ExchangeDefender CEO talks email-borne threats with Cybernews
Recently, Cybernews reached out to ExchangeDefender CEO, Vlad Mazek to learn more about how we keep businesses safe from cyber-attacks using top of the line security solutions. The informative discussion centers around the topic of cybersecurity, and what that means for the modern business.
With the recent rise in phishing attacks, it is smart to double-check if it’s really your coworker that emailed you.
By now, it’s probably hard to find an Internet user who has never received emails from someone claiming to be a long-lost relative who wants to share their fortune. While the majority of us are familiar with this type of malware, phishing attacks shouldn’t be underestimated. Nowadays, when threat actors start to include more personal details, posing as coworkers or even bosses, staying vigilant is key.
To discuss the topic of cybersecurity and phishing prevention, we reached out to Vlad Mazek, the CEO of ExchangeDefender, a company eliminating email threats before they even reach your inbox.
ExchangeDefender has been providing various security solutions for more than 2 decades. What was your journey like throughout the years?
We originally started ExchangeDefender to improve the reliability of our Microsoft Exchange servers by offloading all the security tools to a more scalable infrastructure. Over the years we’ve expanded our security portfolio to protect other email servers, as well as deliver more secure ways to rely on common office tasks such as file sharing, collaboration, and compliance.
Can you tell us a little bit about what you do? What are the main problems you help solve?
We used to say “We kill SPAM for a living” and to this day we simply eliminate common threats that lead to security compromises and service outages by providing email encryption, long-term archiving & eDiscovery.
We make it easier to rely on email for secure and reliable communication; which we do by keeping potentially dangerous content away from your webmail, mailbox, desktop, or phone. Simply put, we make it easy to get things done more securely.
What technologies do you use to detect and stop threats in their tracks?
We primarily rely on our internal early warning system which tracks unusual activity from known threat actors. Because of our size and client base, we often have the luxury of being among the first to be targeted which helps us identify safe and unsafe developments before they go “viral”.
We also participate in many proprietary, open-source, and data/intel sharing projects that help raise the security profile of everyone involved.
How did the pandemic affect the cybersecurity landscape? Were there any new features added to your services?
Pandemic actually improved the security landscape for our clients because they suddenly had to shift to a remote work model which inherently came with more stringent security requirements and more awareness for security policies and secure collaboration.
We noticed a significant shift from traditional office communication methods to SMS/TXT and we moved quickly to make all of our services SMS-aware. Mobile phones have become a security identification token, a mobile presence device, and far too often a failover computer. That’s why we invested heavily in extending our services to meet our clients’ needs to go beyond just sending email messages.
What sectors (for example, financial, healthcare, etc.) do you think should put extra attention towards email security?
The best way to answer this question is to think like a hacker because for them it’s not personal, it’s business.
Organizations get compromised for one of two reasons:
- They have assets (data) that are valuable
- They have a reputation that is valuable
If you have a lot of valuable data or a trustworthy relationship with your clients, you’re a valuable target regardless of your industry. It would be difficult to hack a financial institution because they have dedicated IT and security teams, go through routine audits, and can respond to threats quickly. Compare that to a small CPA firm that uses standard tools and an antivirus bundle that came with their PC.
When it comes to cyber threats carried out via email, what are the most common ones?
Email is the most popular way to get cyber threats into an organization, according to a recent study over 90% of security compromises started with email and it has not changed significantly in the past few years: the #1 cyber threat is from spear phishing. Spear phishing is a practice of forging the identity of the sender and the look of the email to something the recipient would find trustworthy enough to click on. What has changed significantly is the end goal of spear phishing:
- Deployment of RAT (Remote Access Trojan) software
- Theft of PII (personally identifiable information)
- Theft of security credentials
This list actually flipped in the last two years mostly due to the sophistication of RAT software that can give an attacker access to the entire network instead of just a single PC or cloud account. The latest variants target UEFI bios which keep the threat in place even after you get rid of the infected hard drives. As these threats evolve, they also highlight other security issues on the network which makes them difficult to remove and require constant monitoring.
