Upcoming Service Changes
We have some cool new stuff going live before New Years that you need to be aware of. It’s been a very busy season for every elf in the workshop so we’re taking some time off after Christmas, please read below I promise it’s important.
Encryption
This service continues to be our focus as we bring up massive changes to UI across the product line and Compliance stuff in general for one simple reason – it’s in heaviest demand. If you aren’t building a business on it, we should talk. In the meantime, we have a huge facelift to the Encryption Notifications.
Now I don’t know about you but our old encrypted mail notifications looked more like a Nigerian Prince scam than legitimate business notifications. We now have beautiful HTML/txt email notifications for the entire notification chain and of course your colors and your logo will be front and center. After the ExchangeDefender UI upgrade is complete, this branding will be customizable down to the domain-level so that recipients can identify the organization directly instead of the MSP/VAR/reseller. Mobile looks pretty good too.
We have some new stuff happening with reporting, audit and log control that’s coming to the Compliance Officer section of ExchangeDefender launching in early 2018. If you have any feature requests, we’d love to hear them.
P.S. We know, we know, you want to send attachments through portal replies. It’s in the works. In the meantime, Web File Sharing does this stuff safely, securely and with a ton more compliance flexibility.
Fake / Vanity / Service Accounts
If you have fake, vanity, group, service, dog and generally non-person accounts in our support portal, they will be suspended next week.
We’ve announced this change several times this year and it’s going live next Wednesday. The reason is long and boring but it showed up in our numerous audits that looked at the our change control, service order and change mechanisms… and long story short, we nearly flunked it because you cannot have unidentified personnel change control of service records. Ooops.
Now I know, I know, I hear you… “But Vlad, business case scenario, my techs all need to see the upda..” – I know. And we have already solved that problem. If you have an engineering team that works as a group and all of them need to get updates when one person makes a change or request, we have a policy driven system in place to handle notifications. If you go to your company and edit company details you will see the following at the bottom:
Put any email, distribution list, PF address, etc there and every update, order, notification or (insert reason for having a vanity account) will be copied automatically. You can also check the box if you don’t want admin-level updates being sent to the group account. If you do, you will see a new checkbox on every ticket update (Admin CC) that will allow you to manually forward ticket updates for that specific ticket to your group.
Chat
While I have you on that page disabling vanity accounts (click on your profile and write down your PIN somewhere), we are going a step further in terms of support. As I mentioned on many webinars this year, our product and our service is going to get a lot more chatty and user-oriented. No, we’re not going direct or trying to cut you out of the food chain but the reality is that in order for us (and you) to be more valuable to our clients we need to communicate faster to our users when there are issues. Hence the changes to support, additional services for support handling, more features for notifications and upgrades to all the UIs and so on. One new addition that is already live is our public chat – it’s available on every page at ExchangeDefender.com in the lower right hand corner.
Tapping this button will launch a live chat and my entire company (myself included) is available on it and can be pulled in on demand. If you use your email address AND your PIN, my staff will be able to help you as if you were logged into the support system and opening a ticket. They won’t make service changes for you (see above about SOC1 & SOC2 audits) but everything else will be the same as opening a ticket.
Google Suite / Gmail Compliance Archiving..
Finally, yes we’re now providing Compliance Archiving for people on the Google business mail platform. We’ve tested and certified on the Google G Suite Business Solution ($10 and up, it should also work with the $5 one)
Reoccuring Invoices
Finally, a bit of a bugfix (with some additional functionality) that should help with billing. Many of you use our Shockey Monkey platform to manage accounts, users and to do reoccuring billing. After the system upgrade to PHP7 our infrastructure for reoccuring invoicing didn’t allow for changes to reoccuring invoices (oops) so we’ve had to go back and not just fix the issue but add more flexibility to it. Here is the new look:
The new Last Time Generated field allows you to reset the clock so to speak and rerun any invoices you may have skipped. This is very much a temporary fix but we’ve had a lot of good feedback from folks that aren’t on top of their billing that this new feature helps solve those problems so it’s staying. Lot’s of new stuff on the SM front in 2018.
