Enterprises have different options to secure Exchange 2013, from applying role groups to creating data loss prevention policies. Now we'll look at another option for protecting against spam and malware in an Exchange 2013 deployment.
Install antimalware and antispam protection
Computer viruses, Trojan horses, spyware and social engineering schemes such as phishing are constant threats for every email user grappling with infected attachments and links to bogus websites. Attackers can discover and assault new vulnerabilities with increasing speed and sophistication, forcing IT professionals to counter these threats.
If you want to secure your Exchange 2013 deployment, it provides built-in antimalware and antispam tools that scan messages exchanged with the mailbox server. Messages containing malicious content are deleted and typically are unrecoverable. Once enabled, the protected server will check for malware definition updates on an hourly basis.
Integrated spam protection uses a combination of agents to filter senders, content and other identifying criteria intended to help verify the authenticity of each message. Suspicious messages are then quarantined for further investigation or deletion.
However, you're not required to use antimalware and antispam tools built into Exchange 2013. There are a number of third-party tools that can provide protection for Exchange environments, such as Kaspersky Security for Microsoft Exchange. If you do opt for a third-party security product, it's usually best to disable the native antimalware and antispam tools in Exchange to prevent conflicts that may cause errors or performance problems on the server. In addition to this, using antimalware on the email server itself outside of Exchange may require administrators to exclude specific directories including mailboxes, logs, transport services and processes that Exchange specifically uses.
It's important to couple active and current security tools with careful end-user education. Employees must be trained to spot social engineering tactics and avoid opening unknown attachments and clicking on links embedded in email messages. Such behaviors are often included in a company's acceptable use policies for email, which should be reviewed and updated as business needs and threats change.
Stay tuned for part four, which covers enterprise rights management.
This is part three in a series about securing Exchange 2013 deployments. Click on each individual link to access previous parts in the series.
Part one: Role groups
Part two: DLP policies