We see a variety of attack vectors at work when it comes to inbound e-mail.
One cannot discount the social engineering aspect that the bad guys utilize to get someone to click on a link. This type of vector can only be exercised out of users by extensive training: “Don’t click on any unknown links!”
Here are some thoughts on why having an external Cloud based service sanitize e-mail _before_ it gets to the edge device:
- Attack vector via SMTP authorization attacks. To eliminate this vector we employ SMTP filters on all Cisco SA520 security appliances to only allow ExchangeDefender’s subnets inbound.
- No SMTP service access means no more authorization attempts.
- E-mail is archived on the Cloud services for one year (or more if needed).
- Access to archived e-mail can be had from virtually anywhere.
- E-mail can be read and/or replied to via LiveArchive Outlook Web App access.
- If the in-house server is down for whatever reason folks can keep working with their e-mail.
- Outbound e-mail can be encrypted end-to-end.
- From in-house Exchange via TLS to ExchangeDefender.
- [Encrypt] tag in the Subject means that the recipient will need to click on a link that takes them to the ExchangeDefender Encryption site to log on (password and PIN would be set up if the first time).
- ExchangeDefender sends daily reports.
- Can be mid-day and first thing too for folks with more e-mail volume.
- Online portal provides the ability to whitelist addresses and e-mail domains.
- Manage all spam types via both the report and online management portal.
The small monthly cost for the ExchangeDefender service is minor relative to what our clients gain in the way of e-mail security, sanitation, and continuity.
We have had great success with ExchangeDefender and OWN so we do not plan on switching to other vendor’s Cloud security products at this time.
- ExchangeDefender Network Operations Blog
- ExchangeDefender NOC Twitter Account
Yes, we have seen some issues with the service in the years since we signed up and started reselling their services. But, on the grand scale of things their service and support team have been second to none on communicating with us whenever we have had a question or there was indeed a problem.
After the last NOC based outage in Dallas the OWN team committed to restructuring their redundancy between LA and Dallas to allow for a failover to happen if one of the NOCs experienced some form of outage. So far they have been following through on their commitment to implement these changes.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book