2017
We hope you had a great one. For us, it’s been a rather arduous rebuilding year that has seen us make massive upgrades to our infrastructure, redesign of our data centers, upgrades to backoffice stuff, dropping a lot of vendors that weren’t up to the challenge and while I wouldn’t wish this kind of workload on any of you, I’m really in love with what we’ve been able to do this year and all the opportunities it now opens for us and for our partners. While losing some flexibility has certainly cost us some business, it has brought a lot of predictability and stability across the board. While outright replacing a lot of gear and subsystems was really painful, everything that we’ve redone has reduced our problems and issues to a nil. And while all of this has been rough at times, sticking with the process, standards, audits and the way we run the business has brought a new level of resilience and optimism that I haven’t seen here in a long time. I don’t recommend it, but the results are incredible.
With that, I’m confident that everything we have in the works now will make everyone we serve far better off in 2018. Next few years are going to be amazing as we bridge that gap between the old world of email, compliance and encryption with the new world of on-demand service and realtime communications.
New Corporate Encryption
It has been a while since we’ve upgraded the ExchangeDefender UI but as you’ve seen with our other products and services, we’ve got something big coming over the next quarter: redo of all of our web interfaces to be more responsive and more useful. We’re starting with Encryption simply because it’s our most popular service. Allow me to unpack this upgrade as it’s a lot more comprehensive than it seems.
First thing you’ll notice is that ExchangeDefender will begin integration with 2FA/OTP for an additional layer of security. Two factor authentication, one time / disposable passwords, security tokens and so forth allow the users to login and use the service only if they have their password as well as a company issues OTP device. If your users tend to use the same password on multiple sites or like weak passwords that they never change please give us a call and let us set you up with a device.
On the exact opposite spectrum of concern, there are recipients of encrypted messages that generally don’t want to provide their email, name, etc or fill out long forms. For sites that interact with third party recipients (Encryption, Web File Sharing, Local Cloud, etc) we’ll now allow social media authentication as a login.
Inside the product itself you will find a fully functional email client with a responsive interface that quickly loads data without page refresh or long delays.
Since we have so many clients that actually live inside these interfaces and do bulk of their work there, we even have a lighter mode that hides a lot of the navigation and branding and helps you preserve some screen real estate.
We’ve made massive improvements to the functionality of the product as well. With so many of our encryption clients (and corporate clients) demanding a more functional email experience we’ve decided to eliminate Outlook and Gmail from the equation entirely. With the new encryption product you’ll be able to send emails, attachments, respond, forward messages and print from the site directly.
All these features are coming next week but we’re far from over: our Enterprise Encryption is getting a massive facelift as well. You’ll soon be able to create a full Compliance and Policy manager role that will be able to inspect and report on what is going through the encryption system. You’ll also be able to create specific encryption policies that will help route messages within the organization for manager approval, HR screening (man-in-the-middle role), content traps and much more very soon.
We hope you like it.. because it’s coming to the entire ExchangeDefender / Shockey Monkey universe. Our more ambitious goal is to build an entire application suite where organizations can more effectively manage their mail flow securely but also turn it into an actionable and accountable platform that doesn’t obsess with “inbox zero” and anxiety over email overload. The future looks bright.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
Remaining Relevant In Email Security
Sometimes perspective matters. Allow me to offer you mine as the CEO of ExchangeDefender.
Last week we held a huge webinar to announce the biggest addition to our business in over a decade. One that will see our business grow exponentially over the next few years. The response from the people that have attended the webinar has been fantastic. But if we’re being honest, we had more partners apologize for not being able to attend the webinar and ask for the recording than we had in attendance for the webinar. As always, we provide a direct link to it a few days after the event but this time we did something different.
Recognizing that our partners are swamped and busy running their business, we went a few extra steps. We called every single attendee that came to the webinar. Less than 5% answered the phone or returned the voicemail. We shot a quick 5 minute video to summarize the content of the webinar for people that are too busy. We created flyers.
Today I wrote up a bullet list summary of our webinar, again for everyone’s convenience, but I buried the big announcement as a single line bullet point half the way through the writeup and asked the marketing department to use half the newsletter to highlight our marketing and advertising efforts.