With so many teams working remotely nowadays, what are the best practices when it comes to secure file sharing?
The single most important recent advancement in overall IT security that really deserves wider adoption is the use of MFA/2FA/OTP: multi-factor authentication that requires secondary verification before accessing any sensitive system or information. Working remotely, outside of a managed network and access to IT staff, creates a new universe of security threats that should be mitigated by:
- Deploying & requiring MFA for access
- Deploying a more aggressive backup and imaging solution
- Controlling and reducing the attack surface (by limiting access only to required web sites & services)
Besides secure collaboration solutions, what other security measures do you think modern companies should invest in?
You are probably already spending too much on overlapping, redundant, and underutilized security solutions.
The best security investment you can make today is to get an audit of your existing security portfolio and its integration. Being secure doesn’t come simply from paying for a security software/service license – it has to be properly integrated, configured, and monitored in order to truly keep users away from dangerous content. Due to the chronic lack of security focus and the habit of deprioritizing security for the sake of end-user comfort, many organizations find themselves in a perilous situation with cyber insurance demands.
We are seeing organizations getting compromised not because they don’t have security solutions or adequate training but because they don’t take the time to properly and fully implement the security solutions they are already paying for. An overwhelming majority of ExchangeDefender subscribers rely on less than 30% of the security features they already pay for.
Can you give us a sneak peek into some of your future plans for ExchangeDefender?
Our biggest technical investment for 2022/2023 is to make it possible to access external content (email attachments, files, messages, sites & services) in a secure online sandbox environment where dangerous content wouldn’t even have a chance to reach the user’s desktop, phone, or network.
Our biggest investment is in the area of security audits and assessments. While there is always a shiny new tool or service that promises better security, our data indicates that it’s rarely the lack of a tool, and more often the lack of proper deployment and management of sensitive information that leads to a security compromise.
We’ve helped countless businesses that have been compromised over the years and it usually comes down to neglect of security processes combined with a lack of a plan to respond and recover from a hack. Our future plans are to help organizations change that scenario because cybersecurity isn’t something you buy, it’s something you do.
To celebrate the launch of our new small business service plans, we are currently offering 30-day free trials for any service. Interested in ExchangeDefender? Please visit www.exchangedefender.com/business to request your free trial today!
4 cybersecurity stats that every lawyer should know
Cyber-attacks on the legal sector are on the rise. Legal practices are big targets for hackers due to their access to sensitive information, and severe lack of security.
Here are four statistics that ring alarm bells in the industry:
Number one: One in four law firms have experienced a security breach of some kind. Even more have had malware or viruses according to a 2019 American Bar Association survey.
Number two: Data breaches cost your local small practice an estimated average of $36,000 dollars. To put in perspective, a new legal assistant salary for the year would costs the firm about the same price. Also, at least 31% of their clients terminate their relationship with the firm afterwards.
Number three: 61% of ransomware victims in the legal sector were Law Firms in 2020. It is the highest of the legal profession, with Courts, and Legal Services coming in second.
Number four: 94% of malware and ransomware attacks were delivered by email in 2020. There are new malware and viruses being discovered every day.
The bottom line
Law firms pose a higher risk for data leaks due to their business nature of storing and sharing sensitive information. ExchangeDefender provides affordable email security, email archiving, and email continuity solutions to the legal industry. One of our largest client bases, the legal industry relies on ExchangeDefender to mitigate risks of cyber and email attacks.
Secure your law firm, explore our small business plans today!
ExchangeDefender Outbound Email Bypass
ExchangeDefender Bypass builds on our commitment to helping users deliver email – not to mention making it easier to troubleshoot and work around mail security restrictions. We’ve all experience the “email bounce” when a message we send to someone promptly returns with some cryptic error and the bottom line is the recipient isn’t getting your email.
