By Daniel Schrader
Even before COVID-19, SaaS-based productivity tools such as Microsoft 365 had been gaining market-share at a remarkable pace. Today, with hundreds of millions of employees working from home, enterprises are turning to software as a service (SaaS), including Microsoft 365, like never before. In doing so, many companies are decommissioning their old email gateways and relying on the security that comes with the SaaS applications. However, as email is the most common transport mechanism for cyber-attacks, it is important that organizations ensure they have an advanced security posture.
Microsoft offers two security services for M365: Exchange Online Protection (EOP) and Advanced Threat Protection (ATP). These services have most of the features you need to secure your productivity infrastructure but poor detection marks both these security solutions. As a result, organizations are turning to Fortinet’s Dynamic Cloud Security solutions, including FortiMail, to enhance and complement native capabilities within Microsoft 365 and better protect their journey to the cloud.
The best known tests for email security solutions are the Virus Bulletin Spam (VBSpam) Report, ISCA Advance Threat Defense (email) and SE Labs Email Security Gateway test report.
The latest SE Labs report, which pitted leading email security services against live targeted attacks that are the same or similar to those seen in recent security events, reveals differences between Microsoft 365 security and security from third party vendors. The report consolidated the results in a single metric, “True Accuracy,” that took into account not just detection but also remediation, false positives, and false negatives. In particular, this metric included the solution’s handling of non-malicious messages and components of those messages, such as attachments and links to websites. SE Labs found Microsoft’s email security solutions had accuracy ratings of less than 30 percent, revealing the need for an advanced third party solution capable of augmenting Microsoft 365 security. SE Labs found that Fortinet’s FortiMail was among the leaders in total accuracy ratings with over 90% of threats detected.
Other third party tests reveal Fortinet’s ability to detect threats with few or no false positives: Virus Bulletin, in its quarterly comparative review of SPAM detection, declared Fortinet the most effective solution, detecting 99.84% of bad emails with zero false positives. ICSA’s tests confirmed the Virus Bulletin findings: after 5 weeks of extensive testing, ICSA found that Fortinet FortiMail detected 99.8% of threats with a false positive rate of under 1.6% - both among the best results of any product tested.
Through its Security Fabric, Fortinet offers the broadest, most-effective set of cloud-ready solutions to complement M365. Fortinet works closely with Microsoft to integrate its solutions tightly with M365, providing flexible consumption models and deployment options for on-premises, hybrid and multi-cloud environments. Built from the ground up to co-exist and complement M365, Fortinet’s approach allows customers to use the applications they are most familiar with from Microsoft and the proven security they can rely on from Fortinet.
Detection of malicious email is only part of M365 security – but is probably the most important part. Other elements of an effective M365 security solution, which Fortinet provides include:
SaaS-based applications such as Microsoft 365 are one example of the need for enterprise-class security solutions for cloud-based infrastructures. Fortinet’s Dynamic Cloud Security solutions include network security, application security and platform security for all major clouds, both public and private.
The Fortinet Cyber Threat Assessment Program is a free program that analyzes your email traffic for spam, phishing emails and malware. After the two-week assessment, Fortinet provides a detailed risk assessment report. Sign-up for your personal email security assessment and get started today.
* Figure 1: SE Labs Email Security Gateway test report.