Running your own email servers doesn’t do anything to differentiate your business from the competition (except in a bad way, if you get hacked). But avoiding the effort of managing and monitoring your own mail server isn’t the only advantage of a cloud service. The scale of a cloud mail provider like Office 365 means that malware and phishing attacks are easier to spot — and the protections extend beyond your inbox.
Email protection isn’t just about blocking spam anymore. It’s about blocking malicious messages aimed at infecting computers and stealing credentials. Traditional antivirus scanning isn’t the solution either, because attachments aren’t just executable files you can recognize with a signature. Often, scammers use JavaScript and macros (including PowerShell) to trigger a secondary download with the malicious payload. And embedded links often go to legitimate but compromised sites, so you also can’t rely on site reputation.
Even as malicious messaging is evolving, attacks are increasing. According to security firm Proofpoint, the largest malicious email campaign in Q4 of 2016 was almost seven times larger than the largest campaign from Q3 of that year. And corporate email continues to bear the brunt of the attacks (Google recently noted that attackers send four times more malware and six times more phishing attacks to corporate inboxes than to personal email addresses.) Of the 80 billion messages sent to Office 365 inboxes in a month; 55 billion are spam and bulk emails and over 20 million contain malware or phishing messages that could cause a data breach.
Even with training, relying on users to spot phishing emails is problematic. In a Microsoft Ingnite presentation, Jason Rogers and Phil Newman, both Office 365 program managers, noted that targeted messages in particular are often so plausible that users report spearphishing messages that have been correctly blocked by Office 365 as false positives.
Can cloud email give you better protection? Yes, says Rudra Mitra, partner director for information protection on the Office 365 team. “On premise, you're one enterprise battling these security issues by yourself; your network is a perimeter and you try to see what comes in.” That might be difficult with the scarcity of security talent, Mitra notes. But the real advantage of cloud email is just how much information Microsoft can gather to detect attacks, using the scale of Office 365 and other Microsoft services.
“We bring millions of organizations into the cloud so the view we get into attacks is aggregated over those millions of organizations,” says Mitra. “You start with the patterns, the newest ways of attacking that show up, whether that’s generally or just for the U.S. or the U.K., or specifically in the financial sector…. The malware one organization may be receiving is clear to us, as is whether they are the only organization getting it or it’s showing up across the service in different geographies and sectors. The view you have of the threat landscape dramatically increases, and that intelligence and inference flows back into our security products.”
That information powers new security features in Office 365 aimed at helping you see exactly what threats you're facing, as well as offering you more tools to protect yourself.
Some of those protections are only in the Office 365 Advanced Threat Protection (ATP) service (which is included in the E5 tenant and available as an add-on subscription for other Office 365 tenants and — for some features — is even available for on-premises Exchange servers, for $2 per user per month).