Even before COVID-19, SaaS-based productivity tools such as Microsoft 365 had been gaining market-share at a remarkable pace. Today, with hundreds of millions of employees working from home, enterprises are turning to software as a service (SaaS), including Microsoft 365, like never before. In doing so, many companies are decommissioning their old email gateways and relying on the security that comes with the SaaS applications. However, as email is the most common transport mechanism for cyber-attacks, it is important that organizations ensure they have an advanced security posture.
Microsoft offers two security services for M365: Exchange Online Protection (EOP) and Advanced Threat Protection (ATP). These services have most of the features you need to secure your productivity infrastructure but poor detection marks both these security solutions. As a result, organizations are turning to Fortinet’s Dynamic Cloud Security solutions, including FortiMail, to enhance and complement native capabilities within Microsoft 365 and better protect their journey to the cloud.
Fortinet’s FortiMail Email Security Ranks High in Industry Tests
The latest SE Labs report, which pitted leading email security services against live targeted attacks that are the same or similar to those seen in recent security events, reveals differences between Microsoft 365 security and security from third party vendors. The report consolidated the results in a single metric, “True Accuracy,” that took into account not just detection but also remediation, false positives, and false negatives. In particular, this metric included the solution’s handling of non-malicious messages and components of those messages, such as attachments and links to websites. SE Labs found Microsoft’s email security solutions had accuracy ratings of less than 30 percent, revealing the need for an advanced third party solution capable of augmenting Microsoft 365 security. SE Labs found that Fortinet’s FortiMail was among the leaders in total accuracy ratings with over 90% of threats detected.
Other third party tests reveal Fortinet’s ability to detect threats with few or no false positives: Virus Bulletin, in its quarterly comparative review of SPAM detection, declared Fortinet the most effective solution, detecting 99.84% of bad emails with zero false positives. ICSA’s tests confirmed the Virus Bulletin findings: after 5 weeks of extensive testing, ICSA found that Fortinet FortiMail detected 99.8% of threats with a false positive rate of under 1.6% – both among the best results of any product tested.
Advanced Microsoft 365 Security Through the Fortinet Security Fabric
Through its Security Fabric, Fortinet offers the broadest, most-effective set of cloud-ready solutions to complement M365. Fortinet works closely with Microsoft to integrate its solutions tightly with M365, providing flexible consumption models and deployment options for on-premises, hybrid and multi-cloud environments. Built from the ground up to co-exist and complement M365, Fortinet’s approach allows customers to use the applications they are most familiar with from Microsoft and the proven security they can rely on from Fortinet.
Detection of malicious email is only part of M365 security – but is probably the most important part. Other elements of an effective M365 security solution, which Fortinet provides include:
- Strong Authentication: FortiToken Cloud provides management of multifactor authentication of two-factor tokens, including both software and mobile tokens, in a FortiGate environment from provisioning to revocation.
- Robust platform to manage the lifecycle of your two-factor authentication system.
- Intuitive dashboard is available anywhere there is an internet connection.
- Email Security: FortiMail Cloud inspects incoming and outgoing emails to stop threats and prevent data loss.
- Independently top-rated effectiveness: Routinely earning top scores in Virus Bulletin, ICSA Labs, and other third-party testing.
- Comprehensive coverage: Anti-spam, anti-phishing, anti-malware, sandboxing, content disarm, impersonation analysis, data loss prevention (DLP), encryption, and message archiving.
- Sandboxing: FortiSandbox Cloud analyzes files and URLs for new and previously unknown cyberattacks. FortiSandbox utilizes real-time threat feeds along with heuristic analysis, machine learning, and artificial intelligence to identify zero-day threats.
- SaaS Security: FortiCASB integrates tightly with Microsoft 365 to provide visibility and control into how Microsoft 365 is being secured and used. FortiCASB will:
- Inspect content in transit or at rest for threats with the top-rated threat intelligence of FortiGuard Labs AV and sandbox services
- Monitor and ensure appropriate user behavior and entitlements as well as control authorized use of a wide range of sensitive data types, as defined by industry regulations or corporate policy
- Identify instances of un-approved “shadow IT” apps in the cloud
- Monitor SaaS apps such as M365 for compliance issues such as encryption of data, proper authentication and appropriate security policies
Fortinet’s Dynamic Cloud Security Solutions
SaaS-based applications such as Microsoft 365 are one example of the need for enterprise-class security solutions for cloud-based infrastructures. Fortinet’s Dynamic Cloud Security solutions include network security, application security and platform security for all major clouds, both public and private.
The Fortinet Cyber Threat Assessment Program is a free program that analyzes your email traffic for spam, phishing emails and malware. After the two-week assessment, Fortinet provides a detailed risk assessment report. Sign-up for your personal email security assessment and get started today.
* Figure 1: SE Labs Email Security Gateway test report.