Email is one of the primary ways that security threats enter any organization.  Consider the fact that 94% of malware enters organizations through email according to the 2019 Verizon Data Breach Investigations Report (DBIR).  So, what can we do to ensure nothing malicious comes through?  At the end of the day, it’s about laying a web of detection mechanisms by leveraging what comes from Microsoft, but also looking for other reliable tools that can block the bad messages before they get to the user.  Today, let’s take a closer look at a free tool by Hornetsecurity called 365 Threat Monitor, and help you determine if this is a good tool to add to your M365 email security toolbox.

365 Threat Monitor Initial Thoughts

In my production environment I currently use Microsoft advanced detection mechanisms and have most of the offered detection level settings in place.  Occasionally something will still come through, so I am very curious to see what this tool can do for adding yet another security layer.  I am all for less ransomware, malware, and phishing, so very interested to see what the outcomes are.

Overall getting started with the Hornetsecurity 365 Threat Monitor was simple and straightforward.  Their sign up is here, and I followed the simple directions that led to me receiving an email to finish the process.  They will have you download an app to your tablet or phone through the “App Store” or “Play Store”, and then walk through a brief wizard to finish the process. In total I don’t think I spent more than a few minutes walking through the initial setup.  On our way!

Product Review Under the Covers!

What changes to expect: By way of the product review, for me the first thing I spent time doing was understanding what security-level changes were been made to my M365 tenant after installation. So here’s what happens:

  • Permissions: Using your M365 admin account you will agree to the needed permissions changes that allow your admin account and their application to scan messages. Full disclosure of these permissions when installing and install cannot complete without your permission.
  • Connector: An Exchange Online Level Connector will be created
  • Journaling: A Journaling Rule will be created and can be viewed in Exchange Online classic view

So, what’s the magic of how all these installation elements work?  The long and short of these changes to your M365 tenant is that when an email comes in the journaling rule will create a temporary copy for scanning the metadata. The connector is utilized when the admin has been notified there is a threat sitting in someone’s mailbox and they would like to manually delete that email from the threat monitor app. If an incoming message is suspicious it gets flagged and if not, the temporary copy is discarded by way of this process and the message will be delivered as expected.  Success!

Product Functionality: Since I installed this tool in the past 30 days, I haven’t had any ransomware, malware, or phishing level messages sneak through to my inbox.

Six messages were detected by Threat Monitor which were missed by my other tools during a 2 ½ week time period. I was able to delete these detected, so my security-level has been increased.

See the two images to the left that show me a Statistics and Threat Level, plus item-level detail. In the Alerts view you can delete the alert upon review if you wish.

All of these are found in your app and can be reviewed anytime to help gain a better understanding of what is being blocked and the additional protection you are receiving.

Overall Concluding Thoughts on 365 Threat Monitor

Overall, this tool is easy to setup, free for the first 10,000 admins, and adds another layer of peace of  mind to the security issues that could be entering your environment through Ransomware, Malware, Phishing and more.  This free tool is worth the extra security detection you receive by its ability to detect and prevent delivery of malicious emails to your users. Extra protection from malicious attacks for the win!

Sponsored by 

365 Threat Monitor

About Hornetsecurity Group: Hornetsecurity is a leading global email cloud security and backup provider, which secures companies and organizations of all sizes across the world. Its award-winning product portfolio covers all important areas of email security, including spam and virus filtering, protection against phishing and ransomware, legally compliant archiving and encryption — as well as email, endpoint and virtual machine backup, replication, and recovery. Its flagship product is the most extensive cloud security solution for Microsoft 365 on the market.  With more than 350 employees in 10 regional offices, Hornetsecurity is headquartered in Hanover, Germany and operates through its international network of 5,000+ channel partners and MSPs and its 11 redundant, secured data centers. Its premium services are used by 50,000+ customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, DEKRA and CLAAS.