detect any signs of user impersonation and even the most current zero-day threats. It scans communications for over 300 indicators of account compromise, including domain, location, and time of sending, then flags suspicious emails to mitigate against BEC attacks. Avanan’s advanced threat-hunting capabilities detect malicious behavior in real-time across the entire network, including suspicious URLs and attachments, as well as internal messages sent via other cloud-based applications, such as Microsoft Teams. By sitting behind Office 365 in the mail flow, Avanan is able to train its AI on the sophisticated attacks that Microsoft misses.
The Avanan platform is quick and easy to deploy; users looking to configure the solution manually can do so within minutes, without having to change their MX records. Those looking specifically for Office 365 protection can also secure their business quickly and efficiently via the Office 365 app. We recommend Avanan as a strong solution for any sized organization looking for powerful threat detection and mitigation within an Office 365 email environment.
Cloudflare is one of the world’s biggest cybersecurity companies, protecting millions of users across thousands of companies globally. Originally known for their DDoS protection solutions to protect website domains against bot-attacks, Cloudflare has evolved into a comprehensive SASE (Secure Access Service Edge) platform, with a powerful email security solution available directly via the Cloudflare interface.
Cloudflare Area1 provides protection against sophisticated email threats, including phishing, email compromise, and credential theft. The platform is fully cloud-based and deploys via API for Microsoft 365 users; this reduces complexity and configuration time compared to legacy SEG solutions. The platform can also integrate with other security tools, including SIEM and SOAR platforms.
Key features of this solution include end-to-end phishing triage and response, insider threat detection, including email scanning inside the email inbox, post message delivery, comprehensive visibility into compromised accounts and domains, and brand impersonation protection. In addition, Cloudflare protects against suspicious and unknown weblinks (including phishing websites) via integration with Cloudflare’s Browser Isolation solution.
Cloudflare is a compelling option for protecting M365, particularly for current Cloudflare users. Malicious email content is automatically blocked and quarantined, while the platform leverages Cloudflare’s market leading threat intelligence and ML-based threat detection to provide effective protection against new and emerging email threats. The service is built on cloud-native architecture and so is fully scalable and closely integrated with M365. Cloudflare has built a solid position as a leading player in the email security space and is a strong vendor to consider when shortlisting email security solutions.
Microsoft Defender for Office 365 is Microsoft’s security platform built for enterprise customers on Office 365. Defender protects organizations against malicious email threats like phishing, malicious URLS, and collaboration tools. Defender is included in some Office 365 subscriptions such as the Enterprise E5 tier, and can also be purchased as an additional add-on solution.
Defender includes threat protection policies, reports and investigation, and response capabilities. Threat protection features include Safe Attachments to check email attachments for malicious content, and Safe Links, which provides time-of-click URL verification to prevent access to malicious web pages. Defender also includes anti-phishing protection. This module uses machine learning and impersonation detection algorithms to detect and block phishing attacks. Microsoft Defender can protect SharePoint, OneDrive, and Teams from malicious files, which not many third party solutions can do effectively.
Microsoft Defender is built for use with Office 365 and integrates seamlessly within this environment without requiring any configurations or new mail flow rules. There are two versions of Microsoft Defender for Office 365 available, a starter tier which includes threat protection policies, and an advanced tier which also includes automated investigation and response.
Mimecast are a global leader in cloud-based email security; they provide protection for over 40,000 organizations globally. Mimecast Integrated Cloud Email Security is a powerful solution, optimized for securing Microsoft 365. The service is deployed into M365 via an API integration, which does not rely on MX redirection. This allows it to scan email content directly within 365, before it reaches the users’ inbox.
Mimecast Integrated Cloud Email Security delivers powerful protection against sophisticated email threats, with threat detection capabilities to stop phishing, business email compromise, and credential theft. Mimecast offer a leading threat intelligence platform, inspecting over 1.3bn emails every day. The platform is easy to deploy, and simple for administrators, with minimal configuration required compared to the traditional SEG approach.
As Mimecast is deployed inside your email perimeter, it can also detect and remediate against internal threats and compromised accounts. The platform was designed to be used alongside Mimecast’s Security Awareness Training to protect users against sophisticated attacks such as spear-phishing and email fraud. Mimecast also offers mailbox-level compliant archiving of email data, with e-discovery support, legal hold, and Office 365 disaster recovery.
Mimecast also offer email encryption and DNS filtering as part of their single security solution. The platform offers Office 365 migration tools which can help to speed up and secure migration to the O365 platform. This automatically archives legacy emails and helps to ensure continuity in the case of network outages. Mimecast is a strong option to consider for teams looking for comprehensive O365 protection.
