As an Exchange admin, securing your enterprise email system from threats and vulnerabilities is paramount.
Although it's rare to find security flaws specific to Exchange -- since recent versions are secure by default -- weaknesses generally stem from implementing and managing Exchange. The question remains: How are you addressing these issues?
Your options are limited when using Exchange Online since someone else is in control, and in many situations, you can architect third-party security tools into the mix.
Third-party security monitoring tools from companies such as Barracuda Networks Inc. and ProofPoint Inc. help supplement Exchange security. For enterprises that run and oversee Exchange in-house, using third-party tools to implement security controls produces dramatic improvements over your Exchange configuration.
Often, third-party security vendors are best for detecting, blocking, and cleaning viruses and related threats. Since malware is complex, implement security monitoring tools from a third-party company that specializes in malware protection for security from casual malware attachments, questionable links, known malicious emails and targeted attacks.
With malware, namely the type that facilitates distributed denial of service (DDoS) attacks, have DDoS protection lined up in the event that you need protection in a hurry.
System monitoring and alerting
Visibility into the overall network environment is critical but rarely implemented. Often, it is poorly managed due to time constraints, lack of proper tools and inexperience.
If you manage an internal Exchange environment, why take a chance on threats to your network? Overlooking one questionable or malicious action -- or missing it altogether -- can lead to a big breach. A third-party vendor's product or service with built-in threat intelligence and tools will provide a defensible configuration in the event of malicious activity.
Content filtering, data loss prevention
A critical control in any Exchange environment is leveraging third-party security tools to protect users from themselves and the business from its users. Integrating technologies such as intrusion prevention and data loss prevention into your existing configuration helps users and the business.
One of the most common dilemmas is how to prevent personally-identifiable information (PII) and intellectual property from being sent out or otherwise abused via the email system. Although content filtering can be used to monitor for and detect sensitive information leaving the endpoints, data loss prevention technologies need to ensure the utmost in security. You also face the risk of an outside party sending one of your user's PIIs, especially when improperly secured. The best way to address this is to use specialized third-party security monitoring tools.
There are pros and cons to layering your Exchange security controls. The pros center on minimizing business risks by using the best technologies. The cons include up-front costs and time investments, and potentially the need to manage an additional system.
User account, identity management
One of the greatest risks is stale or forgotten user accounts that can be abused when employees are fired or resign. There are numerous third-party tools from vendors such as Netwrix Corp. and ManageEngine to help you better manage Active Directory, gain better oversight of user account management, create alerts, and automate the user provisioning and de-provisioning process.
To understand your existing security risks, perform your own security assessment. Don't overlook this step; people tend to add security controls they assume they need without fully understanding what's at stake and what needs to be done based on the business goals.
How to improve enterprise email security
Email security gateways in the enterprise
How to alleviate global email security implications
Test third-party application security for vulnerabilities
Evaluation of third-party app security tools and services