News

E-Mail 'Biggest' Security Risk, Microsoft Says

An organization's security has a lot to do with its E-mail system, a top security official at Microsoft suggested.

"Messaging is fraught with a lot of challenges," said J.G. Chirapurath, Microsoft's senior director for identity and security, in a phone interview. "It comes down to the integrity of the information and who is seeing it. It's all about secure messaging because when you examine the world we live in, e-mail really is the biggest attack vector, as well as the biggest leak vector."

Microsoft's big news on Monday was the release of Exchange 2010. However, the company simultaneously released a security solution for the new e-mail server called Forefront Protection 2010 for Exchange. Forefront is Microsoft's general brand for a family of enterprise software security products. 

Microsoft officials have been saying that Forefront Protection 2010 for Exchange offers faster malware detection rates, even while it uses multiple antimalware engines simultaneously. In addition, they claim that spam protection is at 99 percent, with about one spam message per 250,000 getting through.

Microsoft's literature suggests that the solution can provide protection anywhere through "identity aware security." IT pros can adjust security levels based on access assignments and system parameters. In addition, the product's management system can help identify critical process owners and implement security measures accordingly.

The focus on enterprise-level security for Exchange has a lot to do with the threat landscape, which has been changing.

"The attacks on the OS are devolving, and [attacks] now happen at the application or workload layers," Chirapurath explained. "So the old paradigms of security and old ways of security need to evolve. Deep integration with Exchange is important, and this is integrated with a platform."

And when it comes to e-mail, everyone is subject to attacks -- even Microsoft security officials.

"I carry a laptop and compute within Microsoft where I know I'm protected," Chirapurath said. "But a lot of the time, I also go sit in a coffee shop and view confidential information; use someone else's network. I open attachments from outside. I use mobile devices and I'm not necessarily immune."

Given such scenarios, Chirapurath said, it's important to have a "business-ready security" strategy in place.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Windows 10 Preview Adds Windows Subsystem for Linux 2 on ARM64 Devices

    Microsoft's latest Windows 10 preview release for testers (build 18980), announced on Wednesday, includes support for version 2 of the Windows Subsystem for Linux, plus ARM64 device support for WSL 2.

  • Microsoft Defender Advanced Threat Protection Evaluation Lab Now Available

    The Microsoft Defender Advanced Threat Protection (ATP) Evaluation Lab is now ready for use by organizations.

  • How Organizations Can Adapt to SharePoint's 'Modern' Shift

    In a September interview, SharePoint expert Asif Rehmani described how users, developers and organizations are dealing with SharePoint Online's so-called "modern" innovations.

  • Microsoft Urges LDAP Workaround Fix for Windows Systems

    Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol in supported Windows systems to implement some configuration changes manually.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.