Security

ExchangeDefender Email Encryption is a service that helps you control and distribute sensitive information. There is no shortage of solutions that help comply with the alphabet soup of regulatory requirements that help mitigate data leakage – the real challenge is making people that rely on encryption to be more productive.

We spoke to thousands of our users, across industries, to gain understanding for how they use the service and what would make it optimal. Here is their wishlist, delivered:

Encrypted Messages are about more than email

While Email Encryption services were designed to automate encryption of email that contained sensitive information, the practical use for email encryption is simply to securely deliver and track access of those messages. Depending on the urgency, sensitivity and the receiving party, ExchangeDefender’s Advanced Encryption Options make it possible to customize how long the message is available for, if the recipient needs to enroll in the service or simply click to view, who should be notified of message delivery/receipt/read status, and more.

ExchangeDefender is the only Email Encryption solution to feature multi-channel delivery of sensitive content. Simply put, organizations no longer only share data via email. Companies are now texting more than ever, as well as leveraging different portal and chat solutions to which sensitive content can be attached. ExchangeDefender enables you to send encrypted messages – automatically based on content or by your custom preference –  but you can send it as an email, as an SMS/text message to a mobile phone, or as a URL link pasted on Facebook/Slack/Teams or any web or social media property.

Simply put, when you need to know that it got there securely and what they did with it afterwards, ExchangeDefender has the policies, processes, and automation to make it possible and simple.

Encryption isn’t an IT / CCO problem, it’s a business challenge

No software to install. No need to change any DNS records or move your email hosting. No devices or appliances to maintain or support. It takes just a few minutes to sign up for ExchangeDefender Corporate Encryption, add your users, and set the default corporate encryption policy and suggested lexicons/pattern searches to keep everyone secure. In minutes, IT’s job is done.

The real encryption challenge is with the people that rely on encryption to get things done. Staff that sends out hundreds of encrypted medical records each day. Staff that communicates sensitive financial information between multiple organizations. Staff that is more concerned about the message getting to the intended recipient that can easily access it – or they become the front line IT support for every recipient that can’t view the message, didn’t get the message, or worst case scenario, message was sent to the wrong party (you can revoke it at any time).

ExchangeDefender approaches the business challenge by helping the sender customize the environment and save settings to eliminate repetitive work.

Outlook or Outlook Web App

ExchangeDefender Corporate Encryption comes with an Outlook and OWA add-in product that adds buttons to the Outlook/OWA ribbon. Safe delivery of sensitive information is really just a click away: just click on encrypt. This approach removes the need for the web interface entirely, and follows the default encryption policy as defined by your IT and Chief Compliance Officer.

Activity

Most of encrypted email work is related to message delivery: When you want to know that they got the message and what they did with it. With traditional offerings this is a painful process of searching through tons of email notifications – but ExchangeDefender takes that a few steps forward.

ExchangeDefender Corporate Encryption features a powerful Activity tab that enables users to see live activity across all the messages they’ve sent recently. For example, if you’d like to know whether the recipient attempted to print or forward a message you restricted them from printing or forwarding, you’ll find an alert on the Activity page. If you send a ton of mail, our powerful search will help you define the actions you’re looking for, search for a specific time period, or just search by text/subject. From there you can export it to Excel, PDF, CSV, or just print out the report.

If you don’t send a lot of messages or dislike constant email notifications from encryption services, we’ve got you covered as well. ExchangeDefender features a weekly email report that shows you all the messages you sent and the associated activity.

Management Default Policies

ExchangeDefender makes it really simple to define a corporate security policy that automates the encryption of sensitive information. Whether you want to screen for standard personally identifiable information (PII), or use one of the predefined lexicons for a number of industries, or you want to define a default corporate policy to keep all users secure, ExchangeDefender has you covered.

Sender Policies

ExchangeDefender keeps its users productive by eliminating the user interface clutter – a byproduct of a highly flexible and customizable interface. Sending an encrypted message is simple and requires no training by design, the entire process is obvious and intuitive.

To be productive, you will need to rely on some of the more advanced features of ExchangeDefender Encryption that help control notifications, message rights, message age, and additional security requirements. ExchangeDefender allows you to save your policy customizations as a new policy, so that all the settings you configured can be reused and reapplied with just one click, on demand.

The Encryption Opportunity

The purpose of email encryption is to help automate the encryption of sensitive information. ExchangeDefender excels at this requirement with domain policies, lexicons, advanced pattern searches, and custom policies.

