1

I have had a demo of KnowBe4, have scheduled in one for TitanHQ, but am looking for other vendors to provide phishing protection. I just need to find a solution to combat this nonsense, preferably one that prevents it either hitting the mailbox, or stops users dead in their tracks if they click links they shouldn’t.

I have 160 users, using M365. We have (of course) no budget for this, so I am going to have to sell it to the CEO, although the CFO is on board, which is a start!

I did like KnowBe4, as it has lots of useful admin ‘toys’, but the reality is the IT team has little time to play, so just preventing this stuff is key.

Any further recommendations?

5 Spice ups
2

Have you looked into Mimecast?

1 Spice up
3

I’ve used Mimecast & GoSecure and both worked fine. Both filter before it hits the users’ inbox.

2 Spice ups
4

I’ve used many different antivirus/email filtering systems and services over the years. About a year and half ago I ended them all and added Microsoft Defender for Office 365 P2 to our tenants and it has been working great. Even has some simulation training.
Think they have a free trial for this so you can test it out on some users.

2 Spice ups
5

A mail filter wont do this, if it’s go to the users mailbox, you need a web filter, proxy or NGFW to do this for malicious links,

I would also add that tight firewall rules, especially outbound will also limit where users can go, for example, don’t allow outbound access on all ports, limit users to 80/443, so any websites with uncommon ports will be blocked, invalid certificates should also be blocked by the afore mentioned filters.

Have you considered Defender for 365?

EFA-Project, it will take a little configuring, but you can tune it to your needs.

3 Spice ups
6

I think you should try mimecast and Go secure.

7

… but how do you contend with the URL being re-written, i.e. when you look at the e-mail, does it show you the URL it end up going to. My worry about using this feature in mimecast is, what happens in the following 2 scenarios:

  • I want to write some code that inspects historic e-mails and need to be able to see URLs
  • We no longer use mimecast and all URLS are dereferenced?

TIA - JAC.

8

But what was the decision to move to MS365 or O365 in the first place ?
The person or team doing this project should have projected the other costs like AV, email security, email backup etc ?

Even for our smaller Org that have only 50 users, we bought MS Office 2016 via MSVL and then moved on to Exchange Online, then to Google Suites for Business (as lots of features like email retention, Google drive, Google shared folders & extreme large storage etc were out of the box).

Lots of savings from using perpetual licenses vs subscriptions.

Another large savings on security is not to use email clients like Outlook and also to use browser like Chrome with email ?

Sad to say, with smaller Org, the budget is much smaller and time to look for savings instead of the “toys” where big boys are having ? But that also depends on what business your Org is in ?

9

Many mail filters do this. They substitute the URL in the message, and can perform on-demand scanning when a user clicks. This supplements URL protection scanning at the firewall and endpoint.

Mail filters that just examine a URL when it passes thru are insufficient. URLs can be redirected at any time, and if you are only statically examining on mail accept, you will miss if it changes.

10

If you mean something like Microsoft Safelinks - yes, but they only work if the link is malicious or does something they know about. A dedicated proxy or filter will add another layer and can also block based on content, something a URL scanner cant do. Yet.