Recently, Cybernews reached out to ExchangeDefender CEO, Vlad Mazek to learn more about how we keep businesses safe from cyber-attacks using top of the line security solutions. The informative discussion centers around the topic of cybersecurity, and what that means for the modern business.
With the recent rise in phishing attacks, it is smart to double-check if it’s really your coworker that emailed you.
By now, it’s probably hard to find an Internet user who has never received emails from someone claiming to be a long-lost relative who wants to share their fortune. While the majority of us are familiar with this type of malware, phishing attacks shouldn’t be underestimated. Nowadays, when threat actors start to include more personal details, posing as coworkers or even bosses, staying vigilant is key.
To discuss the topic of cybersecurity and phishing prevention, we reached out to Vlad Mazek, the CEO of ExchangeDefender, a company eliminating email threats before they even reach your inbox.
ExchangeDefender has been providing various security solutions for more than 2 decades. What was your journey like throughout the years?
We originally started ExchangeDefender to improve the reliability of our Microsoft Exchange servers by offloading all the security tools to a more scalable infrastructure. Over the years we’ve expanded our security portfolio to protect other email servers, as well as deliver more secure ways to rely on common office tasks such as file sharing, collaboration, and compliance.
Can you tell us a little bit about what you do? What are the main problems you help solve?
We used to say “We kill SPAM for a living” and to this day we simply eliminate common threats that lead to security compromises and service outages by providing email encryption, long-term archiving & eDiscovery.
We make it easier to rely on email for secure and reliable communication; which we do by keeping potentially dangerous content away from your webmail, mailbox, desktop, or phone. Simply put, we make it easy to get things done more securely.
What technologies do you use to detect and stop threats in their tracks?
We primarily rely on our internal early warning system which tracks unusual activity from known threat actors. Because of our size and client base, we often have the luxury of being among the first to be targeted which helps us identify safe and unsafe developments before they go “viral”.
We also participate in many proprietary, open-source, and data/intel sharing projects that help raise the security profile of everyone involved.
How did the pandemic affect the cybersecurity landscape? Were there any new features added to your services?
Pandemic actually improved the security landscape for our clients because they suddenly had to shift to a remote work model which inherently came with more stringent security requirements and more awareness for security policies and secure collaboration.
We noticed a significant shift from traditional office communication methods to SMS/TXT and we moved quickly to make all of our services SMS-aware. Mobile phones have become a security identification token, a mobile presence device, and far too often a failover computer. That’s why we invested heavily in extending our services to meet our clients’ needs to go beyond just sending email messages.
What sectors (for example, financial, healthcare, etc.) do you think should put extra attention towards email security?
The best way to answer this question is to think like a hacker because for them it’s not personal, it’s business.
Organizations get compromised for one of two reasons:
- They have assets (data) that are valuable
- They have a reputation that is valuable
If you have a lot of valuable data or a trustworthy relationship with your clients, you’re a valuable target regardless of your industry. It would be difficult to hack a financial institution because they have dedicated IT and security teams, go through routine audits, and can respond to threats quickly. Compare that to a small CPA firm that uses standard tools and an antivirus bundle that came with their PC.
When it comes to cyber threats carried out via email, what are the most common ones?
Email is the most popular way to get cyber threats into an organization, according to a recent study over 90% of security compromises started with email and it has not changed significantly in the past few years: the #1 cyber threat is from spear phishing. Spear phishing is a practice of forging the identity of the sender and the look of the email to something the recipient would find trustworthy enough to click on. What has changed significantly is the end goal of spear phishing:
- Deployment of RAT (Remote Access Trojan) software
- Theft of PII (personally identifiable information)
- Theft of security credentials
This list actually flipped in the last two years mostly due to the sophistication of RAT software that can give an attacker access to the entire network instead of just a single PC or cloud account. The latest variants target UEFI bios which keep the threat in place even after you get rid of the infected hard drives. As these threats evolve, they also highlight other security issues on the network which makes them difficult to remove and require constant monitoring.
With so many teams working remotely nowadays, what are the best practices when it comes to secure file sharing?
The single most important recent advancement in overall IT security that really deserves wider adoption is the use of MFA/2FA/OTP: multi-factor authentication that requires secondary verification before accessing any sensitive system or information. Working remotely, outside of a managed network and access to IT staff, creates a new universe of security threats that should be mitigated by:
- Deploying & requiring MFA for access
- Deploying a more aggressive backup and imaging solution
- Controlling and reducing the attack surface (by limiting access only to required web sites & services)
Besides secure collaboration solutions, what other security measures do you think modern companies should invest in?