There is a lot more to encryption when you consider the people that rely on it to do their job – and ExchangeDefender offers Outlook/OWA addins to make encrypted email as simple as a mouse click. From there we provide powerful Activity reports in the encryption portal that allows you to search for messages, activities, and even filter down to the right time frame. Because encryption isn’t only about sending – it’s about knowing that the message was received securely – you can create custom reports that can be printed, saved, or exported to Excel.

Ultimate opportunity is in realizing that message encryption needs to evolve with how we work. Covid-19, office closures, physical distancing, and reducing touch points has made us all rely on social media, chat platforms, portals, and social media to communicate with our coworkers, partners, and clients. We now share sensitive information via email but also over the web and via text/sms to mobile devices. ExchangeDefender supports them all, secures them all, and enables secure productivity.


It’s easy to see why Corporate Encryption is our most popular product, please submit a ticket for a free trial.

ExchangeDefender Encryption enables organizations to securely send, receive, and manage confidential email, providing an easy, seamless way to implement content protection. ExchangeDefender uses bank-grade Encryption with 256-bit keys, to secure all encrypted emails.

We are proud to announce the brand new interface and full feature functionality and reporting for ExchangeDefender’s Corporate Encryption.

Let’s take a quick tour!

Encryption Dashboard

This is Corporate Encryption’s brand new dashboard view. It is the first page you see after logging in. Your recent messages and recent portal activity is available on your dashboard.

Encryption Inbox
Compose a New Message

You can access your messages by tapping the Inbox tab. You can compose an encrypted message from this page. Encryption offers two levels of encryption, categorized by ENCRYPT and CLEARENCRYPT, and encrypts all email and attachments on every server where they reside.

Message View
Replying to a Message

The new web interface is sleek and modern, we have minimized the number of pages you visit to get things done. Finally, same page, one-click and done. You can select a recipient or a group to send the message to, the level of encryption, and even attach files.

Create a New Group for your Contacts.
Group’s List / Create a New Group
Contacts List / Create a New Contact

Encryption enables you to create groups for contacts list to make it easier and faster for you to communicate with your most popular contacts. You can add as many groups and as many contacts as you like. By clicking your Contacts tab, you can create a new contact, and you can access information on all of your important clients.


To access ExchangeDefender Corporate Encryption, visit encryption.exchangedefender.com or login to your ExchangeDefender Admin portal > Quick Launch > Encryption

What is Phishing?

In recent years, spear phishing attacks have been on the rise, and have costed American businesses millions of dollars per year in time and resources.

Phishing is a fraudulent attempt via email to obtain sensitive information like username, passwords and credit card details. This type of attack is tricky because the phishing email appears to be from a trustworthy entity like Netflix, or Apple for example.

Furthermore, the phishing email typically has a call to action, and directs the user to a website via a link within the email. This website then asks the user to update personal information – and boom, your information now is in the hands of hackers.  

According to a recent study by Verizon (2019), over 80% of security compromises start with a spear phishing email. ExchangeDefender can help you eliminate spear phishing threats or just provide notifications to your users when they get tricked into clicking on a link leading somewhere dangerous.

The solution: ExchangeDefender Spear Phishing Protection

ExchangeDefender provides the most sophisticated and most comprehensive real-time protection from email phishing threats through ExchangeDefender Phishing Firewall, External Sender flagging, real-time databases of safe and dangerous sites, and flexible phishing content handling policies.

The Basics:

1. ExchangeDefender’s phishing protection works on every device that is wifi-enabled with the ability to receive email.

2. There is no download or installation required for the security feature.

3. Our email spear phishing protection enables you to whitelist and blacklist email addresses and domains.

Spear Phishing Protection Highlights:

Phishing Firewall

ExchangeDefender rewrites the URL of links in HTML emails and redirects you through our cloud filtering service that can alert or block threats you may inadvertently click on. (Learn More)

Flag External Emails

ExchangeDefender modifies the subject of messages received from outside of your organization, so nobody can ever mistake a message from external source or a coworker. ([EXTERNAL])

Blacklist / Whitelist

ExchangeDefender Phishing Firewall allows organizations, domains, groups, and users to maintain a list of safe and dangerous web sites, to which traffic should be allowed to pass or be blocked.


To learn more about ExchangeDefender’s Email Phishing protection and how it works, click here.

You can also explore our advanced email security suite that includes phishing protection, and so much more!


ExchangeDefender has been seeing an elevated amount of malware originating from hacked Exim mail servers. While we tend to score those messages higher by default to keep our clients protected, one of our clients discovered a scenario in which a user could get a dangerous payload through our scanners (requires multiple manual steps and a sophisticated recipient with imaging software willing to go through multiple hoops). Which this is exceptionally unlikely, we wanted to address a few of the topics anyhow.