ExchangeDefender Outbound Bypass helps remedy this problem.
Email non-delivery can happen for a number of reasons – insufficient resources, misconfiguration, outage, local system policy, etc. When your mail bounces there are no easy ways around it, and most savvy users will just go to their free mail account (gmail, yahoo, ISP) which can cause a number of legal and HR complications. We can do better: with ExchangeDefender Outbound Bypass.
Much like our inbound bypass feature, the mail transiting this system does not rely on ExchangeDefender IP address space, network policies, or restrictions. We further designed it to rely on the public cloud infrastructure which is typically trusted and not subject to extra SPAM check (it’s where all your Amazon receipts & promotions come from).
So how does it work?
Simply open your browser and go to https://admin.exchangedefender.com.
Click on Bypass and select “I have problems sending mail” – fill out the form, attach anything you may need to and the message is sent instantly. When the recipient hits reply the message will go to your regular email address. That’s all there is to it. When the recipient receives your email it will still show your name, your email address, and include any HTML, images, or attachments you’ve put in the message when you composed it. It can also be used to help us open a communication channel with the recipients IT provider to resolve the original bounce as well. We hope this helps our partners troubleshoot problems faster and provide our clients a more reliable and resilient email experience.
P.S. ExchangeDefender Bypass is intended for legitimate, person-to-person email. Use of this system for UCE, bulk, sales, or otherwise commercial mail can expose you to steep fines.
2022: New cybersecurity services revealed
Today, in our “Managed Cybersecurity services” webinar, we revealed new services for 2022. The meeting focused on how we can solve today’s email problems with ease. ExchangeDefender recently launched three solutions that will empower clients, and reduce their time wasted on email issues.
Solution #1 – Bypass ExchangeDefender
Bypass ExchangeDefender helps you receive email that doesn’t meet ExchangeDefender’s security needs. The reason why clients would use this is because it completely bypasses ExchangeDefender security infrastructure entirely. Bypass ignores DNS security and authorization requirements like SPF, DKIM, and DMARC. It also bypasses established security restrictions for attachments and domains. The biggest bonus here is that it is self-service and does not require any interaction with IT staff.
Outbound Bypass
ExchangeDefender Outbound Bypass helps you deliver important email despite of outages, blacklists, throttling, and other IT problems. The email service does not use any of our networks or systems. Instead, it relies on public cloud infrastructure. Pro user? ExchangeDefender PRO users get this solution for free.
Solution #2 – Recurring Emails
ExchangeDefender Recurring Email enables you to schedule recurring emails to send in the future. You can schedule emails to be sent at a certain time of day, any day of the week. The new feature is for standardized and compliance-oriented recurring email campaigns. So, how would you use it? Our team has been using it for recurring tasks and maintenance requests, payroll and HR requests, and client reminders.
Solution #3 – ExchangeDefender Guardian
Introducing ExchangeDefender Guardian, the cybersecurity analyst that lives in your inbox. Your dedicated analyst has the ability to triage, evaluate, and advise on any email that you deem suspicious. The guardian is mean for high-profile personnel. Anyone whose credentials, access, or role provide a lucrative entry into an organization. Price? The service is currently being offered invitation-only, and prices range from just $39 per month up to $399 dollars.
Interested? Contact us, or submit a ticket if you are an existing client to get started!
Password Security Policy Enforcement & Enhancements
Over the past year we’ve been introducing enterprise security measures to help protect our clients from an increasing volume of attacks. Email is the single most abused gateway for email threats – with 91% of corporate breaches starting through email – and it’s only getting worse.
If you’ve used Yahoo, MySpace, or hundreds of popular free web sites (go to https://haveibeenpwned.com/ to see how/who exposed your data) your credentials and other information is available on the web. Hackers are using these passwords and personal information to guess their way into other sites that haven’t been breached – so if you use the same or similar password (or only change the site id, or one number or letter to make it different) then you’re making it very simple for hackers to get into your account.
