Why Microsoft Email Security Benefits from a Layered Approach

The best secure email gateways mimic the tried and true "defense in depth" cybersecurity strategy by using a layered approach, including advanced features that make effective use of AI.

The results are compelling, especially when two email security tools are used together, such as employing an additional secure email gateway to augment Microsoft Defender for Office 365 email security.

It's tempting to rely solely on the security tools Microsoft offers to detect spam, malware, phishing, and other email threats, especially for organizations under the E5 license that includes such offerings. But tests show the combination of layering MailMarshal on top of Microsoft M365 (E3 or E5) reduces email-based threats within your environment by more than 99%. (Read more about the benefits of using MailMarshal with Microsoft 365).

Microsoft is the de facto standard for email and collaboration tools, which makes those tools a primary target for threat actors trying to trick unsuspecting users into revealing their credentials. And all it takes is a single success to cause a major breach across your business.

Next-Gen Email Security Features

A layered approach to security, combined with the strategic use of AI, can help companies fight back.

At a minimum, any secure email solution should include technologies including:

• Proprietary phishing and business email compromise (BEC) protection layers.
• Checking the IP reputation of a sender, such as by using a third-party reputation service that lists email servers associated with spamming, open relays, and other nefarious behavior.
• Checking each email against a database of signatures of reported spam based on a combination of factors, including user reports and source reputation.
• SPF, SKIM and DMARC configurations.
• Multiple anti-virus engines.
• Ability to detect both known and zero-day threats.
• Sandboxing.
• Email policy settings.

Consider those features table stakes. More advanced secure email gateways will include protections that employ AI and machine learning (ML) capabilities.

Trustwave MailMarshal, for example, employs multiple AI/ML engines for varying purposes. Its image analyzer feature, for example, uses AI algorithms to interpret visual content and detect patterns that indicate threats, including malicious QR codes, or quishing. MailMarshal's sandboxing capability employs AI algorithms to recognize patterns and anomalies to identify malware threats that may not be evident through traditional signature-based methods.

MailMarshal also employs PageML , a Trustwave-developed URL scanning system that combines machine learning (ML), deep learning, and human-made heuristic rule elements to identify suspicious URLs and webpages. In short, PageML goes further than tools that rely solely on reputational checks to identify suspicious URLs and web pages, helping protect clients against the unknown.

M365 + MailMarshal: Defense in Depth

Combining the proprietary defense filters in Trustwave MailMarshal with the built-in security protections in Microsoft 365 and Microsoft email security delivers unprecedented detection.

Trustwave conducted tests with an organization of some 3,000 full-time employees that collectively receive about 100,000 emails per day, or around 36.5 million per year. The organization's Microsoft E5 Defender for Office tool missed 618 threats (malware, phishing and BEC) over the span of a year. However, MailMarshal caught all but six of the threats that Microsoft missed. That means layering MailMarshal on top of Microsoft security reduced the threat risk by more than 99%.

It takes only a single threat to cause real damage, so even a slight percentage increase in threats caught can be significant. Given that, the kind of threat reduction achieved by layering MailMarshal on top of Microsoft email security tools is substantial, making for a compelling business case.

MailMarshal has been delivering this kind of success for 25 years, during which time not a single client has reported a ransomware infection or major incident.

Learn more about MailMarshal and how its layered approach can help protect your organization from email-borne threats.