New look for ExchangeDefender SPAM Release & Re-directions
It’s been about a decade since our last face-lift to the end-user facing part of ExchangeDefender – suffice to say, lot’s of cool new things are possible with the web technology that wasn’t possible in the past. So, allow me to introduce you to the ExchangeDefender Security Center!
As of Thursday, June 27th, when you attempt to release a SPAM message,
you will see our new security center:
Of course, yours will look a little different. If you have ExchangeDefender from a service provider, it may have their color scheme. You can still upload your own logo (at https://admin.exchangedefender.com).
The idea here is to help connect our self-service portals https://www.exchangedefender.com/ss, our chat, our alerts, and documentation into one spot so when an issue comes up we can help the end user right then and there.
Remember that all of this stuff is data driven, so if you’re one of our partners we encourage you to put up your own announcements, deploy the XD NOC for your organization so your branding is preserved, work with our account managers, etc.
Going forward, this will be the default view for unauthenticated connections – so WFS, Encryption Download, SPAM release, and the Phishing Firewall Redirect.
P.S. How do IP restrictions play into this? They don’t. If you have ExchangeDefender enabled only for Trusted Devices and admin portal locked down to the enterprise IP range, the site will still allow the user to release SPAM from the quarantine no matter where they are (think mobile device access). For other functionality, once they click on Login the same 2FA/OTP/Known Device/IP Restrictions are in play.
ExchangeDefender Phishing Firewall FAQ
ExchangeDefender Phishing Firewall officially launches tomorrow, June 12th, 2019.
Every service provider and every user will be contacted with the information about the new service. Since some users may see the redirection site, we wanted to assure everyone was aware of the service, how it works, what it looks like, and what it does to protect them.
Note from Vlad: We hate changing the user experience. We understand that every time we change anything there will be an issue, folks don’t like having their cheese moved, I get it. However, this isn’t a futile exercise in self-promotion, up-selling, cross-selling, or useless noise: we are doing this to eliminate the problem that 90% of security compromises are triggered by. This implementation comes down to ethics: If I know that something is 90% likely to hurt you, and I have the means to protect you, and I choose to let you get hurt anyhow… why would you ever do business with me or ExchangeDefender? I understand we may lose some business over this, and I am willing to make less money in order to do a better job for people that trust us with their business.
Here are the answers to some questions we’ve already received:
Q: Does ExchangeDefender PF work on every device I receive email on?
A: Yes, ExchangeDefender PF automatically encodes all links sent through our system in HTML messages and redirects them through ExchangeDefender PF. This means that the link will be secured no matter which device you use to access your ExchangeDefender-protected email.
Q: Does ExchangeDefender PF protect me from non-email links?
A: ExchangeDefender only protects you from email links in HTML messages sent to your email address through ExchangeDefender. If your mail client downloads mail from 3rd party external services (Yahoo,
AOL, Microsoft, Google) that are not protected by ExchangeDefender, you will not be protected.
Q: Is ExchangeDefender PF available in ExchangeDefender Essentials?
A: ExchangeDefender PF is only available in ExchangeDefender Pro and ExchangeDefender Enterprise.
Q: Is there any way to turn off URL encoding for specific domains or users?
A: ExchangeDefender encodes the URL at the edge, as the message is being scanned for malware and other phishing forgeries.
Q: I don’t want to see the ExchangeDefender PF warning/site, can I bypass it?
A: Yes, you can simply whitelist the domain and ExchangeDefender PF will not be displayed. Whitelisted domains are automatically displayed without ExchangeDefender PF. ExchangeDefender maintains a list of known good/legitimate domains so the likelihood that you will see a dangerous (or questionable) website is very low. Additionally, your IT department or IT Solution Provider has access to organization-wide whitelist and can bypass ExchangeDefender PF to any site you need to visit.
Q: Is it possible to still get hacked/compromised even with ExchangeDefender PF?
A: ExchangeDefender PF simply applies your organizational policies to traffic and gives you additional information about the link you have clicked on. If you ignore warnings, or if you proceed to a dangerous site as a part of your organizational policy, you can still be compromised.