You are probably already spending too much on overlapping, redundant, and underutilized security solutions.
The best security investment you can make today is to get an audit of your existing security portfolio and its integration. Being secure doesn’t come simply from paying for a security software/service license – it has to be properly integrated, configured, and monitored in order to truly keep users away from dangerous content. Due to the chronic lack of security focus and the habit of deprioritizing security for the sake of end-user comfort, many organizations find themselves in a perilous situation with cyber insurance demands.
We are seeing organizations getting compromised not because they don’t have security solutions or adequate training but because they don’t take the time to properly and fully implement the security solutions they are already paying for. An overwhelming majority of ExchangeDefender subscribers rely on less than 30% of the security features they already pay for.
Can you give us a sneak peek into some of your future plans for ExchangeDefender?
Our biggest technical investment for 2022/2023 is to make it possible to access external content (email attachments, files, messages, sites & services) in a secure online sandbox environment where dangerous content wouldn’t even have a chance to reach the user’s desktop, phone, or network.
Our biggest investment is in the area of security audits and assessments. While there is always a shiny new tool or service that promises better security, our data indicates that it’s rarely the lack of a tool, and more often the lack of proper deployment and management of sensitive information that leads to a security compromise.
We’ve helped countless businesses that have been compromised over the years and it usually comes down to neglect of security processes combined with a lack of a plan to respond and recover from a hack. Our future plans are to help organizations change that scenario because cybersecurity isn’t something you buy, it’s something you do.
To celebrate the launch of our new small business service plans, we are currently offering 30-day free trials for any service. Interested in ExchangeDefender? Please visit www.exchangedefender.com/business to request your free trial today!
The importance of data security has catapulted to the forefront because of the fast-moving, unforeseen Covid-19. The pandemic caused most office workers to work from home for months, and required many organizations to build remote workflows. Remote working has offered prime opportunities for hackers to take advantage of unsecured data. The safety of confidential information in the remote workforce is becoming increasingly difficult to achieve without the proper security tools, (which most businesses lack).
ExchangeDefender Corporate Encryption is the perfect solution for organizations that need to secure their company data. Employees are able to encrypt emails simply, and share documents securely with Encryption. (Ask for a demo!)
Skilled Employee Shortage
Yes, we’re in the middle of a talent shortage. Businesses are experiencing a lack of skilled employees as the pandemic, and the Great Resignation movement continues to rage on. The IT department in many businesses are suffering, with 93% of employers reporting an overall skills gap. Staffing issues in IT are creating disruptions in other parts of the business as well – making increasing productivity a dream rather than reality.
There is an opportunity for MSPs to offer IT services that organizations are unable to fulfill inhouse due to staffing. Services like cybersecurity, data storage, encryption, and disaster recovery are in very high-demand since the beginning of the pandemic. Offering businesses services that are mission-critical, and that can guarantee work productivity or continuity is vital!
The COVID-19 crisis brought most businesses to a near stand-still causing major stress to business owners, and corporate CEOs alike. The future is uncertain, but what we can do is actively factor in future trends into our business growth goals. This means focusing on what the market needs (like providing solutions related to trends that are exploding), and on your customer base. The best data you have is from your current clients. Look for similarities, ask them questions along the way.
Cybersecurity threats increasing
Approximately 2,200 cyber attacks happen every day, which means every 40 seconds, a hacker gains unauthorized access to information. Company data has become one of the most valuable assets of a business. Data breaches continue to rise as hackers take advantage of vulnerabilities, particularly within the remote workforce. 68% of business leaders feel their cybersecurity risks are increasing.
The most common way of cyber-attack is through email, and every business is susceptible. 94% of malware is delivered by email, and about 50% of malicious attachments are Office files. The pandemic has brought in a new wave of cyber attacks with Phishing. In fact, 1 in 13 requests lead to malware – making it increasingly difficult to discern what is real, and what is not. Human error is driving data breaches, and organizations need to implement security measures to ensure the safety of their people and data. (Explore ExchangeDefender PRO)
Business Continuity / Disaster Recovery
When the COVID disaster first occurred, businesses realized that they did not have an active business continuity plan. This is a plan that details what to do in the event that a disaster, natural, or otherwise happens. We have experienced a significant increase in demand for email outage protection, archiving, and file sharing services. Businesses have the challenge of making sure they can still operate as usual despite disruption, or public health crisis. Organizations that take advantage of solutions that empower productivity from work or home will experience the least amount of interruption.