Why?
I have no doubt our new support service will be a smash hit. In fact, we’ve already been overwhelmed with the response to it. Not only will it make partners that offer these services instantly more profitable (because we’re doing the work) but it will open up a marketplace for partners that didn’t have an expertise in email security, compliance, encryption and other “real business concerns” a venue to provide the service now that someone else is going to stand behind it. I’m not worried about us, we’re doing great.
I am, however, worried about many of you. I totally understand not being able to get to a webinar, an hour is too much to ask. But if you can’t answer the phone or return a voicemail.. what are you doing to give yourself a chance to grow a business? If you’re too busy to answer the phone or see what the vendor you already work with can do to make you more effective and profitable, how are you going to implement and promote those solutions that are designed to help you? If you’re too busy with work to actually improve your work and to make it profitable, then how do you grow? How do you improve your odds to survive and thrive in an environment where big players are working tirelessly to eliminate and displace you? How do you learn about delivering the new services clients need and how do you talk to them before someone else reaches them?
We owe our business to our partners. Loyalty is a pretty big thing for me personally because I’m here thanks to the thousands of people that chose to trust us. Our business responsibility is to have your best interest in mind.
And with that, I wanted to highlight marketing. The IT world is changing and the concerns businesses face with their technology are going beyond uptime and reliability. I have assembled a great team at ExchangeDefender not just to help you deliver these services but to educate you and to help you promote that service to the business community you serve. Helping you double profits on our services next year is a short term goal. Making sure you remain relevant, profitable and successful 3-5 years from now – that’s where my mind is at.
-Vlad
P.S. I don’t mean to criticize anyone; I understand the time is scarce and you have a million webinars, phone calls, emails, voicemails and social media notifications. You know best how to spend your time and the last thing on my mind is trying to offend or guilt you about not attending the webinar – if you read this that way I apologize and I hope you give it another shot. Truth is, we track this stuff: partners that show up for our webinars, that take the time to consider the solutions and work with us to implement them do 23x better financially a year out (from Aug 2016 to Aug 2017) than those that don’t show up or answer the phone. Those are the numbers I know and the numbers I can track. I want that kind of success for all my partners. I have no doubt we’ll be killing it with support next year – but I feel like my responsibility to you, to all of our partners, is to help you grow. And I can do that much better through marketing efforts than we are doing right now. Hence the highlight.
ExchangeDefender Bounce Whitelisting & Quarantine Access
We’ve never invested as much as we have in 2017 when it comes to infrastructure and now that those massive upgrades are nearing completion, you’ll start seeing an avalanche of new features and services we’ve been working on all year starting to show up. I wanted to write this blog post to address one that is the largest piece of annoyance for our clients and that is whitelisting bounce emails and domains.
A little bit of background: Every time you see a bounce*@ email address is the last time you will see that address. These disposable, script generated addresses are only valid for a short period of time and are used by the mailing list companies to track bouncebacks and replies to their campaigns. On is generated for every single email sent out and if you look closely at them they usually have a random string or your email encoded in the user part of the email address. Whitelisting them, as so many people often try, is to put it simply: pointless. Naturally when the next email comes in from “the same sender” it’s going to have a completely different from address and the old whitelist entry will not fire. This tends to get really annoying really fast for clients that don’t understand what is going on behind the scenes.
To make things easier and assure delivery in the future, ExchangeDefender will now detect when you’re attempting to whitelist a bounce/disposable address and offer to whitelist the entire domain for you. We’ve stripped out the product branding so you can forward this to your clients or include in your own documentation/newsletter. When they click on a Trust link in an email report they will see this prompt:
And if they go through our online portal and attempt to whitelist a temporary bounce email, they will see this:
Is that all? Well, not quite. You see, most of these bounce lists are coming from legitimate sources such as Constant Contact, MailChimp, SalesForce, etc. Later this fall we will be releasing a new “Newsletter” feature but in the meantime our new managed whitelist (enterprise-wide) will make sure these bounce messages getting caught in SPAM folders due to their contents (but from legitimate sources) are no longer something your clients have to worry about fishing out. So yay, less work for everyone involved!