1. CIOs, MSPs, and Domain Administrators can manage attachment policies

If you go to https://admin.exchangedefender.com and login as the Domain Administrator, you can manage attachment policies under Configuration > Attachments. You can find more about ExchangeDefender configuration at https://www.exchangedefender.com/docs/domain#configuration

2. We do not deep-scan file system images (.iso/.img)

As a policy we do not deep scan .iso or .img file system images. The files themselves are scanned for both malware, viruses, and other parameters (for example, if someone renames a .exe to .img, or embeds malware in one we will still filter it out) but we will not mount file system images and go through each file inside. This is not a popular attack vector (requires multiple actions by the user and most will require Administrative access and specialized software) but it is technically possible.

3. You should implicitly distrust anyone on hacked Exim servers

ExchangeDefender cannot globally block Exim servers (because there is always going to be that one “business case scenario!!! we cannot block our $2 cPanel VPS!”) but if you can possibly block them – by all means do. While this is generally not necessary (ExchangeDefender maintains a proprietary list of pwn3d Exim servers and routinely moves them to SPAM or SureSPAM), it’s a good idea not to accept any mail from these servers at all.

4. You should implicitly junk SPF failures

Same as #3, it’s a really good idea if you have the luxury of not dealing with people that shouldn’t be running an email server. ExchangeDefender tracks SPF failures and notes them in the headers that can be used to aggressively filter out messages sent out from invalid ranges. Just look for a “Received-SPF: softfail” in the message headers.

Received-SPF: softfail (inboundXX.exchangedefender.com: domain of transitioning postmaster@gmail.com does not designate 67.82.55.11 as permitted sender)

What this means is that the organization has designated an IP range that legitimately relays messages, and this message came from an IP address outside of that range. 99.99999% of the time it’s a spammer. 0.00001% of the time it’s just a poorly configured server. It’s your choice to assess the risk and implement this if possible and we recommend it.

Finally, if you are actively monitoring security and communicating with your clients, we do manage a NOC site that logs major issues at https://www.anythingdown.com. If you’re one of our MSP or enterprise clients, you also have a branded version of this software free of charge at https://www.xdnoc.com that you can attach your domain name to and offer these alerts to your clients without copying and pasting around.We hope this helps and we appreciate your trust in keeping you safe online.

For more information, please see our ExchangeDefender Guide for Domain.

Our last webinar announced our strategy for expanding the level of protection we offer to our ExchangeDefender users that goes far beyond just email. Our three-pronged approach will now include software, services, and training. We are best known for our email security service “ExchangeDefender” but as the email threats escalate in frequency and evolve in complexity, it is time to add a software component.

Over the past decade we have been developing Wrkoo (codename: “Shockey Monkey”), a business management solution centered around helpdesk and service delivery. As that product has grown to better manage accountability and task tracking, it became a perfect solution for us to use to help our ExchangeDefender users be more secure. Specifically, ExchangeDefender knows about your preferences and security policies – Wrkoo has the capabilities to help your entire organization work better together to create a more secure environment. You will see this distinction and the advantage in action later this week when we announce the Password Vault.

Our implementation is very simple and straight-forward. Every ExchangeDefender Pro protected organization will get it’s own Wrkoo portal (ex: https://exchangedefendercom.wrkoo.com) absolutely free of charge. All the users in ExchangeDefender will automatically be added to the Wrkoo portal and same login credentials will work on both sites.

As we add business-level features that help improve user security, they will be available via https://admin.exchangedefender.com portal under the Shortcuts dropdown (same place you find your Web File Server, LiveArchive, ComplianceArchive, Encryption, etc) as well as via direct login to the Wrkoo portal. This will help our clients quickly navigate between their files, passwords, archives, and all other services.

ExchangeDefender admin portal has been designed from the standpoint of email security and corporate policy enforcement and it is very quick, efficient, and easy to use. Once you look at securing your business beyond just SPAM filtering, things get complex and importance shifts to communication, training, and overall awareness. These are the areas that Wrkoo shines at through its calendars, tasks, tickets/cases/issues, knowledge base, and the ability to help the entire organization communicate and be on the same page. It really is a perfect medium to help everyone in your business manage their information in a more secure and practical user -friendly way.

Our mission remains the same: to keep you safe online. As the threats evolve and management of compliance, reporting, audits, and training becomes more complicated – our solution is there to help you scale and address those issues without spending more money. ExchangeDefender and Wrkoo are here to make that possible.

