ExchangeDefender OAuth Support for Google and Microsoft Authenticators
ExchangeDefender is proud to announce the successful rollout of the first phase of our OAUTH implementation across three of our major products: ExchangeDefender Mail Security (Admin Portal), Encryption and WebShare. Originally, our rollout was planned to be a massive shotgun change across all services which would have required users to reset their passwords, but users had to be aware of their current password. In December, we started to log and analyze the entry points users took into the application and found that a majority of users relied on “one-click” login methods like quarantine reports to access their portal and would then jump to other services like Encryption via the “quick links.” Armed with the aggregated analysis, we realized our previous deployment strategy would unfortunately lead to many users being unable to access their services as many users were never aware of their password, thus putting an additional strain on our partners. However, we also know that the current security method was not sustainable for the future.
Enter: Deployment 2.0.
We knew our login system had to be smarter, safer, but also flexible. We knew we needed to rethink a lot of our auxiliary entry points (like quarantine reports) as well as our main entry points to work together in tandem, instead of hard cutovers or independent, one off operations. For example, we needed to continue to allow the legacy password hashing style to be accepted during login, but in-line upgraded to our new hashing algorithm. There were a lot of technical difficulties to overcome as each product maintained its own login page (which many users would save in their browser credential store) and in some instances, had additional security features that do not exist in other products (such as IP restrictions and 2FA in admin, but not encryption or Webshare).
Even more complicated than individual service login logic, some services maintained a list of users who are external entities to the end user’s organization (think Webshare or encryption recipients), and in most cases, these external recipients aren’t in the ExchangeDefender eco system. Ultimately, we decided to allow ExchangeDefender users to continue using each service’s independent login screens for a few weeks before disabling the legacy functionality and hinting to users to click the OAUTH login button “Login with ExchangeDefender” (or even “Login with Google” or “Login with Microsoft” more details below).
Originally, our plan involved redirecting all users to the new login server, which unfortunately would be the Achilles heal of those users who relied on their browser credential store. Ultimately, we landed on a hybrid approach, using the flexibility of using different OAUTH grant styles depending on the application.
The Deployment Timeline
Feb 19th: Activate the new login system for Encryption and Webshare
Feb 21st: Activate the new login system for Admin
Feb 26th: Activate the new centralized navigation headers
Feb 27th: Activate “Login with ExchangeDefender/Google/Microsoft” button to Admin, Encryption and Webshare. Add warning notification to users about the incoming login changes.
Mar 6th: Disable legacy password grant from services, enforce “Login with ExchangeDefender” when a user attempts to login with a username and password on each services page.
Throughout the remaining quarters of 2021, we will continue to integrate the rest of our services into the new login system, including support.ExchangeDefender.com, Compliance Archive, LiveArchive. Time permitted, we also plan on releasing a few tools to improve end user experience such as our Outlook/OWA plugin, built from the ground up to manage quarantine and user whitelists.
New Features to Expect
1 – Integration with Google and Microsoft OAUTH: Users are now able to utilize Google and/or Microsoft as their login provider. Authenticated users will now see buttons to link their Google or Microsoft identity to their ExchangeDefender account. Once linked, users can utilize the “Login with Google” or “Login with Microsoft” buttons instead of inputting their ExchangeDefender credentials to login.
2 – Improved 2FA integration: Users are now able to integrate 2FA applications like Google Authenticator or Authy. To setup 2FA users should login to admin.exchangedefender.com and navigate to the Settings for their account. Please keep in mind that the enforcement of 2FA logins (when enabled by the user) will come with the March 6th deployment. We strongly encourage users to set up 2FA before the full activation of our new login system.
3 – Trusted Devices: Coupled with 2FA, users can elect to mark a device they’re logging in with as a trusted device. Once a device is marked trusted, subsequent logins using the same device will not be prompted for 2FA again for 3 months.
4 – Improved Remember Me: On our login server we improved the remember me functionality to allow users to remain authenticated for 7 days if selected during login.
5 – Login to one, access to all: Users who now login to admin, encryption or webshare will inherently be authenticated to all other services using the new login method. This list will grow as we continue integrating services into the new login system.
6 – Centralized Navigation: Users will see a consistent navigation system across all products utilizing the new login system. More importantly, navigation to other products is streamlined and consistent.
7 – External Integrations: While redesigning the login system, we also elected to start centralizing API endpoints in anticipation of allowing partners and external providers to design their own tools and solutions, backed by ExchangeDefender.
Mid-pandemic, resilience is key to business survival
It is crucial for business to reimagine both the labor force and work strategy to be resilient. This include the ability to be flexible, adapt, and respond to change. SMB’s best survival chance is to evolve, execute intentional actions and focus on Resilience being in the forefront.
Adapting the tradition
Traditionally, Efficiency has been a primary focus in most organizations. The pandemic has caused a shift in the way businesses play out their day to day. The primary focus is/was to get the job done faster with inflexible processes that enabled agents to work more competently.
This is not to say efficiency is no longer required but merely has traded places with resiliency. Frankly, corporations must now ensure assets, employees, and their workload are ready to constantly shift with ongoing changes.
Resilience is key
Resilience can be defined as the ability to bounce back after life’s challenges. Businesses who are more resilient have learned to move past obstacles in a healthy way. Resilient people learn and know how to weather the storms that come along in life. They are aware of difficult conditions, can interpret the situation and make sound decisions on what needs to be done.