Q: Is there anything special I need to do on my network in order to support the redirection?
A: No, you should not have to make any modifications to your clients network in order to support this. If you do something exceptionally unusual (we would have contacted you separately, DoD requirement) and only have an allow access policy while blacklisting the rest of the Internet, redirection happens through https://r.xdref.com domain that needs to be in the safe sites.
Q: Can I turn URL rewriting off?
A: The ExchangeDefender URL rewriting code is implemented at the edge without regard for domain/user policies. In order not to introduce delays in processing, this is a global rule. If you are concerned about your clients seeing the redirection screen, whitelist the domains they typically go through. If we get complaints about it, we will look at deploying this policy further down in the scanning path which will slow down processing times for domains that opt out of the service and that feature is already in the development queue.
Q: Can I see the copy of the messages you are sending users, so I know what to expect?
A: Here is a copy of the message in PDF and Outlook format.
Q: Will the links stay live for X number of years for compliance purposes?
A: There is no expiration date for the links, as clearly stated in our Privacy Policy we do not collect or archive the links that you click on or that we encode, they will stay in your downloaded / cached / archived messages. While many regulatory requirements have message retention policy expectations, those requirements do not extend to external content, ie: you have to archive the message, you DO NOT have to archive the documents that are externally linked on third party sites. Either way, messages will continue to redirect as long as we stay in business.
Q: Can I get a list of good/bad sites for my compliance records?
A: Please contact our compliance officer at compliance@ownwebnow.com with the letter from your regulatory body and we will do our best to provide this confidential information ASAP.
ExchangeDefender Service Provider Branding
ExchangeDefender is happy to announce the enhancement of it’s Service Provider branding options. ExchangeDefender is primarily distributed and managed by other IT Solution Providers (MSPs, VARs, IT professionals) and we have exposed as much of our infrastructure as possible for white label functionality. Starting this week, we are also encouraging you to brand messages sent by ExchangeDefender:
ExchangeDefender Email Notice Branding is available at https://admin.exchangedefender.com under your Service Provider login. Click on Configuration > Branding and you will see a section that will allow you to provide any content you’d like us to include on messages sent to users automatically.
We encourage all of our Service Providers to provide at least their basic contact information and a note in this section. While we are always concerned with our partners brand, system notices and urgent security issues may at times require us to contact the user directly. In the event that we do that, it’s helpful for the client to see your information at the top of the message instead of the bottom.
We’re also working hard on delivering additional features to ExchangeDefender sites, so if you have any suggestions or wishes, please let us know by hitting the feedback link anywhere in our system.
P.S. This feature was discussed in detail during our webinar on June 6th, 2019. Watch the webinar here: https://www.exchangedefender.com/media/XDNewPhishing.mp4
ExchangeDefender PTR & RBL Whitelisting
ExchangeDefender is opening a wider beta test of our whitelisting functionality, which allows IT Solution Providers to whitelist sender mail servers that have broken DNS (missing PTR, mismatched A/PTR records) and poor sender reputation (hosts listed on multiple RBL blacklists).
If you have a sender you would like to whitelist against these essential network tests, please open a ticket at support.ownwebnow.com with subject “Whitelist PTR/RBL: IP Address” and provide as much information in the ticket so we can accommodate this specific request. Only hard non-negotiable rejections to whitelist will be for unknown address space and dialup/consumer cable IP addresses (because due to their nature those are typically dynamically assigned address spaces that shouldn’t be relaying mail at all, they should be using their ISP mail server provided smarthost)
Requests will be reviewed and either approved (and enrolled) or rejected within 24 hours by our CSO.
Background: Inability to previously whitelist broken DNS and dynamic IP address space is rooted in our mission statement. We are here, beyond everything else, to help secure the email. We know our partners, IT Solution Providers, VARs, MSPs, etc do not have the skill set, the time to properly research underlying issues, enough data and statistical models to evaluate sender IP reputation, or even the incentive to discern how big of a security threat and compromise a specific IP address with broken DNS or poor reputation may pose to your client.
