This report discusses Microsoft 365 and its Defender product for email.
In general, Microsoft 365 is a very secure service. That is a result of a massive and continuous investment from Microsoft. In fact, it is one of the most secure SaaS services on the market. This report does not indicate otherwise.
What this report does note is the challenge that Microsoft has. As the default security for most organizations, many hackers think of email and Microsoft 365 as their initial points of compromise. A good example of how hackers focus on Microsoft 365 comes in a series of blogs from Microsoft that details the attempts of a state-sponsored group to compromise their services.
Before unleashing an attack, hackers will test and verify that they are able to bypass Microsoft’s default security. In other words, they are crafting attacks that are specifically designed to take advantage of getting around Microsoft and landing in the user’s inbox. This is most likely why we’re seeing a higher percentage of attacks bypassing Microsoft security. In fact, Check Point does not see the attacks that
Microsoft blocks. We only see the attacks that bypass Microsoft ’s security .
In this context, when our analysis demonstrates that a higher percentage of attacks are bypassing Microsoft’s security, it’s important to note that this does not mean that Microsoft’s security got worse. It means that the hackers got better, faster, and learned more methods to obfuscate and bypass the default security.
For this reason, Check Point chose an architecture for cloud email security that adds a layer on top of Microsoft’s security, rather than replacing it. It’s why our security experts recommend to our customers to add an extra layer of security on top of their default cloud email service.