Benefits of a Hosted Spam Filter

In this post we cover some of the most important elements of email security to protect your organization against advanced phishing attacks and email-based malware, such as a hosted spam filter, end user training, and multi-factor authentication.

Why an Advanced Spam Filtering Service is so Important in Healthcare

Phishing attacks on healthcare providers are being reported at unprecedented levels, malware is an ever-present threat, and ransomware attacks continue to cause massive disruption in the healthcare industry. There is no quick and easy solution when it comes to blocking these threats, but since email is the main attack vector used in phishing and malware delivery, email security is a good place to start.

It is often only after a data breach occurs that healthcare organizations discover their email defenses are not sufficiently robust. By taking a proactive approach to email security, it is possible to prevent data breaches and avoid the costs and reputation damage that security breaches cause.

One mistake that is often made is assuming the level of protection provided by an email service provider against phishing and malware is sufficient to block most email threats. In an industry such as healthcare, that is extensively targeted by cybercriminals, additional protections are required. The key to improving email security is to ensure layered defenses are in place to block multiple types of threats. One cybersecurity solution is unlikely to provide a sufficient level of protection.

Additional Protection is Required for Office 365 Email Accounts

Office 365 accounts are extensively targeted by cybercriminals. Credentials are valuable as they allow office accounts to be accessed, which often contain sizable quantities of protected health information. Many Office 365 account compromises in healthcare see the PHI of tens of thousands of patients put at risk. These attacks also give attackers a foothold that can be used to conduct more extensive attacks on the organization. Protecting Office 365 accounts is therefore one of the most important steps to take to prevent healthcare data breaches.

Microsoft provides two layers of security for Office 365 email accounts. The first, which is provided as standard, is Exchange Online Protection (EOP). EOP serves as a barrier that blocks spam, standard phishing emails, and known malware, but it is not sufficiently advanced to block all email threats. It provides a reasonable level of protection against spam, phishing, and malware threats, but many IT professionals discover a reasonably high number of threats are not blocked, especially zero-day threats and spear phishing emails.  One study conducted by Avanan revealed 25% of phishing emails were not blocked by Office 365.

The second level comes from Advanced Threat Protection (APT), which provides superior protection than EOP, albeit at a cost. APT is not provided as standard and must be purchased as an add-on. However, even this level of protection does not block all malicious emails. Osterman Research found that while Office 365 defenses blocked 100% of known malware threats, they were much less effective at blocking zero-day threats and advanced phishing attacks.

For greater protection against these advanced threats, which are highly prevalent in healthcare, a third-party hosted spam filter should be considered. A hosted spam filter can be layered on top of Office 365 and will complement Microsoft’s security measures and will provide enhanced protection against zero-day threats, spear phishing, and sophisticated phishing attacks.

What are the Benefits of a Hosted Spam Filter?

A hosted spam filter is ideal for providing greater protection for hosted and on-premises email. Being cloud-based, there are no hardware requirements and no agents need to be installed on users’ devices as all filtering takes place in the cloud and no patching or software updates are required, as they are handed by the service provider. A simple configuration changes is all that is required to implement the solution – Directing your MX record to the email service provider. While some ongoing maintenance will be required, a hosted spam filter that incorporates machine learning detection mechanisms is essentially a set and forget solution.

Choosing a Hosted Spam Filter

The effectiveness of a hosted spam filter will depend on the mechanisms employed to detect spam and malicious emails. In order to provide the required level of protection for an industry as heavily targeted by cybercriminals and healthcare, advanced detection mechanisms are required.

The solution should scan message headers, domains, and message content for signatures of spam and phishing emails, using frequently updated heuristic rules to detect new threats. Bayesian analysis and machine learning are important for identifying never-before-seen threats such as new phishing tactics and new malware threats.

Email impersonation attacks are commonplace, yet they can be difficult to identify. SPF and DMARC email authentication should be incorporated into the solution to provide greater protection against these types of attacks.

Strong antivirus protection is a must, preferably involving multiple AV engines. This will ensure protection against known malware threats. Protection against zero-day threats can be improved with sandboxing capabilities. Suspicious file attachments can be executed in the safety of the sandbox and studied for malicious actions and C2 callbacks.

A hosted spam filter should also scan outbound messages to identify suspicious email activity, such as email account compromises and insider threats. Some email filtering services also support tagging of keywords and certain data types such as Social Security numbers for data leak protection.

Malicious link protection is essential in the fight against phishing. Links should be scanned in real-time and subjected to a reputation analysis against multiple services.

In addition to these advanced detection measures, a hosted spam filter should be easy to use and maintain. Synchronization with Active Directory and LDAP helps as it allows controls to easily be applied to different user groups and users. Business software review sites are useful for providing insights into the effectiveness of a hosted spam filter, how easy it is to use, and any problems experienced by end users. They can help you make the right decision about the best hosted spam filter to implement.

Security Awareness Training is a Requirement of HIPAA

Advanced spam filtering solutions will dramatically reduce the number of threats that arrive in inboxes, but occasional threats may slip through the net. Security awareness training for the workforce adds yet another layer to your security defenses. The workforce must be trained how to recognize email threats and conditioned to report them to the security team. Phishing emails that have managed to bypass security need to be removed from the email system. They can also be used to train the machine learning element of your hosted spam filter. Security awareness and phishing training is also a requirement of HIPAA. In the event of a data breach, regulators will want to see evidence that security awareness training has been provided to all staff members.

Implement Multi-Factor Authentication as a Last Line of Defense

Even well-trained employees are prone to make mistakes on occasion. If an employee responds to a phishing email and discloses their email credentials, the attacker will use them to try to gain access to the individual’s email account. Multi-factor authentication serves as a last line of defense to prevent stolen credentials from being used to access the email system. It is not infallible, but according to Microsoft, it will prevent 99% of automated attacks.


What are the alternatives to a hosted spam filter?

A hosted spam filter is just one of the email security options available. A dedicated email security appliance, or email security software – often provided as a virtual appliance – can be just as effective at blocking email threats. Hosted spam filters require no hardware and are often the most cost-effective choice.

Why is it important to can outbound emails?

Outbound scanning can identify mailboxes that have been compromised and are being used to send phishing emails, and to detect any malicious files attached to emails. Malware-infected files that have been transferred from a personal USB drive for instance. Outbound scanning can also help protect against data theft, by tagging certain data types such as Social Security numbers.

What is sandboxing?

A sandbox is an isolated environment where files can be opened/executed without risk. The antivirus engines of a spam filter will only detect known malware variants. Suspicious attachments that pass the AV checks can be sent to the sandbox for in-depth analysis, which allows previously unknown malware variants and malicious code to be detected.

Will a hosted spam filter slow down email delivery?

No. Inbound and outbound emails pass through the hosted spam filter and will be subjected to a range of checks, as they would be with an on-premises email security solution. There will be no noticeable difference in the speed that emails are sent or received.

How much does a hosted spam filter cost?

Hosted spam filtering services are usually offered as a subscription, where organizations are charged based on the number of users or number of mailboxes. The costs can vary considerably from provider to provider, with the cost of an advanced hosted spam filter starting at around $1.30 per user, per month.