In fact, you pay us to worry about those things and keep your clients secure. But, sometimes clients like to think they know better than their technology experts, generally accepted security standards on the Internet, and ExchangeDefender. And the client is always right. But, when they get infected attachments, broadcast storm, password dumps, or other security compromises because they insisted on lowering their security – then ExchangeDefender is on the hook for securing them. And we don’t get to say “told you so” nor do we have any rapid means to fix the issue.
Since my retirement, all of those hard-line policies designed to keep clients safe beyond whatever “specific business case requirement” they may have, are slowly going away. Good news for the client, good news for the partners. Good news for us, because going forward we will start providing Email Security Engineering services – so when you get a security compromise or an usual issue and you’ve asked us to compromise your security – we will be able to address the issue on your behalf.
I choose to look at this as a positive – we will help our clients meet their business needs and get the mail they desperately need – and if something breaks we will be there to help assist with the cleanup (for a fee, of course). This, among many other service related things, is just the part of the ExchangeDefender being more responsive and service oriented when it comes to our clients demands as opposed to our expert opinion as a security policy.
ExchangeDefender’s AnythingDown.com – See How It Works!
As promised in the last webinar, we’re moving as aggressively as possible to make sure our partners have as flexible of a tool as we can imagine to communicate with clients in the event of an IT catastrophe. Or, in our case, to further increase transparency and collaboration with all our ExchangeDefender service providers so you can get better insight into our network and when we’re dealing with a lot. That said, I believe that the product/service is now production ready and we’ve already tied it up in our ExchangeDefender Enterprise product so you’ll know as we know. 🙂
Remember, ExchangeDefender’s AnythingDown.com , or https://yourserviceproviderid.xdnoc.com – is your own brandable, real-time alert system that covers ExchangeDefender managed resources as well as your own custom defined events.Â
Let’s go on a little tour, shall we?
First, here is the nearly-final look of the site. It will of course feature your logo, your contact information, and your own services but you can see that there is now a sign in section as well as nested posts – so when something is updated it’s done so in-line and can be read normally (as opposed to just seeing the latest update and not knowing what it’s about at all).
Sign in screen is for you, just provide your service provider ID and password and you’re in your own portal.
As for your users that want real-time updates via email or RSS/blog, we have a signup page (I know, I know, it’s idiotic but GDPR and EU have put this obstacle in place where we need contracts and disclosures about signing up for an email list).
Once you’ve signed in as the service provider, you will have access to manage and create new service advisories. Just click on the Add New button in the upper right corner. If you’re managing a larger NOC and have a ton of fires going on (you’re among friends, #respect) you can also search current open advisories and make sure you update the correct one.
New advisory posting is pretty flexible and gives you actually quite a bit of power to include images, links, and other multimedia. As network geeks we’re used to plain text, ASCII, 80 columns across black on white kind of alerts but in the 21st century with lots of things going on sometimes you can throw out a quick alert with a screenshot of what’s going on rather than trying to document every single detail (for example, a cloud of daily network/ISP outages as an explanation why things are moving slow or getting delayed or buffered)
And of course, you can update every service advisory.
As mentioned last month, ExchangeDefender XDNOC </a> service is all about helping us work better with the people that pay us to help protect their networks and users. I have some rather personal thoughts on that subject, which will be a matter of another post. However, when you design software and when you serve as the gatekeeper, your primary responsibility to the people you’re protecting and waking up to keep safe every day is not just to keep things going but also to keep everyone aware of what is going on to improve things – because hackers don’t take days off.
Network Upgrades at ExchangeDefender
Many IT professionals have gone through a lifecycle infrastructure upgrade – the all important cycle of improving the infrastructure as the vendors push down new features with ever increasing resource demands. We’ve been doing that since 1997. One thing that has changed in the past 20 years is the scope and magnitude of both attacks and the network demands to manage them all. We’ve done an excellent job keeping up with them all, with our last major outage (that lasted nearly 4 hours) back in 2011. We learned a lot that day – and rolled it up into our products and services that many of our partners have experienced. These days, with the cloud services, the game is completely different.