And we get it. Dealing with security, passwords, and locking down online services is time consuming. But as the company whose main purpose and mission is to keep you secure – we want to help save you time and make it easier for you to be secure.
For the details on all the stuff we’ve got coming in September, we’d like to invite you to our webinar:
ExchangeDefender Security Upgrade
Tuesday, September 10th, 2019
https://attendee.gotowebinar.com/register/6898777257651237900
In the meantime, we’re going to help our partners and clients not make things “stupid easy” for hackers – by globally resetting ExchangeDefender passwords that are older than 1 year. We’ll do this on September 1st, in a very minimally intrusive way, and for those that don’t use ExchangeDefender on the daily basis (and mainly just release SPAM from quarantines) the password change won’t affect them.
Using an OTP/2FA or VPN services or all the free features that are built into ExchangeDefender to keep you secure is obviously our preferred way but as we’ve noted – the realities of SMB concern for IT security – so we need to try something else. We really hope our partners and clients can take the time to attend the September Webinar, as we believe the stuff we’ve built will help lock down your organization and make security manageable again.
ExchangeDefender Phishing Firewall – Report Issue
ExchangeDefender Phishing Firewall continues to impress in terms of performance and user engagement – it’s catching dangerous content and keeping users safe from phishing attacks that often result in security compromises and breaches. Phishing accounts for over 90% of IT compromises, and as we’ve written before more than 1 out of 5 links our clients click on have lead them somewhere dangerous. With those numbers it’s clear to see why hackers are relying on phishing as the first and most effective form of attack – people will click on anything!!! And as intrusive as EPF seems to some (thank you for your feedback), our development team has been working overtime since the launch to make ExchangeDefender Phishing Firewall out of the way when it should be, and in your face when something dangerous shows up.
The goal of ExchangeDefender Phishing Firewall is to keep you safe from potentially dangerous sites and out of the way the rest of the time. You can keep up with our Dev fixes over at https://www.anythingdown.com and keep sending us your feedback. We love to hear it and we love improving the service so it can help keep you and your business safe. We also like to hear what you want us to add to the service that would make it more valuable. One such piece of feedback helped build a “Report Issue” feature:
If you click on something that you don’t recognize and you can’t tell what it is – DO NOT CLICK ON THE LINK – we are here for you. Our security concierge will open the link in an isolated virtual environment and see what kind of data is being sent back-and-forth. You will get a response, generally within minutes, with either a thumbs up or thumbs down. How cool is that?
Keep the suggestions coming, we love making ExchangeDefender Phishing Firewall the key part of your defense from phishing.
Phishing Firewall: Should I click on that link?
It is our pleasure to introduce you to the ExchangeDefender Phishing Firewall support services. While the launch of the XDPF has been rocky, we’ve received nothing but glowing reviews about it and the potential behind it to solve other email related issues (more on that in the webinar). Now that most of the dust is settled, we’re moving on to expanding this service to better serve and protect our users and the first feature out of the gate is the most obvious question a user would ask their IT/security person:
“Is this link safe to click on?”
Prior to ExchangeDefender Phishing Firewall deployment, nobody would even think of such a question. You clicked, and if you clicked on something malicious, boom you’re pwn3d. Now you’re presented with the link, the path, and you suddenly have a choice to make: “Do I trust this site?” – well, sometimes it’s hard to guess and we’re here to help. When you click on an HTML link, you will be taken to the ExchangeDefender Security Center and there will be a new yellow button there labeled “Report Issue”:
If you click on the yellow button you will be presented with a form to provide additional comments and contact information. After you provide the minimal required information, a service request will be sent to a human being at ExchangeDefender that will evaluate the link for you:
We will basically look at the link and the email data (sender, charset, SPAM data, reputation) as well as the link destination. The link will be opened in a virtual sandbox environment and we will look for any obvious payload that is automatically downloaded or data requested from the browser. We will then report back to you in an email within 24 hours and let you know what we found.