As noted nearly two months ago, ExchangeDefender is starting Automated ExchangeDefender Provisioning. In the long, long ago when everyone ran their own Exchange servers, ExchangeDefender offered XDSync to automate creation of ExchangeDefender users as soon as they were added to the Active Directory.

Fast forward to 2019: Few people still run their own Active Directory and most users are now on cloud-based email services that don’t use Active Directory. This puts a burden on our CIO/MSP/IT personnel that has to manage users manually – so we solved that problem with ExchangeDefender. Here is the user experience.

Automated Provisioning – User Experience

When ExchangeDefender detects a new email address from your domain sending outbound mail, it will automatically provision the account for you. This way nobody has to deal with the account management and maintenance, nor do they have to filter and audit the list as local accounts, distribution groups, etc do not send out external emails anyhow. If they do, from the licensing standpoint, it’s treated as a user. When we detect a new user, they get this email:

The email contains branding and contact information of an MSP if the client is managed by an MSP. Otherwise, only the domain administrator and ExchangeDefender basic contact info is provided.

At this point, the user is added and configured for ExchangeDefender services according to the domain defaults the IT department configured for this domain.

Clicking on the “Complete Enrollment” button takes the user to the website to setup basic settings. This part is actually VERY cool and something our clients have been begging for – something that shows the user how to actually use the product.

The enrollment wizard is only 2 steps long and gets the essential settings that 99% of users change.

Setup your password, tell us what to do with SPAM, tell us what time you want the email report (if enabled by CIO/MSP/IT) and that’s it – user is done. We’re also working on additional customization/templating of the welcome emails which should be launching later this year.

Over the past year we’ve been introducing enterprise security measures to help protect our clients from an increasing volume of attacks. Email is the single most abused gateway for email threats – with 91% of corporate breaches starting through email – and it’s only getting worse.

If you’ve used Yahoo, MySpace, or hundreds of popular free web sites (go to https://haveibeenpwned.com/ to see how/who exposed your data) your credentials and other information is available on the web. Hackers are using these passwords and personal information to guess their way into other sites that haven’t been breached – so if you use the same or similar password (or only change the site id, or one number or letter to make it different) then you’re making it very simple for hackers to get into your account.


And we get it. Dealing with security, passwords, and locking down online services is time consuming. But as the company whose main purpose and mission is to keep you secure – we want to help save you time and make it easier for you to be secure.

For the details on all the stuff we’ve got coming in September, we’d like to invite you to our webinar:
    ExchangeDefender Security Upgrade
    Tuesday, September 10th, 2019
https://attendee.gotowebinar.com/register/6898777257651237900

In the meantime, we’re going to help our partners and clients not make things “stupid easy” for hackers – by globally resetting ExchangeDefender passwords that are older than 1 year. We’ll do this on September 1st, in a very minimally intrusive way, and for those that don’t use ExchangeDefender on the daily basis (and mainly just release SPAM from quarantines) the password change won’t affect them.

Using an OTP/2FA or VPN services or all the free features that are built into ExchangeDefender to keep you secure is obviously our preferred way but as we’ve noted – the realities of SMB concern for IT security – so we need to try something else. We really hope our partners and clients can take the time to attend the September Webinar, as we believe the stuff we’ve built will help lock down your organization and make security manageable again.

Ever since we committed to ExchangeDefender Phishing Firewall as a core feature in ExchangeDefender, we knew that the biggest user benefit will be a trusted cyber-security expert available as a part of the solution. ExchangeDefender redirects all links that pass through ExchangeDefender through our firewall, giving users that click on a suspicious link in their email more information about the suspicious site – for example, if you clicked on a link in an email from Bank of America and are actually going to a web site in Poland, it might be an issue. But who do you turn to when there is an issue?

ExchangeDefender Chief Security Officer is just a click away and so far we’ve handled over a thousand inquiries from our clients and partners. If you’re looking at a link and you cannot tell why we intercepted and flagged the content, just click on the yellow button and fill out a form.

Within 24 hours you’re guaranteed a response from our team. The turnaround average so far has been just 18 minutes!
What happens on the back-end is actually quite hands-on: first we investigate the original email and compare the context with the link target, location, etc. We then open the link in a sandbox (safe environment without additional network connectivity and no data) to see what sort of information the web site collects and attempts to send. We then rephrase it in a non-techie user-friendly way and help the client out.

We’ve been overwhelmed with both skepticism and compliments as a result – turns out most users do not expect a response and are pleasantly surprised when an actual human emails back with useful information. We’ve gotten compliments on our turnaround time, usefulness of information, saving the user from dangerous content, as well as thankful comments about the frustration that phishing in general creates – as we’ve been fine tuning xdref.com our users are seeing it less and less and when they do see it we are happy to help.