This summer has been hot for ExchangeDefender, like really hot. Yes, we do live in sunny Orlando, but we’re raving about our newest releases. We have been focusing on making processes easier for both our partners and our clients. “Keep it simple, stupid.”, has been our motto and we hope that our new releases are a reflection of that mantra. The uncertainty and added stress that the pandemic has caused, is what inspired us to look inside of our company, how we offer our services, and support.
We created a Desktop SPAM manager.
To be fair, we created a desktop application to manage your SPAM about ten years ago. We retired it, and decided that we needed to design a new and improved management system. The ExchangeDefender Desktop SPAM Manager is a multi-platform app that works well with Windows, Mac, and Linux. It is designed to provide users SPAM notifications. The manager lets you know when there is SPAM waiting, and allows users a secure way to access, read, reply, and forward messages. Interested in getting desktop notifications? Please open a ticket at https://support.exchangedefender.com, and we’ll send you a link!
We added Starter kits to our Marketing Collateral.
Did you know that we have a special section on our website for Marketing collateral? (www.exchangedefender.com/marketing) This page features a collection of sales support tools to help our partners sell ExchangeDefender services. We recently designed Starter Kits that provide useful information on our solutions. Whether you are a new partner, or a veteran – Starter Kits contain valuable material that can be shared with prospective clients. If you are an active partner, marketing collateral is available to you for free. You can even get your sales documentation branded with your logo. Simply visit the Marketing page, and submit your request.
We were featured on CBS, FOX, and NBC news.
Recently, ExchangeDefender was showcased on several U.S news outlets for the surge of new partnerships we are experiencing. We believe that the rise of popularity for our partner program has been due to the Covid-19 pandemic. Managed Service Providers, like most other businesses, are searching for ways to lower their costs, and boost their service offerings. Our partner program is free, and has always been free with the confidence that our clients would be able to focus on building their business. ExchangeDefender hopes to build meaningful relationships with MSPs who are seeking to build their business, while keeping IT costs down. To read more about our latest news coverage, please click here.
ExchangeDefender has been providing email security, compliance, and business continuity solutions via Managed Service Providers since 1998. We believe in offering our partners exciting opportunities to build their MSP businesses with IT solutions that are profitable, flexible, and custom to fit their client’s needs.
Build an award-winning service portfolio with no upfront costs.
ExchangeDefender’s cloud technologies are distributed exclusively through our partner channel. Our commitment to your success is at the core of all we do. Joining us means you’ll be able to offer the following IT services instantly:
Advanced Email Security
ExchangeDefender PRO is a multi-layered security suite that protects users against SPAM, viruses, malware, phishing attacks, and more. The email security solution is compatible with all major email service providers – including Office 365, on-premise Exchange, and G-Suite for Business.
ExchangeDefender Corporate Encryption enables users to send and receive encrypted messages by email, url, or sms. It is easy for organizations to quickly adopt, and also includes advanced real-time reporting with analytics.
Email Archiving and Compliance
ExchangeDefender Compliance Archive provides long-term email archiving, with unlimited tamper-proof encrypted storage. It includes powerful eDiscovery search, and helps organizations achieve email compliance with regulatory requirements established by IRS, FINRA, HIPAA, SOX and SEC.
Email Outage Protection
Yes, that’s right – say goodbye to email outages. Plus, how many other service providers do you know that offer this type of email continuity solution? ExchangeDefender Live Archive enables users to send and receive email during service outages from Outlook and Gmail.
File Sharing with Unlimited Storage
ExchangeDefender Web File Server is a professional file sharing software that offers secure sharing, and management of information. Web file sharing makes it easy for teams to share documents without having to rely on email, or old file servers. Provide your clients with the oversight and security of their most precious asset, their data – for just a few dollars.
Managed Email Hosting
ExchangeDefender empowers our partners to offer a secure full-service email hosting solution using the latest Hosted Exchange. Partners are able to provide clients peace of mind with professional email that is managed, supported, and secured by email experts.
Become an ExchangeDefender partner today!
Membership is free, you can cancel at any time. Enjoy full access to all of our solutions within minutes after being approved! – APPLY NOW –
ExchangeDefender has recently launched an ‘Official Partner’ logo, designed exclusively for our current partners. The logo is a graphic brandmark that features our traditional ExchangeDefender design, as well as the addition of ‘Official Partner’ underneath in dark grey.