Obviously, we will also be using the same form for any support or issue management, basically setting up the ExchangeDefender Phishing Firewall as a managed, supported, and facilitated service end-to-end.
We will be discussing this feature in far more detail during the webinar on July 10th, 2019: https://register.gotowebinar.com/register/5418502553065819404 but in general terms this is a huge commitment to us that requires us to be available as a Security Officer whenever our clients need us. As a result of managing both the email and the web security incidents, we now have far more data and reputation information that can rely on to help secure our clients in near real-time. As it becomes harder and harder to know who to trust, businesses need security expertise and analysis provided on demand so they can get back to work – phishing is far too profitable and as the #1 attack vector leading to breaches and compromises, it is only going to get worse. With ExchangeDefender, you have a trusted partner that is there to help beyond just another automated security layer, our power is in the people.
ExchangeDefender: Overhaul of Phishing Protection
ExchangeDefender is thrilled to announce the new Phishing Firewall in the cloud, going into full production – Wednesday, June 12th, 2019 for all ExchangeDefender Pro and Enterprise protected clients. The old way of highlighting, underlining, inserting warnings and so on will be removed from the service at the same time because it lacks the ability to protect clients in real-time.
The ExchangeDefender Phishing Firewall (EPF) is a real-time, active pishing protection. As ExchangeDefender processes inbound mail, it will rewrite every link to proxy it through EPF when user clicks on it. If the site is safe, the user will be automatically redirected to it and will not even know that EPF is in the way. If the site is not on the safe list, end users will see this warning:
They will have the option to just click on the link and proceed, add to whitelist (at which point they are automatically allowed through in the future) or add to blacklist.
Because of the way phishing works, and all identity theft or forgery in general, it is impossible to secure email messages in transit without making annoying modifications to the message that often distort the look and feel of it. Majority of those links are in the 95% of the mail that passes through ExchangeDefender as SPAM/SureSPAM, meaning that they would never even be seen by anyone. By moving the Phishing Firewall to the cloud, we can now secure every device and provide additional metrics and advisory on top of it to protect our clients from 0-day exploits.
This feature is provided to our clients free of charge and replaces expensive “security awareness training” solutions that users typically hate and do nothing to adequately secure the client. With Exchange Phishing Firewall we enable our clients to create custom policies, maintain whitelists, blacklists, get enterprise reporting and more. It further allows us to go one step beyond – in the upcoming releases we’ll offer the ability to display a screenshot of the site as well as link intelligence data (How long ago was the domain name registered? Where is the IP you’re about to go to located? Is the domain a close spelling error of a widely recognized site? Is the forged site just a cloud hosted Google, Microsoft or Amazon cloud service instance that is holding or redirecting you to another more dangerous location?)
If you’re currently on ExchangeDefender Essentials, we encourage you to schedule a demo with our team to check this feature out as it’s significantly cheaper than antivirus or “security training” solutions and will do a far better job. If you’re on ExchangeDefender Pro or ExchangeDefender Enterprise, you will get this feature free of charge. On Monday, June 10 we will send an email notification announcing this launch to our partners, MSPs, and Service Providers. On Tuesday, June 11 we will send an email notification to end users. Finally, on Wednesday, June 12th we will go live with the service and hope to minimize the annoyance of phishing once and for all. Email is the single most popular attack vector, with 91% of the compromises starting through a phishing attack, and we look forward to protecting all our users even better.
Network Upgrades at ExchangeDefender
Many IT professionals have gone through a lifecycle infrastructure upgrade – the all important cycle of improving the infrastructure as the vendors push down new features with ever increasing resource demands. We’ve been doing that since 1997. One thing that has changed in the past 20 years is the scope and magnitude of both attacks and the network demands to manage them all. We’ve done an excellent job keeping up with them all, with our last major outage (that lasted nearly 4 hours) back in 2011. We learned a lot that day – and rolled it up into our products and services that many of our partners have experienced. These days, with the cloud services, the game is completely different.
