ExchangeDefender 2019 Best Practices – What worked?
2019 has been a challenging, yet rewarding year for ExchangeDefender with the development, and full release of brand-new UI upgrades (Support and Admin), along with 20+ new features to maximize our profitable service portfolio.
Our CEO Vlad Mazek will be leading an informative discussion about the most successful strategies in 2019. We’ve covered a lot about our strategy and it’s been refreshing to see so much adoption of the new services.
- New ways that our partners are finding a way to win with ExchangeDefender,
- Opportunities to protect and serve clients on Office 365/AWS/Google, and the new services we’re bringing out of beta in 2020.
Join us on Monday, December 23rd at Noon Est for our final webinar of the year. We’d love to share with you what we’ve learned, as our partners have grown their business to larger corporate contracts. 2019 was a year of progress and learning, and we’ve received a ton of experience with direct clients and would love to share our success strategies that you should be taking advantage of as well.
Webinar RECAP: Introducing Brand New Admin UI and New ExchangeDefender Services
On Wednesday, November 13th, I got the pleasure of introducing our partners and clients to several new services from ExchangeDefender:
– New ExchangeDefender UI for users
– New Wrkoo Calendar and Appointment Booking feature
– New Postmaster support service for Exchange/ExchangeDefender Pro
Our development team has been working like crazy to bring all these features to our clients and we’ve had a ton of beta testers enjoying both solutions for weeks with no major problems (but lot’s of feature requests that we look forward to adding to the product).
ExchangeDefender UI / UX Upgrade
Our current strategy is to make sure the ExchangeDefender service enters 2020 with the brand new UI across all login levels and services. All these new services are coming with improved security, more functionality, and are significantly faster.
Wrkoo Calendar & Appointment Booking
Our strategy of rolling some Wrkoo features to the ExchangeDefender client base continues with our calendar module. In addition to the Password Vault, which is also available free of charge to our ExchangeDefender Pro clients, Calendar and Appointment Booking modules will be available for free as they are key to our strategy of offering a full groupware solution by January 2020.
The calendaring option adds everything you’d expect from a modern calendar and appointment sharing application, but built for groups and businesses. A public appointment setting site is integrated, allowing web site visitors to request an appointment after seeing the available schedule – with Wrkoo handling all the collisions, registering users, setting up meetings and free/busy status.
In terms of scope, this is the largest non-ExchangeDefender to date and a requirement for our new groupware service. In terms of feature set and functionality, it significantly exceeds what is currently available.
Postmaster Support
ExchangeDefender has spent 2019 improving support and troubleshooting automation which has resulted in savings of thousands of hours and support requests. We’re stepping it up even further with a concierge service to help with message tracking, NDRs, and DNS-related email delivery problems.
The new site will help users automatically detect common problems with their setup or configuration. After collecting basic information, it will then be assigned to a case manager that can effectively work with sender, recipient, and other interested parties to resolve the problem.
In conclusion
Take a moment to watch the webinar. There is so much context and background to our strategy.
https://www.exchangedefender.com/media/XDUICalendar.mp4
As this is our last webinar for 2019, I wanted to personally thank you for all your business and your trust. We have worked like crazy this year to get these features to you before 2020 and in our opinion we are light years ahead of where we were at this time last year. I’m sure you can tell from the excitement in my voice that we believe these new features will be significant game changers for our partners and clients and we’ll continue working on developing solutions to the continuing challenges in security and in productivity.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
Password Security Policy Enforcement & Enhancements
Over the past year we’ve been introducing enterprise security measures to help protect our clients from an increasing volume of attacks. Email is the single most abused gateway for email threats – with 91% of corporate breaches starting through email – and it’s only getting worse.
If you’ve used Yahoo, MySpace, or hundreds of popular free web sites (go to https://haveibeenpwned.com/ to see how/who exposed your data) your credentials and other information is available on the web. Hackers are using these passwords and personal information to guess their way into other sites that haven’t been breached – so if you use the same or similar password (or only change the site id, or one number or letter to make it different) then you’re making it very simple for hackers to get into your account.
And we get it. Dealing with security, passwords, and locking down online services is time consuming. But as the company whose main purpose and mission is to keep you secure – we want to help save you time and make it easier for you to be secure.
For the details on all the stuff we’ve got coming in September, we’d like to invite you to our webinar:
ExchangeDefender Security Upgrade
Tuesday, September 10th, 2019
https://attendee.gotowebinar.com/register/6898777257651237900
In the meantime, we’re going to help our partners and clients not make things “stupid easy” for hackers – by globally resetting ExchangeDefender passwords that are older than 1 year. We’ll do this on September 1st, in a very minimally intrusive way, and for those that don’t use ExchangeDefender on the daily basis (and mainly just release SPAM from quarantines) the password change won’t affect them.