One more thing
While we’re on the “less work” train, infections and filename/filetype policy violations will no longer involve going through our team to release messages. You can now release infected or policy violating attachments/messages on your own through the Domain login at https://admin.exchangedefender.com. (psst. You can even let your clients / CIO types access this since it’s a domain-level feature, not an MSP-level feature)
Proceed with caution though, delegating access to this content is still a terrible idea though and please make sure you have adequate sandbox/antivirus/anti-rootkit software installed anywhere you download these. For every legitimate release request we get there are dozens of “No, my client does a lot of business with UPS and they definitely need that .exe that UPS emailed them.”
We hope these new features make you more productive and safer online. We’re really excited about everything else we have coming up!
Some tips on getting ready for a disaster with ExchangeDefender
I held a quick webinar to get all of our partners and clients in the way of Hurricane Irma up to speed and all the contingencies you need to make in advance of the storm. In Florida and Texas we unfortunately get plenty of time to practice and live roll with disasters but if you have new staff, this is something you need to be doing with your clients continuously. If you don’t feel like watching a 12 minute video, here is a brief writeup.
First of all: We’ll be here. 24/7. If you’re in the path of the storm you will likely face severe outages, downtime, lack of reception, eventual lack of battery power and network congestion in a disaster area. Here are things to keep in mind and get on top of as far as we are concerned.
In the event our support portal ever goes offline, the secondary infrastructure in Los Angeles will pick up the load at:
https://support2.ownwebnow.com
In the event of an outage, we probably aren’t the only vendor you need to stay on top of. So if you do social media, you can track our activity and advisories here:
www.fb.com/ExchangeDefender
www.twitter.com/xdnoc
In the event that the net goes down, and it usually does, make sure you can get in touch with us. Our numbers are 877-546-0316 or 407-465-6800
In the event that you lose network connectivity or your LTE/4G suddenly becomes Edge/GPRS, you will likely be calling us for support and network changes. We’ll need your PIN to make any account or configuration changes to make sure you and your techs have that ready now. If you haven’t seen your pin in a while or if you’d like to reset it, it’s at support.ownwebnow.com under your contact preferences.
In the event that your power goes down, Exchange/ActiveSync will chew through your battery quickly. Make sure you setup your ExchangeDefender LiveArchive IMAP/SMTP now. Make sure you test the IMAP-SSL/SMTP-SSL part in the event that your mobile carrier blocks 587. We have a few LiveArchive frontends so if you’ve only ever heard of https://livearchive.exchangedefender.com you’ll want to login into the admin portal and find out which LiveArchive client access server you should be using. Do yourself a favor and set your LiveArchive-To-Go account, it’s free and it can sit on your phone dormant, just flip it on when you need it. Not only will it use far less bandwidth than Exchange/EAS, it will make your battery last a lot longer.
Finally, print out the client auth dump. This will give you all the credentials you’ll need to provide to your clients to get them back to work if their servers or networks go offline. Trust me, you want to do this now. I have fielded countless panicked calls from IT people charging their cell phone in the trunk of their car trying to get credentials reset and configured for their clients – plan this now.
Some other ideas and suggestions:
1. Any important data that you imagine you’ll need on the go: Encrypt it and take it with you on physical media. For really important stuff like insurance, routing, VPN, etc make sure it’s printed out and you have all the relevant phone numbers.
2. Take pictures of all the gear you’re leaving behind and do a video walkthrough of the setup. Trust me, you’ll forget to take a picture of something.
3. I’d like to repeat #1: Print a hard copy of contact points, client info, anything you will need to obtain assuming both computers and networks are unavailable or batteries drained.
4. Agree on a cloud based chat system to keep in touch with your staff. This is essential.
5. Publish and announce an offside advisory site. As you start restoring services, you need to keep your clients in the loop – nothing worse than recovering from a disaster and simultaneously having to listen to someone whine or nag for an ETA that is just slowing you down. Make sure you have a Twitter or Facebook account to point them to for an update. You probably don’t want to call a thousand people back. Expect their phones to be off too because they probably have power issues as well.