I hope you have a moment to join our WEBINAR next Thursday, April 11th, at noon
Register here: https://attendee.gotowebinar.com/register/5700720797827651073
It won’t be the usual rah-rah new features new stuff show. I will speak candidly about how we’ve managed to overcome and triumph in the “Cyber” security game and how we’re still always one step behind whatever 0-day attack vector comes down. I’ll be discussing (somewhat intimate) details about the performance issues, DNS issues, DC issues, subscription issues, 3rd party IP issues, and how all of these have become both an IT management issue and customer service nightmare. I truly hope you join us. I know your time is valuable and schedules get tight so if you can’t make it, the recording will be posted in our portal as usual.
What we learned last week – for the millionth time – is that communication in cases of issues is paramount. When things appear to go down, people panic. They require not just information but reassurance, confidence, and a plan required to address issues. For smaller companies, that’s a matter of just falling back to a cell phone – for larger ones (if it’s not already you, it definitely is something to consider for your clients) that is simply not an option and the volume of activity will easily and quickly overwhelm you. I used to see it every day – when issues come up for our partners, their clients call us.
We’ve made an overwhelming investment – not just in technology and features but manpower – that has fueled our growth for the last few years. I want to share, personally, exactly how we operate and how we’ve been able to both prioritize and execute some of the more impressive infrastructure enhancements and how they are going to be here to serve you for years when something happens.
And then I hope to offer you the same – as a token of our appreciation for your business and your loyalty through the years. Pretty excited, I hope you can join us.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
New Feature: ExchangeDefender Announcements
ExchangeDefender Announcements
As you’ve probably noticed, our feature development has really picked up in 2018 and we have an even more aggressive product roadmap for 2019. To help make sure everyone is on top of all the new features and that our partners (MSP/VAR) have the best possible way to keep all of our clients informed of the new features, we’re happy to announce the Announcements feature!
Starting in late February 2019, our service providers and CIOs alike will have the ability to post announcements that will be featured prominently on the ExchangeDefender admin login page, inside the user control panel, and in the domain/org control panel. As you can imagine, this feature has a lot of flexibility to help you efficiently target the right organizations and users.
Announcement Feature Highlights:
– Announcement title and announcement contents can include HTML and you can even insert a picture for each.
– You can set the announcement expiration date so that the announcement doesn’t show up after a certain date. This is great for sales promotions, webinar registrations, etc.
– You can scope the announcement: It can be global (for all of your domains) or it can be scoped down to a list of domains you choose. As most of our MSPs manage different kinds of organizations, one-size-fits-all announcements rarely work and this feature can help you solve that problem by targeting each organization specifically.
– I want to see this announcement too: If you’re in a larger organization you likely have personnel that is responsible for different departments or companies. Because announcements are visible on the login page of your portal as well as control panels for service provider, domain/org, and end users you have the ability to not show end user announcements to your IT and management staff.
– Include all users: You can even write specific announcements that are targeted at end users.
As ExchangeDefender gets bigger and as the complexity and service portfolio grows, we need to help our partners and CIOs communicate the new ExchangeDefender features more efficiently. Since you control your announcements it is up to you if you use it for ExchangeDefender related stuff or if you use it for your own promotion or if you delegate it to your companies to use it as another outlet to broadcast organization-specific but important news to everyone.
Most ExchangeDefender users interact with the service daily so you have a perfect (captive) spot to reach them about a product they are already interacting with – instead of having it burried in an email newsletter that they likely won’t read. This has been among the most demanded MSP features for years and we’re happy to deliver something with enough power and flexibility that will make both your tech/support people happy (so they can address possible support issues) as well as marketing/sales (so they can better target their message). You can only display up to two (2) announcements at a time though so the only bad news here is that you’ll have to prioritize.