Using an OTP/2FA or VPN services or all the free features that are built into ExchangeDefender to keep you secure is obviously our preferred way but as we’ve noted – the realities of SMB concern for IT security – so we need to try something else. We really hope our partners and clients can take the time to attend the September Webinar, as we believe the stuff we’ve built will help lock down your organization and make security manageable again.
ExchangeDefender Service Provider Branding
ExchangeDefender is happy to announce the enhancement of it’s Service Provider branding options. ExchangeDefender is primarily distributed and managed by other IT Solution Providers (MSPs, VARs, IT professionals) and we have exposed as much of our infrastructure as possible for white label functionality. Starting this week, we are also encouraging you to brand messages sent by ExchangeDefender:
ExchangeDefender Email Notice Branding is available at https://admin.exchangedefender.com under your Service Provider login. Click on Configuration > Branding and you will see a section that will allow you to provide any content you’d like us to include on messages sent to users automatically.
We encourage all of our Service Providers to provide at least their basic contact information and a note in this section. While we are always concerned with our partners brand, system notices and urgent security issues may at times require us to contact the user directly. In the event that we do that, it’s helpful for the client to see your information at the top of the message instead of the bottom.
We’re also working hard on delivering additional features to ExchangeDefender sites, so if you have any suggestions or wishes, please let us know by hitting the feedback link anywhere in our system.
P.S. This feature was discussed in detail during our webinar on June 6th, 2019. Watch the webinar here: https://www.exchangedefender.com/media/XDNewPhishing.mp4
ExchangeDefender: Overhaul of Phishing Protection
ExchangeDefender is thrilled to announce the new Phishing Firewall in the cloud, going into full production – Wednesday, June 12th, 2019 for all ExchangeDefender Pro and Enterprise protected clients. The old way of highlighting, underlining, inserting warnings and so on will be removed from the service at the same time because it lacks the ability to protect clients in real-time.
The ExchangeDefender Phishing Firewall (EPF) is a real-time, active pishing protection. As ExchangeDefender processes inbound mail, it will rewrite every link to proxy it through EPF when user clicks on it. If the site is safe, the user will be automatically redirected to it and will not even know that EPF is in the way. If the site is not on the safe list, end users will see this warning:
They will have the option to just click on the link and proceed, add to whitelist (at which point they are automatically allowed through in the future) or add to blacklist.
Because of the way phishing works, and all identity theft or forgery in general, it is impossible to secure email messages in transit without making annoying modifications to the message that often distort the look and feel of it. Majority of those links are in the 95% of the mail that passes through ExchangeDefender as SPAM/SureSPAM, meaning that they would never even be seen by anyone. By moving the Phishing Firewall to the cloud, we can now secure every device and provide additional metrics and advisory on top of it to protect our clients from 0-day exploits.
This feature is provided to our clients free of charge and replaces expensive “security awareness training” solutions that users typically hate and do nothing to adequately secure the client. With Exchange Phishing Firewall we enable our clients to create custom policies, maintain whitelists, blacklists, get enterprise reporting and more. It further allows us to go one step beyond – in the upcoming releases we’ll offer the ability to display a screenshot of the site as well as link intelligence data (How long ago was the domain name registered? Where is the IP you’re about to go to located? Is the domain a close spelling error of a widely recognized site? Is the forged site just a cloud hosted Google, Microsoft or Amazon cloud service instance that is holding or redirecting you to another more dangerous location?)
If you’re currently on ExchangeDefender Essentials, we encourage you to schedule a demo with our team to check this feature out as it’s significantly cheaper than antivirus or “security training” solutions and will do a far better job. If you’re on ExchangeDefender Pro or ExchangeDefender Enterprise, you will get this feature free of charge. On Monday, June 10 we will send an email notification announcing this launch to our partners, MSPs, and Service Providers. On Tuesday, June 11 we will send an email notification to end users. Finally, on Wednesday, June 12th we will go live with the service and hope to minimize the annoyance of phishing once and for all. Email is the single most popular attack vector, with 91% of the compromises starting through a phishing attack, and we look forward to protecting all our users even better.
Phishing: Beware of Strangers
This Thursday, June 6th, we will be announcing a major overhaul in the way we deal with spear phishing SPAM. No, it’s not a mind-blowing patent-pending stroke-of-genius sort of stuff, it’s much closer to what your parents told you growing up: Don’t get into a car with strangers don’t click on links or open attachments from strangers.