On the road to resilience – at the onset of the pandemic, companies primarily hoped for the best. They struggle to keep operations running, and are having to furlough or lay off laborers. The main focus at this point for business is financial survival, as COVID-19 continues to devastate our ‘business as usual’.
Well-fed and well-led employees
Companies aggressively protected workers, workplaces, and customers from infections. Also implemented practices to address the core needs of safety and well-being. They focused on being supportive to employees and their families. Cultivated employees to work smarter, by developing new skills and cross-training with other departments thus increasing productivity.
Time to Pivot
SMB’s have accepted, due to the ever-changing market that change is inevitable. Organizations reinvented the hiring process, job design, performance management and pay to coincide with the new operating model. Pivoting toward new markets, services or goods is a great way to build on the foundation a business already has, expands revenue, and brings more income to the organization.
ExchangeDefender provides email security, compliance, and email continuity solutions for small business. To explore our solutions, click here.
The best antivirus software for small business
There are tons of Antivirus software to choose from and finding the right solution for your business can be complicated. ExchangeDefender can help in assisting SMBs to make the right decision.
What makes a good Antivirus?
Any Anti-virus will do just that, to some degree, that is to fights viruses and other malicious software. Maintaining your personal identification and safeguarding your privacy goes well beyond standard virus protection. SMB’s must understand the difference between an average antivirus protection and outstanding antivirus protection. Don’t rely on just the antivirus that’s built-in to your computer applications.
The difference between good and GREAT
What makes a great Antivirus? A multithread and multi-layered protection approach scanning incoming data. Remember extra, matters – especially if they are within budget.
A few must-haves when selecting Antivirus protection:
- Real-time Protection against viruses, trojans, malware, spyware, and adware.
- Cloud based, User control, Firewall protection
- An Antivirus that works well with others, i.e., MaC, iPhone, and Android
- Attachment blocking and attachment policy management
- Stops identity theft by blocking phishing attempts
This is where ExchangeDefender comes in with our top-selling advanced security suite known as ExchangeDefender PRO. ExchangeDefender possesses enterprise-grade email security suite offering multi-level protection against email-borne attacks. It not only provides exceptional virus protection, but also, phishing, spoofing, attachment blocking, Fraud prevention and so much more.
Our commercial antivirus engines use up to six antivirus engines to scan each incoming message
Cyber attacks continue to rise in 2021
Cyberattacks are here to stay and data breaches are on the rise as we come into the new year, affecting business owners with financial loss, brand damage, and legal ramifications. It is imperative for businesses of all sizes to prevent data breaches. ExchangeDefender’s high Throttled Malware & Trojan Control – has a built-in identification system that tracks the message & attachment MD5 checksums and responds by temporarily delaying messages that match the bulk-mail criteria.
Malware Attachment Filtering & Sanitation is a must – The days of text-only SPAM are long gone. Today SPAM is distributed as a PDF, zip file, image, even an audio file! At the same time, we use our email as more of a file sharing mechanism than a communications platform. Subsequently, it is essential to understand the attachment type and what type of a threat it poses. ExchangeDefender analyzes attachments on multiple layers, using checks for file names, file types, MIME headers and archives to properly protect you from all dangerous content.
From a business perspective, your brand reputation could be on the line, a solid Anti-virus software service would prove essential to protect your company’s, files, systems, and sensitive data.
To learn more about ExchangeDefender’s advanced email security suite,
please click here.
Cybersecurity challenges facing our nation in 2021
The 2020 Covid-19 pandemic and recent presidential election turmoil notwithstanding, cybersecurity remains one of the most non-political, bi-partisan challenges facing our nation in 2021. It doesn’t matter if you are a government organization or a private sector company, a non-profit or a for-profit, a Fortune 500 or an unfortunate 5000, everyone is being challenged daily to deal with the fervent bombardment of cybersecurity attacks on governments, businesses, and ordinary people.
While we’ve been on the cyber-defensive with nation-state, and high level cyber-criminals for decades, the executive branch of the federal government’s response has wobbled, staggered, and lurched in spastic fits that has essentially paralyzed any consistent national direction.
Most critical of all, there has been no clear guidance to the nation on exactly what is the federal government’s role in cybersecurity. Twenty years ago, dealing with foreign attacks were the sole responsibility of the federal government. Today, every private sector company, big and small, and every government organization—federal, state and local—find themselves outmatched and under-resourced in an unfair battle defending themselves against nations and organizations with far more dedicated assets.
As overwhelming as these new trends may be, there are steps to mitigate some of the financial challenges SMB’s are facing. Companies can invest in an affordable email protection in conjunction with sound business practices without breaking the bank.
Cybersecurity tips for 2021
Try reducing your organizations reliance solely on passwords and add Multi-factor authentication to ensure only authorized users gain access. Introduce technical security solutions with the use of “throttling” or account lock outs. Ensure that all corporate web applications require authentication use HTTPS. Enlist a password management software, such a WRKOO or other secure storage. Implement a disaster recovery plan that includes email continuity. ExchangeDefender offers Email outage protection that is flexible to fit you company’s needs. The service is quick and easy to setup. There are no software installations, and no manual switches. The easy part is that there is no management or maintenance required. ExchangeDefender’s Live Archive solution is designed to keep your organization in business whenever a disaster strikes. It provides continuous email communications regardless of internal network outages. Our service helps businesses preserve their brand and reputation while ensuring a reliable email continuity plan.