Is this a study or advertising from Mimecast?
Inhouse email filters still miss millions of attacks – including malware attachments, impersonation and malicious links – the latest quarterly stats from cloud provider Mimecast have found. The company used its Email Security Risk Assessment (ESRA) tool to assess the efficiency of email security in use by 37 organisations …
I agree, but we do use them.
We had our own, in house, non-exchange email system that was good at spotting a lot of problems ... but it was over cautious. we blocked pretty much all mime-types that might contain infections, we used checksum remote servers, virus checkers, keyword lookup ... everything that we possibly could ...
then we were bought out, and the new company wanted to use Outlook, no choice in the matter this was coming from the new directors, and not for any technical reason.
We moved to Office 365, which has sh*t detection, no email recovery options and everything that is rejected is basically "black box", you have no idea why it was rejected.
thank god(s) that we had the possibility of Mimecast, it pretty much puts back all the stuff I had in my home-grown system, with the addition of sandboxing (which I think is an awesome addition) ...
yeah it costs, yeah the old version was essentially free, but when you're going after a sh*t product to do email, for no sensible technical reason, and you're willing to pay an arm and a leg for it, you may as well pay these guys to do what they do well.
"[...] Office 365, [...]"
The "demon.co.uk" Office 365 mail service puts some emails in the "Junk" folder on IMAP.
It tends to accumulate emails generated by a form on my web site for users to submit names for faces on photographs. No attachments - but the subject line is usually the same as it indicates the photograph they are referencing. The content has a fixed format but the data content will differ in several named fields.
A local government (1+ million residents) switched to Orifice 365 from in-house Exchange with a third-party spam/malware detection product to native Microsoft. Over a year later they are still battling up to a hundred-fold increase in the amount of spam and bad stuff.
We've reported several account takeovers to their staff that resulted in us receiving phishes, stuff where X-Originating-IP showed non-English speaking foreign countries as the source. Amazingly, it seems Orifice 365 has no concept of geo-blocking. (And politicians cannot be inconvenienced by 2-factor).
We also stopped receiving emails from them for a few weeks because all of their US-to-US emails were suddenly being routed through Austria and we do geo-block. It seems you need to shovel more money at Microsoft to gain control over how your email is routed and they did not do that and won't. They actually gave a presentation on their experiences with the move at a security conference.
We have a list of banned email attachments that we manage ourselves on the non-Microsoft Internet SMTP gateways before passing them to Exchange. It's well over a hundred file extensions long and we still add to it. The most frequent additions were .wix and .iqy
... and we should be perfectly fine about routing email message through third party systems for processing and storage?
Many email message contains sensitive data, and some should really never leave systems under full company control, especially if not encrypted before leaving the systems, and with no way for the storage system to ever decrypt them.
We use Mimecast as the first layer of email security and then we use a hosted exchange for our email, all I can say is thank god the hosted email system has spam & virus filtering as mimecast still let cr4p through.
Even our end point security has to grab the last scrags of vermin ware that have made it through all the filtering.
Multi layered approach is the only way and still beat sorry train end users to be vigilant.
I'm currently a Mimecast customer having been a MessageLabs customer until 2012.
Back when I signed up the spam filtering and so on with Mimecast was second to none. Now though it's very average. Yes, they've got all sorts of very clever stuff but they've taken their eye off the ball when it comes to stopping spam.
As an example, I'm currently running a PowerShell script against our Office 365 tenant to delete a bulk email containing a malicious excel spreadsheet. Mimecast allowed the file though.
The sandboxing is a great idea but we still get malicious stuff coming through (which Office 365 usually blocks) and each time I raise a ticket with them I get a wolly, meaningless response.
Same goes for the URL protection. It's a great idea but I often see very obviously malicious sites being deemed OK. Again, I get a wolly, meaningless response from support.
They've grown too fast too and for quite a while didn't have enough people in the support teams so I was having to escalate every single ticket because otherwise it'd just sit in the queue for in excess of a week.
It was the market leader (in my opinion) by quite some margin but now, I'm not so sure.
As much as this is an advertisement for Mimecast, the title of the article is true. It's not that ProofPoint or O365 can't block things...OK, O365 can't, but it's more about how people have their filters setup. Companies just do a poor job of filtering in fear of missing that 'critical email' they might get.
Biting the hand that feeds IT © 1998–2019