6. I cannot stress this enough: Reconsider your name server infrastructure. If your DNS is provided by the same company, or if all your name servers are on the same network, subnet, etc and it goes down you are dead.
7. Setup a cloud failover crash site. If you own your own mail server, setup mailboxes just in case – if you’re going to be down for days you’ll probably want to use email in the meantime. If you’re wrong worst case scenario is you’re out a month worth of email hosting.
8. Fly someone far away. I heard Utah is beautiful and relatively hurricane-proof.
9. This one is personal: setup a remote VPN server. If all your routes, trusted networks and servers are offline you’ll have a hard time getting to the infrastructure you’re expected to manage – your clients may come back online before you do. Stand up an openvpn cloud instance with a static IP address for the time being and trust it across your network.
10. This is a bummer, and almost illegal for me to say as a Floridian, but as this is a category 5 storm it’s a really good idea to stay sober. You may be needed at a moments notice, if things get really bad you’ll really want to be aware of your surroundings and have full capacity to handle multiple outages and issues at once. Many of you are IT solution providers and someone is paying you to think about #1 – #9 I mentioned here… I’ve seen things explode well before the hurricane comes in and days after the storm passes.
Stay safe. Plan and prepare accordingly but rest assured that we’re here for you. And some of us are in Utah too. 🙂
P.S. Yes, our logo is a hurricane. Yes, we noticed 🙂
Invoice CSV
We’ve recently made some changes to the Invoice System to make things more clear and easier for our clients who bill their clients individually. We now have a csv generator for invoices. If you navigate to your company in the support portal then click on the Invoice tab you will find all of your invoices going back to when your services started with us.
Simply click on the csv next to a specific invoice it will generate a csv for your use that can be opened in Excel. It’s generated to group the categories of service types together.
This is a cleaner alternative to the old way of copying the invoice from the portal and pasting it into excel that we’ve seen some of our service providers do in the past. Now you can split, subdivide, categorize with ease. If you would like even greater control over individual accounts so they can always exist within their own company, provision accounts directly through your own Shockey Monkey portal.
If you have any questions regarding this feature email me at cody@ownwebnow.com
-Cody Savage
Domain Password Expiration
A major feature folks have been requesting from ExchangeDefender for a long time is better password policies. The first step in that direction is going to be having the ability to support password expiration. We have moved forward with this request as we realize the importance of forcing password changes on a security platform. One feature that was implemented recently that you guys might have seen pop up in your admin portal is domain Password Expiration.
If you navigate to a specific domain’s configuration you can see you now have the option to implement 30, 60, or 90 day password expiration for all the users on a domain. Initially when the feature is enabled it will tag all the current accounts on the domain / domain aliases, then depending on what option you selected 30,60,90 days out upon logging into the admin portal it’ll require the user’s to change their password before allowing any other functionality. Clients can be proactive about changing their password regularly and avoid the prompt by using the Password Change in their own settings after logging into the portal.
However, I think we know that that will not generally be the case. Once their password has expired upon logging into the Admin Portal they will be redirected to change their password before they will be allowed to login.
If you have any questions regarding this feature email me at cody@ownwebnow.com
-Cody Savage
St Patty’s Day Promotion
Come celebrate St. Patrick’s Day with our promotion going on, starting March 17th and ending April 17th. We are offering $3.00 off Full Hosted Exchange with an order of 5 mailboxes or more. Just use the code: XDLUCKY16 when ordering your mailboxes. If you have any questions or concerns please feel free emailing us at partners@exchangedefender.com or calling us at (877) 546-0316.
How ExchangeDefender Protects You From Ransomware
There has been a lot of news coverage of the new wave of ransomware infecting businesses, encrypting hard drives and data on network shares and creating a “ransom” demand in order to unencrypt it. Initially these viruses traveled as typical viruses do – as executable attachments or inside zip files. Most popular of these was CryptoLocker which has made millions of dollars from businesses that didn’t have adequate protection, most recently from a Hollywood hospital that paid $17,000 to get it’s data back. But ransomware has taken a more evil turn – traveling not as an executable that users have been trained to avoid but as a macro inside Word and Excel documents that users often open without a second thought.