In a way, ExchangeDefender has had protection from this issue for years. If you had a decent IT Solution Provider implementing ExchangeDefender for you, they would have setup your SPF record and eliminated this issue – but many don’t. Or they would have turned on ExchangeDefender protection where all messages spoofing/forging your domain would automatically get junked – almost none of them do. Which is why ExchangeDefender as a service has become less of an IT tool and more of an end user suite of services to get stuff done.
When features like this are left disabled “because they might become support issues” it becomes really difficult to secure users. But I get it, IT companies have a business to run too, which is why we’ve really stepped up our support efforts and are going to be there to help folks get things done without becoming an additional problem for the IT department. Doing so has really made us rethink how we implement features and how the service behavior needs to speak the same language as the end user. Which brings me to phishing beyond forgeries.
Can you spot a stranger?One of the new phishing protection features in ExchangeDefender will allow you to flag messages that are coming from outside of your organization. You will have two settings – to modify the subject and to modify the header of the message so when you look inside of your mailbox you’ll know what came from a stranger right away. Try it:
Even from the message listing you’ll know which messages shouldn’t even be opened. But suppose you ignored even that – you can set another warning, printed inside of the message, giving the user even more of an instruction of what to do.
Warning: Message was sent from outside of the organization. Do not click on links or open attachments if you don’t recognize the sender.
Far from subtle. And it has to be – because most people check email quickly, between tasks, or are simply interrupted by it. ExchangeDefender has your back, and we’ll make sure we alert you to possible issues before they become problems. Which we hope everyone will be aboard with.
Please join us, June 6th at Noon, for our NEW webinar featuring ExchangeDefender’s Phishing and Spoofing protection, plus see what’s new with Encryption, WFS, and Wrkoo!
Managing User Notifications
It’s no secret to anyone that’s been paying attention to this space that ExchangeDefender is getting a lot more user friendly – both in service and in design. We’ve been improving the way we communicate with our clients and our partners through efforts like embedded help, in-line training and support, real-time chat support, self service portals, NOC sites, etc
Next week we will launch a major feature in ExchangeDefender. It will address one of the biggest pain points in email security and it will give users a ton of control that will help close what is currently the biggest exploitable hole in email security: spear phishing. This will require us to give users a heads up about what they are about to see and training/documentation about how to use it to the fullest.
Which is where we have to make sure our partners are a part of the process too. During the webinar we’ll go over the details about how to insert branding and a message/note at https://admin.exchangedefender.com. This is generally not a big issue, since almost all of our partners would rather have us do more work for them than less, but if you’re really sensitive about this topic make sure you’re in the webinar to see what options you have and how to best leverage them for your own business purposes.
Looking forward to showing you all of this, and the redesigned ExchangeDefender Encryption product on June 6th at noon. https://register.gotowebinar.com/register/198414968804117507
ExchangeDefender Web File Server gets even cooler – 5 new features!
It’s been less than two weeks since we released the highly anticipated upgrade to ExchangeDefender WFS (Web File Server / Web File Sharing) file collaboration portal. The usage of the service spiked as a result of the webinar, but it has been increasing on a daily basis ever since – don’t worry, developers and IT noticed – so we’ve been cranking ever since. As usual “it would be cool if it could do ” and “I have a ton of clients that need this, can it do ?” and we’ve been working overtime at the expense of other projects to get this done correctly (it’s being developed concurrently with ExchangeDefender Encryption and some other cool stuff).
Anyhow, I wanted to take a moment to show you what we do with your feedback.
First, yes, the old UI was a little bit clunky and REALLY slow by modern standards. We’ve fixed that, but it required redesigning how we actually build the library and how you interact with it. Since the last update we have split file upload from library creation – with the idea that the person that starts the library may not be the one contributing or sharing most of the documents in it.
As you can tell, there are some new features in here – permissions and smarter email notifications to be specific. With notifications, we’ve introduced a mechanism to send you an email notice (and soon something much, much cooler) when someone downloads a file from your library, as well as a notification whenever a file is uploaded. If your document management practices haven’t changed since the last decade, you’ll probably love this.
File management, or “actual work” as we like to call it, is on the next screen and is far more interactive. You can now upload files up to 500Mb (system max will eventually be 4GB) and as long as you’ve got a decent Internet connection you’re set. Drag and drop works too.
Once you’ve got your libraries together, you can actually pick up to 3 favorites. Those will be pinned to the top of your dashboard so you can access them quickly:
Now this is where things get cool and leave old “file sharing” stuff in the dust. If you’re working with others, particularly if they are contractors or not in your organization, you’re getting notices via email. ExchangeDefender WFS supports that by default, enjoy making your Outlook even slower and less productive. I’ve got something better. See that panel on the right? It shows you recent activity. Yes, this means that once you log in you will be able to see which files got changed, which libraries you got added to, what happened. And you will be able to plow through all the files and libraries and catch up with everything within a minute.