I hope you have a moment to join our WEBINAR next Thursday, April 11th, at noon
Register here: https://attendee.gotowebinar.com/register/5700720797827651073Â
It won’t be the usual rah-rah new features new stuff show. I will speak candidly about how we’ve managed to overcome and triumph in the “Cyber” security game and how we’re still always one step behind whatever 0-day attack vector comes down. I’ll be discussing (somewhat intimate) details about the performance issues, DNS issues, DC issues, subscription issues, 3rd party IP issues, and how all of these have become both an IT management issue and customer service nightmare. I truly hope you join us. I know your time is valuable and schedules get tight so if you can’t make it, the recording will be posted in our portal as usual.
What we learned last week – for the millionth time – is that communication in cases of issues is paramount. When things appear to go down, people panic. They require not just information but reassurance, confidence, and a plan required to address issues. For smaller companies, that’s a matter of just falling back to a cell phone – for larger ones (if it’s not already you, it definitely is something to consider for your clients) that is simply not an option and the volume of activity will easily and quickly overwhelm you. I used to see it every day – when issues come up for our partners, their clients call us.
We’ve made an overwhelming investment – not just in technology and features but manpower – that has fueled our growth for the last few years. I want to share, personally, exactly how we operate and how we’ve been able to both prioritize and execute some of the more impressive infrastructure enhancements and how they are going to be here to serve you for years when something happens.
And then I hope to offer you the same – as a token of our appreciation for your business and your loyalty through the years. Pretty excited, I hope you can join us.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
New Feature: ExchangeDefender Announcements
ExchangeDefender Announcements
As you’ve probably noticed, our feature development has really picked up in 2018 and we have an even more aggressive product roadmap for 2019. To help make sure everyone is on top of all the new features and that our partners (MSP/VAR) have the best possible way to keep all of our clients informed of the new features, we’re happy to announce the Announcements feature!
Starting in late February 2019, our service providers and CIOs alike will have the ability to post announcements that will be featured prominently on the ExchangeDefender admin login page, inside the user control panel, and in the domain/org control panel. As you can imagine, this feature has a lot of flexibility to help you efficiently target the right organizations and users.
Announcement Feature Highlights:
– Announcement title and announcement contents can include HTML and you can even insert a picture for each.
– You can set the announcement expiration date so that the announcement doesn’t show up after a certain date. This is great for sales promotions, webinar registrations, etc.
– You can scope the announcement: It can be global (for all of your domains) or it can be scoped down to a list of domains you choose. As most of our MSPs manage different kinds of organizations, one-size-fits-all announcements rarely work and this feature can help you solve that problem by targeting each organization specifically.
– I want to see this announcement too: If you’re in a larger organization you likely have personnel that is responsible for different departments or companies. Because announcements are visible on the login page of your portal as well as control panels for service provider, domain/org, and end users you have the ability to not show end user announcements to your IT and management staff.
– Include all users: You can even write specific announcements that are targeted at end users.
As ExchangeDefender gets bigger and as the complexity and service portfolio grows, we need to help our partners and CIOs communicate the new ExchangeDefender features more efficiently. Since you control your announcements it is up to you if you use it for ExchangeDefender related stuff or if you use it for your own promotion or if you delegate it to your companies to use it as another outlet to broadcast organization-specific but important news to everyone.
Most ExchangeDefender users interact with the service daily so you have a perfect (captive) spot to reach them about a product they are already interacting with – instead of having it burried in an email newsletter that they likely won’t read. This has been among the most demanded MSP features for years and we’re happy to deliver something with enough power and flexibility that will make both your tech/support people happy (so they can address possible support issues) as well as marketing/sales (so they can better target their message). You can only display up to two (2) announcements at a time though so the only bad news here is that you’ll have to prioritize.
ExchangeDefender Exchange Account Lockout
ExchangeDefender is relieved to announce the availability of automated account lockout notifications. Our clients now have the ability to automatically locate, secure, and unlock email accounts that have been locked down due to too many bad login attempts.
You will now notice a red lock icon next to any accounts that have been locked out and you can choose how to proceed in terms of restoring account access:
Password hacking and guessing is rampant, and has only been getting worse through 2018. Thankfully, we’ve automated the process of unlocking and changing authentication credentials in 2019.