There are currently two different versions of the logo to best assist all partners and their individual websites. The option to choose the light, or dark version is totally up to the preference of the partner, (their brand colors, website colors etc.)
Ways to use
We have a few suggestions on how to use your Official Partner logo. The first is on your website. You can download the logo and paste it into your website. Preferably on the front page to show your clients, and prospective clients the current security vendors that you are in partnership. We believe the display of partner logos help express credibility to future clients that you are in good company, and collaborate well with others.
The second option is adding the logo to documents, sale sheets, brochures, invoices – things you would normally give to a potential client. Normally, you would add your company’s logo on the left side, with your partner logo on the right side. Visually its outstanding, and assures the client that you are doing well as an ExchangeDefender business partner, (which you are!).
The third option is using your email footer for when you are emailing back and forth with clients. For example, if you were to look at a company’s signature – you would see the name, title, contact details, as well as any programs, or products that they are currently associated with. The logo is easy to add into outlook or Gmail, and should only take a few mins to complete.
Oh! You can also use the partner logo when making posts on your MSP social media. This could be attached to product specific offerings, or showcasing the third-party vendors that you currently are in partnership.
How to download?
To download is simple.
Below, you’ll find the light version and dark version of the logo. The images are PNG and have transparent background to suit any color. To save, simply right click the image and click save.
Traditionally, ExchangeDefender has been an email security platform, first and foremost. In order to secure your email on its way to/from your email infrastructure, your MX records needed to point at us and all your mail was secured using our platform. In May of 2020, that changed.
As of June 2020, you can offer ExchangeDefender solutions without ExchangeDefender or mail going through to us at all. It’s no secret that all the add-on cool features in ExchangeDefender (LiveArchive, Web File Server, Encryption, Compliance) are in their 3rd or 4th generation, and those services are in huge demand on their own.
You will shortly be able to purchase most of our offerings directly without the complexity of joining our partner program and without needing to implement a bunch of other features if you only need a way to securely collaborate. Our web site, ExchangeDefender.com will remain a partner-centric experience and we are introducing a new site used to manage ordering and processing of subscriptions to our a la carte services.
Our partners will be able to continue provisioning and ordering ExchangeDefender services as is. As a partner you’ll also have a choice of placing orders through the new a la carte service as well (if you don’t want to be involved in management, support, etc for your users) just without discounts and incentives (since we’ll be doing all that work now).
We strongly believe that our partner ecosystem provides a lot of value to the organizations that consider IT security to be critical to their success. The reality is that many do not, and our partners tend not to sell services to clients they deem too small or too unprofitable for the overall offering: now we have the means and ways to help them through service bundles and individual service offerings specifically designed for the cloud.
If you’d like to be on a beta test, please let us know, the new platform will launch next week!
Employees are suddenly finding themselves working remotely due to the current health crisis of the Coronavirus that is sweeping nations across the globe.
As we protect thousands of businesses from the drastic uptick of phishing emails and ransomware attacks claiming they are from verified sources, we have noticed new tactics that hackers are using to fraud employees working from home.
Here are our top 3 cybersecurity implications of working from home:
- The lack of authentication and authorization
There is an increased need for two-factor authentication, monitoring access controls and creating strong passwords. Managed Service Providers should encourage their clients and end users to add additional security safeguards.
We recommend changing your password every 90 days, and enabling OTP/2FA to improve your account security. To manage this for ExchangeDefender, view user guide.
- Increased risk to cyber attacks
There’s an increase risk to attacks like phishing and malware, especially since employees will now likely receive an unprecedented amount of emails and online requests.
ExchangeDefender Phishing Firewall (EPF) automatically secures inbound mail by rewriting HTML links so they are forced through our firewall when you click on them in Outlook, Gmail, or any web-enabled email application.
To add a new web site to the Whitelist or Blacklist click on the + Add New button in your ExchangeDefender Admin portal. To learn how to manage this setting, click here!
- Unsecured BYOD (Bring your own device)
Remote working can successfully widen an organization’s attack surface. Mainly due to employees who use their own devices for work can introduce new platforms and operating systems that require their own dedicated support and security. As a result of so many devices being used, it’s likely that at least some will fall through the security cracks.
ExchangeDefender Pro offers users a VPN server to connect to in a secure manner no matter where they go. Public Wifi hotspots tend to have questionable security at best and can be used to compromise a device that is connecting blindly across the Internet. Connecting your phone automatically to a VPN can assure that email access (and all the confidential data in the email) can never be snooped on.
