Securing Email Eliminates 90% of Cyberthreats—Here's How We Did It
In IT, as in life, nothing is guaranteed. You can do everything to secure your network, but attackers can still find their way into your system. There is no such thing as a risk-free computing environment. Cybersecurity is not about eliminating potential threats, but about reducing risks and putting in measures that will minimize the damage to your infrastructure, your data, and your operations.
Disaster is always around the corner. Did you know that email is the number one vector for both malware distribution (92.4%) and phishing (96%)? An employee can click on an unsafe link or open an infected email attachment and, before you know it, your network has been compromised.
It happened to us here at Strenge. We were hit with a crypto locker and had to pay a ransom. We then spent all night restoring the 20,000 files the hackers had encrypted. That was a small price to pay, and things could have been a lot worse, but we learned our lesson, and so we took another look at our cybersecurity setup.
Strenge is a family business that started in 1961. We serve the German market and specialize in packaging and cleaning solutions for industrial clients, including bags, cartons, tapes, cable ties, brushes, brooms, and floor coverings. Most of our orders and communications go through email, and that was the vector of the malware attack.
Office 365's Security Limitations
We use Microsoft Office 365 as our corporate email platform, but it lacks some crucial security features, including deep visibility and the capacity to monitor incoming and outgoing communications for potential threats.
Configuring accounts and servers in Office 365 is a pain. Advanced settings are too complicated to manage in some cases and absent in others. We also paid to upgrade our owner protection plan, but the email filters and the inspection tools were creating more problems than they were solving. We were getting too many false positives for malware and spam.
There was no way to look at the first point of contact with our email domain. We couldn’t confirm whether an email message originated with an actual customer or from an attacker spoofing their address.
Too Small for Microsoft
We tried to talk to Microsoft about these issues, but their customer support was non-existent, or at least it felt that way. I got the sense we weren't a big enough account for Redmond.
Strenge is a small company. Our 120 employees depend on email, both onsite and off, but I didn't feel we could rely on Microsoft's security tools. It was next to impossible to get through to their customer support team, and when we did, they took forever to address our issues.
The crypto locker was the final straw. We'd spent too much time and money trying to secure Microsoft's email platform with its built-in tools, but we couldn't make it work. We needed a new solution that was easy to use, flexible, and highly customizable. We wanted the ability to set and change rules and exceptions on the fly in reaction to threats. Most importantly, we needed true visibility that would allow us to see when the system blocked email messages from coming in or going out.
Layering CES and Office 365
We met with Stefan Tegelkamp of SVA GmbH. The company is headquartered in Wiesbaden. It is one of Germany's leading systems integrators, a respected provider of managed services, and a certified vendor for some of the biggest names in IT.
Stefan looked at our needs and recommended layering Cisco Email Security (CES) atop our existing Office 365 setup. CES is a cloud-based solution that offers advanced phishing and domain protection functionalities. It blocks fraudulent senders and prevents bad actors from using our domain to send out fraudulent emails.
CES leverages up-to-the-minute threat intelligence from the researchers at Talos and offers beyond point-in-time protection that can track and quarantine a file after it enters your system. Cisco is lightning fast in its reaction time and can update virus and malware definitions within hours of a new threat emerging. This level of protection far surpasses and outclasses anything that Microsoft ever offered us.
On paper, CES looked like the perfect solution, but we were hesitant to invest in new technology because we'd sunk so much time and money into Microsoft's security offering. We needed to get everything right this time and asked SVA for a proof of value (PoV) period.
Extending Our Proof of Value
Cisco agreed to let us try the software for 60 days. It was a full-featured trial, and there were no limitations on the number of accounts we could manage or in the ways we could customize our installation. We thought we had plenty of time to figure everything out, but we ended up asking for an extra month before making our final decision.
As recommended, we deployed CES on top of Strenge's existing Office 365 mail system. Stefan and his team set everything up and then they opened a ticket with Cisco's Customer Experience (CX) team to activate the trial. It was that simple. We chose a limited range of IP addresses and routed traffic for one of our smaller email domains through CES.
Next, we did some customizing and altered the platform's content filters to comply with the company's email policies. Then, we started digging into everything. CES offers deep visibility into email traffic and advanced logging capabilities that allow us to see how email is routed and processed. If a message is flagged and blocked, we can see how it happened, why it happened, and where it happened. This applies to both incoming and outgoing emails.
Once we were confident that we had the right setup, we decided to expand the scope of our tests. Eventually, we routed our entire production environment and all inbound and outbound traffic from our primary email domain through CES.
The extra month paid off. By the time we completed the PoV, we had secured all of Strenge's email accounts and servers, and so we decided to flip the switch and go from trialing the software to activating CES as a full-fledged managed service residing on the cloud. The transition was seamless. We called Cisco, and a few hours later, our account was active.
The Value of Support
The PoV taught us the value of support. After months of dealing with Microsoft's non-existent customer care, it was a pleasure to work with Cisco's CX department. Help was always a phone call or an email away, and Cisco resolved all our issues even though we weren't full-fledged customers yet.
Cisco's ticketing system was so easy to use. We didn't have to jump through hoops to get things done. We used it to activate and extend the trial, and to then convert the PoV into a subscription. If we needed to know how a feature worked, we opened a ticket. We did the same thing when dealing with a botched configuration file. It was that easy.
We were sold on CES technology within a few days of starting the PoV, but Cisco's Customer Experience team sealed the deal. At one point, our mail spooler stopped delivering messages to their recipients. The CX team took a deep dive into our backend and discovered that we weren't using the recommended settings.
They quickly figured out our error and fixed the issue. After that, they showed us how to prevent it from recurring. Most other vendors would have reset the spooler, and we would have found ourselves in the same mess a few weeks later. But Cisco made an effort to educate us instead. That's the kind of thinking that pays off in the long run.
Getting a Lot More for Less
Despite this flurry of activity and all the changes behind the scenes, the transition from Microsoft's email security tools to CES was seamless for our end users. There were no service interruptions, and Stenger's 120 employees did not have to modify any of their workflows.
CES has given my team the configuration and monitoring tools we need to secure our email accounts and servers, along with much-needed technical support. You'd think this increased capability, visibility, and customer care comes at a premium—but that's not the case. Cisco Email Services costs 50% less than what we paid before. It also requires less maintenance because it is a managed service hosted on the cloud.
Partnering with Cisco and SVA to Fight Chaos
If I could summarize our experience in a word, it is partnership. Cisco's CX department has given us the support we need. Stefan's engineers at SVA have guided us every step of the way. We have secured our email infrastructure through teamwork and collaboration.
Have you ever tried to resolve a technical issue and felt you were getting a sales pitch instead of an answer? I've often experienced that with other vendors, but Cisco and SVA act as partners who have Stenger's best interests in mind.
As I think about our newly secured email infrastructure, I know I can sleep at night because we are blocking the number one vector for cyberattacks. I also recognize that nothing is foolproof, and evil people are lurking in the dark corners of the internet, hoping to cause chaos.
Fortunately, Cisco is doing everything in its power to stay one step ahead of the bad guys, and that's good news for me, and every Strenge customer and employee.