As with any threat, it’s important to layer protection and defend your business with a good firewall, good desktop security product as well as a perimeter scanning service we provide through ExchangeDefender.
ExchangeDefender Layered Protection
Before we discuss how ExchangeDefender protects you from ransomware, the most important aspect of IT security isn’t prevention – it’s education:
If you receive an attachment of any kind from a source you don’t recognize: do not open it.
If you receive an attachment from a source that you do recognize but it looks and feels suspicious: do not open it. If the email address looks wrong, if there are misspelled words, unusual formatting or unusual activity: stop.
But let’s talk about prevention. Our partners have many options of using ExchangeDefender to stop the spread of dangerous malware.
Attachment & Content Type Blocking: The following process is the most flawless, but most disruptive, way to address an epidemic. You can choose to let ExchangeDefender block attachments that are used by Microsoft Office documents. We do not recommend this route but it’s nice to know it’s there for the events in which people are getting infected and virus scanning has not been able to pick up threats faster than they are infecting systems.
OLE Virus Filtering: ExchangeDefender will block macro (.vbs) attachments outright. But with the rise of Locky ransomware we now also scan Microsoft Office documents and look for infected and dangerous malware placed in those.
Known Threat Sources: ExchangeDefender also blocks dangerous content before it’s even an issue. Most of the threatening content is sent from the same sources that are popular with spammers, hackers and malware distributors: hacked PCs, servers, and blog sites. We maintain a realtime list of networks that spread dangerous content and routinely block their ability to infect our users.
Firewall & Site Blocking: Ultimately, the largest single source of infections isn’t the ExchangeDefender protected or hosted mailbox – it comes through Yahoo mail, Gmail and other non-business email service. If you aren’t blocking those at your work you need to be.
What else can be done?
As mentioned above, client education is the #1 way to address these. Contact our marketing department and ask them to build you a branded best practices flyer for email and Outlook (Hosted Exchange clients only). There are very simple ways to tell when a message is not from your bank or from UPS.
Establish a regularly scheduled backup system for all critical client PCs.
Layer your antivirus protection. No, one AV vendor is not enough and ExchangeDefender uses several commercial and dozens of proprietary data sources to detect and isolate dangerous content. No matter how much you love your single AV vendor and they claim they are the best – like everyone else they will have an infection evade their scan. If you only have one AV engine, consider adding something like ClamAV to your arsenal.
Establish a review of policies and security implementations. We often see that partners rarely configure ExchangeDefender or monitor it in a way that gives them actionable intelligence. The same can be said for client PCs: Are you monitoring your AV implementations? Are you checking that users aren’t turning off AV or firewalls? Are you looking at strange traffic patterns, use of private proxy or VPN networks to evade network security policies?
CryptoLocker and Locky are neither the first nor the most dangerous threats networks face. But with ExchangeDefender, education and layered security we can keep most online outbreaks from affecting business operations.
LocalCloud – Update
Today I’ve published an update for LocalCloud, which addresses a few issues that would result in a failure to upload a file. This issue would only occur under certain conditions and was only prevalent in large files It’s turns out this was a result of a known bug inside the .NET framework and how it handles event notifications for the filing system. In addition to resolving this bug, I’ve also implemented a few performance enhancements that should make the application run smoother.
Download: http://www.exchangedefender.com/software/XDStorage.exe
If you’re running a previous version make sure to uninstall it first. However, we’ve upgraded to a new installation platform and all future updates will be patched automatically.
Several months ago we added the LocalCloud feature set into our ExchangeDefender mobile application for both the iPhone and Android. Now you have the ability to access your files from your desktop, mobile workstation and practically any mobile device!
If you have never heard of LocalCloud, it’s a cloud based storage solution for documents. It recognizes multiple file types and is 100% compatible with office applications. You can share documents between computers and even allow other individuals access to your files. With multiple access points comes great responsibility, for this we have access control. This feature allows you or another individual to “check-out” files to prevent accidental overwrites while the data is exchanged in the cloud.