Webinar Announcement: ExchangeDefender solutions will soon be available “a la carte” to clients. Attend our webinar on Tuesday, March 31st at 12:00 PM EST. Register Now!
ExchangeDefender has changed how our inbound nodes will handle emails delivered to our server when the sending server is on a Real Time Blacklist (RBL). Previously, RBL listings would cause emails to be rejected and not able to be delivered to the recipient (even if requested). Now, when a server is listed on a public RBL, the message will score high enough to classify as SURE SPAM instead of rejected back to the sender.
Changes to how ExchangeDefender handles Real Time Blacklisting (RBL) of the senders server will be visible to both the and MSP Customers.
Customers with STORE / QUARANTINE see a dramatic increase of items in the SURE SPAM quarantine, including email quarantine reports.
Customers with TAG AND DELIVER will see a dramatic increase of sure spam items delivered to their inbox.
MSPs will have two settings to control how RBL listings are handled with regards to matching whitelist rules. By default, whitelisted senders will override the RBL listing and will allow the scanner to ignore the RBL entry. MSPs will have an option within the domain’s phishing configuration with regards to handling whitelisted senders who wind up on an RBL.
Everyone on record by December 31st, 2019 will be grandfathered into the service.
You’ve got 45 more days to sign up for ExchangeDefender Essentials and Exchange Hosting Essentials in their current form with all the current benefits and features.
In 2020, we will start offering a new Essentials service that is more competitive with the entry level offerings from Microsoft, Google, etc.
New accounts will not be compatible with Office 365, Gmail, or other cloud based email services, a territory that ExchangeDefender Pro is far better suited for.
The service will be slightly more affordable but will no longer have options to add on Encryption, Web File Sharing, LiveArchive, Compliance Archive, corporate & MSP branding, and other enterprise-ish features. If these features are important to you and you have open leads, please make sure the orders are placed by Christmas.
Between the lines:
ExchangeDefender Essentials line has had a great run but over the past two years we’ve noticed a trend – clients are either going for the cheapest option, or they are signing up for all the bells and whistles that come with the Exchange and ExchangeDefender Pro line of services. The original intent behind Essentials was to create a “make it your own” version where companies that didn’t need Encryption or LiveArchive could save a few bucks and get an enterprise product that scaled with the organization as it’s demands grew.
We’re hoping that announcing the phasing out of the current licensing will give existing leads an incentive to get signed up and grandfather in the features at a discount.
Our last webinar announced our strategy for expanding the level of protection we offer to our ExchangeDefender users that goes far beyond just email. Our three-pronged approach will now include software, services, and training. We are best known for our email security service “ExchangeDefender” but as the email threats escalate in frequency and evolve in complexity, it is time to add a software component.
Over the past decade we have been developing Wrkoo (codename: “Shockey Monkey”), a business management solution centered around helpdesk and service delivery. As that product has grown to better manage accountability and task tracking, it became a perfect solution for us to use to help our ExchangeDefender users be more secure. Specifically, ExchangeDefender knows about your preferences and security policies – Wrkoo has the capabilities to help your entire organization work better together to create a more secure environment. You will see this distinction and the advantage in action later this week when we announce the Password Vault.
Our implementation is very simple and straight-forward. Every ExchangeDefender Pro protected organization will get it’s own Wrkoo portal (ex: https://exchangedefendercom.wrkoo.com) absolutely free of charge. All the users in ExchangeDefender will automatically be added to the Wrkoo portal and same login credentials will work on both sites.
As we add business-level features that help improve user security, they will be available via https://admin.exchangedefender.com portal under the Shortcuts dropdown (same place you find your Web File Server, LiveArchive, ComplianceArchive, Encryption, etc) as well as via direct login to the Wrkoo portal. This will help our clients quickly navigate between their files, passwords, archives, and all other services.
ExchangeDefender admin portal has been designed from the standpoint of email security and corporate policy enforcement and it is very quick, efficient, and easy to use. Once you look at securing your business beyond just SPAM filtering, things get complex and importance shifts to communication, training, and overall awareness. These are the areas that Wrkoo shines at through its calendars, tasks, tickets/cases/issues, knowledge base, and the ability to help the entire organization communicate and be on the same page. It really is a perfect medium to help everyone in your business manage their information in a more secure and practical user -friendly way.
Our mission remains the same: to keep you safe online. As the threats evolve and management of compliance, reporting, audits, and training becomes more complicated – our solution is there to help you scale and address those issues without spending more money. ExchangeDefender and Wrkoo are here to make that possible.