The overall value of the service cannot be overstated – we’ve saved our CIOs, partners, MSPs, IT guys and gals hundreds of hours in investigative work alone. We got our clients a security audit that allowed them to continue to work quickly. Not to mention about all the bad links that likely would have lead to a breach or security compromise – that the users and techs never had to deal with.

P.S. Included in ExchangeDefender Pro at no additional cost. If you’re still frustrating your clients with “training” programs/videos/whitepapers that SPAM filters catch and junk anyhow – stop wasting your clients time and moneyExchangeDefender Phishing Firewall is a better, more effective, more affordable solution.

ExchangeDefender Phishing Firewall has been a huge success in it’s initial roll out and I wanted to take a moment to bring you up to speed on our progress and our end goal: to eliminate phishing and spear phishing as a threat to our clients. I do not intend to mince words here, this is the #1 threat out there – 90% of all compromises and breeches start with a phishing email. Stopping it, as an email security company, is our #1 job and I’m happy to report that initial results are stunning.

Little bit of a rewind: Until now the most popular way to fight phishing and spear phishing was through “education” – there is an entire cottage industry of supposed “phishing education”, testing, refreshers – and it all revolves around training people to hover over links in Outlook, what not to click, what to read. It will not surprise you that such “training” is practically worthless, but they say that a picture is worth a thousand words so here is our phishing book:

In the 48 hours following 4th of July weekend in United States, dangerous links in the email were clicked on over 770,000 times.

Without ExchangeDefender Phishing Firewall, these links would have redirected our clients to dangerous sites that likely would have lead to a compromise or a security breach. So much for training.

What’s even more telling is that, even with our firewall in place, 164,000 people decided to proceed to a dangerous site anyhow.

If more than 1 out of 5 clicks in your email will take you somewhere dangerous, how well is your training performing?

With ExchangeDefender Phishing Firewall we are enabling companies to setup policies, restrict access, provide intelligence as the user clicks — and we provide logging giving you an idea who attempted to trash your organizations network.

The scary truth behind phishing is that training is only useful in blatantly apparent cases – the kind that will NEVER even get to your inbox. Our SPAM filtering detects dangerous email content and filters it out before it has a chance to get to your Inbox. The stuff that we can flag as dangerous – thanks to user reporting, audits, and look-ahead scanning is far more sophisticated than anything we could pack into a SPAM filter – and it gives your users real intelligence on what they are about to click on. You cannot expect users to remember all their training and to be a web security analyst – their job is acting on the email.

Our job, is making sure the emails get to them clean and free of dangerous malware. Once they click on the links in the email – we are going one step ahead – and leveraging our industry relationships (data feeds and infosec sharing of dangerous content) to make sure you know exactly what you’re clicking on.

Phishing is immensely profitable and far more effective than any other form of hacking – the user literally clicks and gives the hacker the keys to the network – and our ExchangeDefender Phishing Firewall helps remove the danger and reduces phishing to merely an annoyance.

The numbers speak for themselves.

Sincerely,
Vlad Mazek
CEO
ExchangeDefender

ExchangeDefender Phishing Firewall continues to impress in terms of performance and user engagement – it’s catching dangerous content and keeping users safe from phishing attacks that often result in security compromises and breaches. Phishing accounts for over 90% of IT compromises, and as we’ve written before more than 1 out of 5 links our clients click on have lead them somewhere dangerous. With those numbers it’s clear to see why hackers are relying on phishing as the first and most effective form of attack – people will click on anything!!! And as intrusive as EPF seems to some (thank you for your feedback), our development team has been working overtime since the launch to make ExchangeDefender Phishing Firewall out of the way when it should be, and in your face when something dangerous shows up.

The goal of ExchangeDefender Phishing Firewall is to keep you safe from potentially dangerous sites and out of the way the rest of the time. You can keep up with our Dev fixes over at https://www.anythingdown.com and keep sending us your feedback. We love to hear it and we love improving the service so it can help keep you and your business safe. We also like to hear what you want us to add to the service that would make it more valuable. One such piece of feedback helped build a “Report Issue” feature:

If you click on something that you don’t recognize and you can’t tell what it is – DO NOT CLICK ON THE LINK – we are here for you. Our security concierge will open the link in an isolated virtual environment and see what kind of data is being sent back-and-forth. You will get a response, generally within minutes, with either a thumbs up or thumbs down. How cool is that?

Keep the suggestions coming, we love making ExchangeDefender Phishing Firewall the key part of your defense from phishing.