However, there is a special case in which just “Unlock Only” option may be the best.
Suppose you have a power user that has a desktop at work, at home, a laptop or two, 2 iPads, iPhone, Galaxy S9 and a miscellaneous other device that is set to sync mail every minute. Totally not talking about our CEO. But suppose that is the case and you just changed the password – well if all these other devices are trying to authenticate with the old password you may actually trip your corporate policy for the unlock limit and lock the account again.
We hope this automated system will save our partners a ton of time and make managing security and security incidents a breeze. We wish we could have delivered this much sooner but as anyone involved in cybersecurity will tell you, priority #1 is always mitigation of the issue (which we’ve done through all our Exchange 2016 UI and management discussed in our webinars).
This feature will go live later this week (Feb 21, 2019) – please give us feedback and suggestions on what more we can do to give you more power or save you time.
ExchangeDefender IP and Device Restrictions
  ExchangeDefender IP and Device Restrictions
ExchangeDefender is continuing it’s march to becoming your central point of secure communications by bringing even more of our custom Enterprise features down to the SMB/MSP space. As of today, you will start seeing another section added to the Service Provider screen specifically to house our advanced security settings.
  Restrict ExchangeDefender access to your IP range
All large organizations that depend on ExchangeDefender have static IP addresses and IP ranges assigned to them by the ISP. ExchangeDefender has the power to restrict access to your organization (all domain and user logins) and only allow access from your offices.
Add Trusted/Known Devices For Easier Access
People love the notion of security until that security gets in a way by prompting them. We only want our security infrastructure to get in a way of hackers and to slow down and annoy people that want to do us harm. Good news is, now you can add devices you know to known and trusted device list.
Doing so will minimize some of the additional checks and verification (such as 2FA/OTP one time password checks when you first log in from an unknown address). As an additional bonus, ExchangeDefender will start to deliver notifications and alerts whenever the system is accessed (successfully, meaning they know your password) from an unknown/untrusted device, giving you the first alert that there is a security issue to address.
As you’ve seen with mass password resets, access to advanced access logging, we are adding more, and more, of our enterprise features to the ExchangeDefender Pro product. To find out what else is on our road map, and how ExchangeDefender will evolve in 2019 to serve your other security needs, please tune into our webinar:
ExchangeDefender Mass Password Reset
ExchangeDefender has always been a great friend to the SMB community where folks hate passwords and password complexity right until the moment their password gets compromised. Once that happens, it’s up to the MSP or poor IT guy to sit around and reset all the passwords in the organization.
As mentioned previously, a number of ExchangeDefender Enterprise features is being delivered to ExchangeDefender Pro so now you’ll have the ability to reset every single users password quickly.
Under the domain login you will now see a “Security Reset” link that will allow you to either randomly assign a strong password (smart) and send your users a reset link or pick the same password for all users (outright idiotic but “business requirements”).
If you are an MSP assisting a client during an outage and this is the first time you’re making your users aware of ExchangeDefender LiveArchive for business continuity, you can also print out the passwords and/or email them to your users in plain text. This is a horrible, terrible, idiotic, really bad idea that virtually guarantees you’re going to get hacked but we are here to serve and Howard is a really good friend so here it is:
Just a word of warning: If you select to send your users a new password in clear text, and show the roster with the plain text password on the next page, for whatever ungodly reason, please add a note to come back later and lock your users down. Most MSPs keep the same password for ExchangeDefender and Exchange, and these services also affect ExchangeDefender Encryption, LiveArchive, WebFileShare, Compliance Archive, eDiscovery, FailPOP, mobile, etc and leave you open for collateral damage. Unless you’re using 2FA/OTP, restricting IP address ranges, rotating passwords frequently, I can guarantee that your passwords will be compromised. Please, please, please don’t do this, we are only making it available as the feature of last resort.
As we add these advanced security controls into ExchangeDefender Pro (and some even for Essentials) we will be tightening the security of the platform around. To hear more about our plan for 2019, please sign up for the webinar on February 6th at noon EST. Click the banner below to reserve your seat.