sunhux
asked on
Ways to enhance Exchange Online defenses
Q1:
If we don't subscribe to among the lowest-end O356 Exchange Online,
how can we further secure our email defenses (if we don't purchase
filtering tools like IronPort & Proofpoint)?
Q2:
I've heard in Postfix forum that they link Postfix server to SpamHaus,
CBL (pls suggest more free Site Reputation services for emails): can
Exchange Online implement this? Can we integrate with Virustotal?
Q3:
Based on threat intels we get, can we add the hashes into our NIDS
CHeckpoint (assuming email payloads pass through it or in practice
people don't do this?) or Exchange Online??
Q4:
Will hardening our Outlook client, MS Office, Pdf reader (& all the
'Mobile Codes' softwares) help?
If we don't subscribe to among the lowest-end O356 Exchange Online,
how can we further secure our email defenses (if we don't purchase
filtering tools like IronPort & Proofpoint)?
Q2:
I've heard in Postfix forum that they link Postfix server to SpamHaus,
CBL (pls suggest more free Site Reputation services for emails): can
Exchange Online implement this? Can we integrate with Virustotal?
Q3:
Based on threat intels we get, can we add the hashes into our NIDS
CHeckpoint (assuming email payloads pass through it or in practice
people don't do this?) or Exchange Online??
Q4:
Will hardening our Outlook client, MS Office, Pdf reader (& all the
'Mobile Codes' softwares) help?
you don't want to engage with Exchange Online Protection?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There's some Exchange Online Protection but we are not subscribing to higher service,
I heard.
I heard there are 5 level of Exchange Online & to enjoy the sandboxing feature protection,
need to subscribe to E5? Heard from a colleague we're somewhere from the 2nd lowest:
does this has SpamHaus (& other Bad Reputation ) integrated?
We still get malicious emails (with bad attachments) that come in, so exploring how we
can further enhance this.
Q5:
attachment 1 is how the Dashboard logon screen looks like: I'm trying to figure how to
check for "Source IP" of incoming emails as well as query for specific "subject heading",
senders/recipients & their domains which Proofpoint dashboard allows me to do.
Q6:
attachment 2 is the option granted to the IT Security admin: with these options, can the
IT Security admin read users' emails (including those blocked ones)?
ExchOnlin.JPG
ExchOnlinOptions2.jpg
I heard.
I heard there are 5 level of Exchange Online & to enjoy the sandboxing feature protection,
need to subscribe to E5? Heard from a colleague we're somewhere from the 2nd lowest:
does this has SpamHaus (& other Bad Reputation ) integrated?
We still get malicious emails (with bad attachments) that come in, so exploring how we
can further enhance this.
Q5:
attachment 1 is how the Dashboard logon screen looks like: I'm trying to figure how to
check for "Source IP" of incoming emails as well as query for specific "subject heading",
senders/recipients & their domains which Proofpoint dashboard allows me to do.
Q6:
attachment 2 is the option granted to the IT Security admin: with these options, can the
IT Security admin read users' emails (including those blocked ones)?
ExchOnlin.JPG
ExchOnlinOptions2.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I recall in one MS presentation that if we want to deploy Proofpoint
or our own NIDS, O365's security will not come into play.
>Q5.
>Microsoft hasn't exposed those in API or report
It's a pity, as blocking by known source IP range has been effective
in Proofpoint (from past organization) to filter out malicious emails;
does Exchange Online offer us a feature to block by source IP?
Users may forward the malicious emails for us to inspect & we can
then see the source IP in the email header from Outlook.
Would it be less costly to just upgrade to ATP (E5) instead of placing
a Proofpoint in O365 (which an MS rep told us can be done but it
renders Exchange Online's Protection irrelevant)?
or our own NIDS, O365's security will not come into play.
>Q5.
>Microsoft hasn't exposed those in API or report
It's a pity, as blocking by known source IP range has been effective
in Proofpoint (from past organization) to filter out malicious emails;
does Exchange Online offer us a feature to block by source IP?
Users may forward the malicious emails for us to inspect & we can
then see the source IP in the email header from Outlook.
Would it be less costly to just upgrade to ATP (E5) instead of placing
a Proofpoint in O365 (which an MS rep told us can be done but it
renders Exchange Online's Protection irrelevant)?
ASKER
>does Exchange Online offer us a feature to block by source IP?
If it does, can share the steps to do this blocking? Just needed something
to enhance our emails' defense
If it does, can share the steps to do this blocking? Just needed something
to enhance our emails' defense
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.