Next we’re embedding even more chat/discussion/notes to it so you can say goodbye to having to compose or respond to emails entirely. The big idea is that organizations are always sharing files but they are either stuck with old technology or old restrictive (and often insecure) platforms to do so. Say hello to ExchangeDefender WFS. It doesn’t look to “Windows File Sharing” first, it looks at collaboration first. Cause that is what people do with documents – they work on them together – be it creative, administrative, processing, logistics – life revolves around getting data and distributing it – and we’re making sure you can do that as securely and as productively as possible while getting rid of the “traditional IT way of doing it”
Everything you see here is a result of user feedback. So please, as you use our products and services, if we can help you please tap the Feedback link that is on every page and help us build something awesome.
P.S. Oh by the way, WFS now also supports versioning and revision control/notes. You’re welcome! 🙂
Network Upgrades at ExchangeDefender
Many IT professionals have gone through a lifecycle infrastructure upgrade – the all important cycle of improving the infrastructure as the vendors push down new features with ever increasing resource demands. We’ve been doing that since 1997. One thing that has changed in the past 20 years is the scope and magnitude of both attacks and the network demands to manage them all. We’ve done an excellent job keeping up with them all, with our last major outage (that lasted nearly 4 hours) back in 2011. We learned a lot that day – and rolled it up into our products and services that many of our partners have experienced. These days, with the cloud services, the game is completely different.
I hope you have a moment to join our WEBINAR next Thursday, April 11th, at noon
Register here: https://attendee.gotowebinar.com/register/5700720797827651073
It won’t be the usual rah-rah new features new stuff show. I will speak candidly about how we’ve managed to overcome and triumph in the “Cyber” security game and how we’re still always one step behind whatever 0-day attack vector comes down. I’ll be discussing (somewhat intimate) details about the performance issues, DNS issues, DC issues, subscription issues, 3rd party IP issues, and how all of these have become both an IT management issue and customer service nightmare. I truly hope you join us. I know your time is valuable and schedules get tight so if you can’t make it, the recording will be posted in our portal as usual.
What we learned last week – for the millionth time – is that communication in cases of issues is paramount. When things appear to go down, people panic. They require not just information but reassurance, confidence, and a plan required to address issues. For smaller companies, that’s a matter of just falling back to a cell phone – for larger ones (if it’s not already you, it definitely is something to consider for your clients) that is simply not an option and the volume of activity will easily and quickly overwhelm you. I used to see it every day – when issues come up for our partners, their clients call us.
We’ve made an overwhelming investment – not just in technology and features but manpower – that has fueled our growth for the last few years. I want to share, personally, exactly how we operate and how we’ve been able to both prioritize and execute some of the more impressive infrastructure enhancements and how they are going to be here to serve you for years when something happens.
And then I hope to offer you the same – as a token of our appreciation for your business and your loyalty through the years. Pretty excited, I hope you can join us.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
Better Password Policies
ExchangeDefender has been SMB friendly – to a fault, but the era of terrible passwords and plain text passwords is finally over. Not a single piece of ExchangeDefender stores (or offers) user credentials in plain text anymore. We’ve made the transition exceptionally smooth as well, requiring no changes or IT intervention at all.
But we cannot encourage it enough. And over the next year you will see us introduce several features meant to help you lock down ExchangeDefender and use it to lock down your overall IT security strategy. We’re happy to introduce password age configuration that allows you to force users to reset their passwords automatically.
This setting can be accessed from the Domain Administrator > Policies > Features section of admin.exchangedefender.com
When the password is older than your preset number of days (by default, 90) the user will see an ugly red notice telling them to update their password.
If you set the password expiration to 0 days you will turn this feature off entirely but we cannot discourage it more. The feature is there to help your users avoid having their accounts compromised.
If you implement some of these stronger security features we’ve also got you when it comes to minimizing account management – users can reset their password at any time if they have their PIN on them. So even if their mail server is down, having their PIN handy will let them reset the password without additional authentication. Forgot your pin? No problem, we can email you a reset link to a known email address.
As you can tell, ExchangeDefender will go the extra step of helping your users configure a strong password. It will also keep memory of recent passwords so that they can’t just rotate it back and forth between the same two passwords they use elsewhere.
As you’ve seen with mass password resets , access to advanced access logging , known trusted devices and IP restrictions , we are adding more, and more, of our enterprise features to the ExchangeDefender Pro product.
To hear about all these new security features in more detail please check out the webinar that covers our current security portfolio and how these features make sense.