Email Security Blog

Microsoft Office 365 + Secure Email Cloud: All You Need in a Cloud-First World

Seth Knox July 16, 2019 Email Security

Editor’s Note: This blog post has since been updated, you can see the updated version of this blog post here. 

You’ve heard the statistics… more than 70% of all business users will be provisioned with cloud office applications in the next two years, including email. It’s an overdue modernization that eliminates physical infrastructure to drive cost savings and integrate services for improved productivity.

Chasing this move, cybercriminals intent on account takeover are evolving their tactics, targeting end users with various identity deception scams. Their evolving tactics and your defenses against them deserve a closer look.

Email remains the number one threat vector for data breaches. And Microsoft itself is the number one abused brand when it comes to impersonation email attacks. Common spoofing tactics include malicious emails disguised as Microsoft Office 365 password updates and invitations to edit a OneDrive document linking to a spearphishing page.

So on the one hand, implementing Office 365 can drive triple-digit ROI. On the other, business email compromise and spear phishing can wipe out the most robust ROI with just one successful attack that results in an account takeover, unauthorized transfer of cash, or loss of intellectual property or sensitive information.

From Legacy SEG to Microsoft Office

Particularly with the addition of Microsoft Exchange Online Protection (EOP) and Advanced Threat Protection (ATP), Microsoft Office 365 is better protected than any platform that came before it.

Key capabilities such as anti-spam, virus/malware detection, and data loss prevention traditionally found in the secure email gateway have been integrated as native capabilities in the platform. Microsoft’s anti-malware and anti-spam features are often recognized by the marketplace as more impactful than the major SEGs.

With basic email security covered by Microsoft Office 365, many organizations have eliminated their secure email gateway. Meanwhile, attack sophistication has evolved from content-based techniques such as malware and unsafe URLs, to crimes of identity deception that signature-based controls are ill-equipped to address.

Enter the Secure Email Cloud

Advanced email attacks can appear as plain text messages targeting basic human emotions such as fear, anxiety, and curiosity.  These socially-engineered attacks trick unsuspecting users into believing they are interacting with a legitimate person or service, when if fact they are being conned.

Agari delivers important capabilities to protect against identity-deception attacks, secure the corporate email sending domain, and detect and respond to threats that have either evaded initial detection or have weaponized post-delivery. These capabilities support cloud-based, on-premises, and hybrid email environments.

This is why enterprises who have adopted Microsoft Office 365  are choosing to pair that investment with the Secure Email Cloud. In fact, two-thirds of Agari customers with Microsoft Office 365 do not use a secure email gateway.

The Secure Email Cloud differs in several remarkable ways from legacy security controls, especially when paired with the built-in controls of Microsoft Office 365. Let’s peel back the layers.


Continuous Protection vs. Event-Based Detection

Through the power of predictive AI and advanced machine learning, the Secure Email Cloud fundamentally transforms email security from event-based inspection of incoming messages to continuous detection and response of newly discovered threats. This includes new messages as well as those that have already passed initial inspection and reached the inbox.

This approach stops 99.9% of advanced email attacks, including those that organizations have not seen before, and can delete messages from Microsoft Office 365 inboxes that weaponize after initial security screening. Here’s how it works.

Agari uses what we call the Agari Identity Graph™ to map trust and authenticity relationships between individuals, brands, businesses, services, and domains. We even model organizations within businesses and geographic relationships. The Agari Identity Graph is informed by telematics from around 2 trillion emails annually. It models and scores emails and sending behaviors to the level of around 300 million model updates each day.

The novelty in this approach is that rather than detecting known signatures of malicious email or using static lists of trusted senders or domains, Agari dynamically models the good to detect the bad. Based on mathematical divergence in the scoring from known good emails, Agari applies human-like intelligence and decision making based on tailorable policies to detect and respond to malicious messages.

Agari also automates the processes involved in Domain-based Messaging, Authentication, Reporting, and Compliance (DMARC), making it easy to authenticate messaging and reach enforcement. This prevents cybercriminals from impersonating the brand via email and the associated BEC attacks targeting employees through executive spoofing and customers through consumer phishing and fake invoicing attacks.

The Benefit of Integrating Microsoft Office 365 with the Secure Email Cloud

The next-generation Secure Email Cloud has distinct advantages for Microsoft Office 365 deployments. It’s a cloud-native offering that augments the native security controls found in Microsoft Office 365, and can remove messages from inboxes that have already passed initial security screening.

That is part of the reason why leading organizations including Honeywell, JPMorgan Chase, Aetna, Apple, Facebook, the United States Senate, Comcast, Air Canada, Apria Healthcare, Google, and even Microsoft choose Agari to protect their customers, employees, and partners against advanced email attacks.

Discover more about how Secure Email Cloud and Microsoft Office 365 work together to help you trust your inbox or sign up for a free demo.

Man perplexed looking at laptop computer

October 8, 2021 John Wilson

How to Prevent Business Email Compromise Attacks

How can you prevent business email attacks? Is training enough? We'll walk you through solutions…

whale underneath man in boat

September 29, 2021 John Wilson

What is Whaling Phishing & How Does it Work?

“Whaling” phishing attacks target the C-suite of a company which creates high risk of extremely…

Agari Blog Image

July 7, 2021 Chris Sestito

Catching Lookalike Domains with Image-Based Analysis

Reading is like riding a bicycle:  once you master it, it feels easy and automatic,…

Agari Blog Image

April 29, 2021 Brent Sleeper

Powerful New Agari Phishing Defense Integration Comes to Cortex XSOAR

As we expand our integrations with industry leaders, we’re very excited to highlight a new…

Agari Blog Image

April 28, 2021 Seth Knox

Frost Radar Names Agari as a Leader in Email Security

Three months ago, when I joined Agari as the Chief Marketing Officer, I knew that…

mobile image