Proofpoint is a global leader in email security solutions, protecting over 100,00 businesses around the world. Proofpoint Essentials is a fully cloud-based secure email gateway, designed to protect small and medium-sized businesses using Office 365 from email threats. Proofpoint Essentials combines a powerful secure email gateway platform with email archiving, encryption, and data loss prevention.
Proofpoint offers multiple threat protection features to stop data breaches and email threats. Proofpoint uses multi-layered email security engines to prevent threats like spam, malware, and phishing attacks. This includes URL defense (Safe Links) to block malicious email links at time of click and anti-virus engines to stop ransomware attacks. Research from SE Labs shows Proofpoint Essentials has one of the highest threat total accuracy ratings of all the market leading email security vendors.
Proofpoint Essentials is very easy to deploy with Office 365. Essentials is deployed between the Office 365 environment and the internet, sitting in front of your Office 365 tenant. Routing mail to Office 365 requires changing your MX records. Because Essentials sits in front of Office 365, all emails are scanned to ensure they are safe. Infected and spam emails are automatically quarantined. Outbound emails are also routed via Proofpoint thus allowing data leakage (DLP) rules to be easily applied to stop confidential information being emailed out.
Proofpoint has recently upgraded the features of its Proofpoint Essentials product to provide users with more advanced protection. The new features include improved BEC defense capabilities with the introduction of Supernova detection engine. Email warning tags can now be added to flag suspicious emails in user’s inboxes. One-click message removal makes it easier to remove malicious emails once they have entered a user’s inbox. Proofpoint now provides predictive URL defense technology – this uses predictive analysis to prioritize the sandboxing of the riskiest URLs. These features are included in Proofpoint’s Business+, Advanced+, and Professional+ packages.
Proofpoint can be configured to allow end users to access their own quarantine, email archive, and manage their allow/deny lists, which helps to save IT departments time.
FAQs
What Are The Risks Facing Your Email Account?
Email is a very effective means of reaching to people all over the world who you may or may not know. While this is very useful, it also poses a significant security risk. You may think that you know who you are in contact with, but how can you be sure? Some of the most common threats to your email inbox include:
- Email spoofing uses emails that appear to be legitimate, but are, in fact, fake. As these emails look legitimate, users may be tricked into giving up sensitive data, or transferring money to the attackers.
- Links or downloads attached to emails may look innocent but may actually contain malware or viruses. These are short pieces of code that can wreak havoc on your device when activated. Ransomware, for instance, will lock your important documents until you pay the attackers a ransom fee.
- Whaling is another form of email borne attack. This is a type of phishing that specifically targets high ranking executives within an organization who have power over billing and can unknowingly send money to the attackers.
How Do Email Security Solutions Work?
Email security solutions will work in several ways to mitigate the threats facing your organization.
- Most email security solutions will be built around a filtering tool. This will use pre-set policies to block, in bulk, unwanted emails. Many solutions will also be linked to a database of known malware threats. If they identify any evidence that matches a known malware, it can quickly be deleted.
- Some email solutions will use behavioral analysis to ensure that a user is behaving in a consistent way. If a user is behaving abnormally, it might suggest that their account is compromised.
- Email security solutions may also have outbound features. These will decrease the chances of you sending sensitive information to the wrong user. Data loss prevention tools will be a part of this. Some solutions may allow you to encrypt mail before it gets sent.
How Does Office 365 Email Protection Work?
Email security tools for Microsoft 365 protect email accounts, content, attachments, and users against malicious activity, compromise, or breach. There are three commonly used approaches to implementing email security for Office 365.
First is by using Microsoft’s own internal protection: Microsoft Defender for Office 365. This is a native email security service which sits on top of the default email security included with Microsoft 365 (Exchange Online Protection) and provides enhanced protection against zero-day malware, phishing attacks, and business email compromises by placing warning banners on email content and automatically removing harmful email messages.
Second is by deploying a physical or cloud-based secure email gateway. These services monitor all incoming and outbound email traffic to remove spam and malware, using rule-based controls to prevent delivery of harmful email content. This is deployed via redirecting mail exchange (MX records) to point email towards the security service for filtering before deployment.
The third kind of email security method for Microsoft 365 is a category of “integrated cloud email security” (ICES) solutions. These cloud-native email security services deploy via API connection directly into the Microsoft 365 environment, enabling them to scan internal email content in real-time to detect compromised email accounts, phishing-threats, malicious links, and attachments.
The best method of Office 365 email protection will depend on your specific organizational use cases and risks. SEGs are the best approach to stop malware and harmful email content, while cloud email security services can help to prevent sophisticated phishing threats that may evade the rule based controls of SEG solutions.
