Finding Phish in Office 365

Imagine this scenario. Your logs show A dozen accounts logging in from the same unknown source IP with the same user agent on the same day. This activity is not normal for this group of people. You know you have a compromise on your hands. So you do what needs to be done and you … Continue reading “Finding Phish in Office 365”

Using transport rules as a security tool (Part 3)

This is Part 3 of our series on using transport rules as a security tool. Each article will be linked in the table below as they are published: Part 1 – Setting up the mailboxPart 2 – It’s all about those transport rulesPart 3 – Reducing the haystack (you are here)Part 4 – Alerting and … Continue reading “Using transport rules as a security tool (Part 3)”

Using transport rules as a security tool (Part 2)

This is Part 2 of our series on using transport rules as a security tool. Each article will be linked in the table below as they are published: Part 1 – Setting up the mailboxPart 2 – It’s all about those transport rules (you are here)Part 3 – Reducing the haystackPart 4 – Alerting and … Continue reading “Using transport rules as a security tool (Part 2)”

Using transport rules as a security tool (Part 1)

At a conference last May, I had an opportunity to facilitate a session focused around email security covering topics such as SPF/DKIM/DMARC/MTA-STS, spam/phishing filtering, message routing, archiving/holds, and more. During that session, I shared about the methodology I use to track current trends of spam and phishing attacks rather than relying on the native spam filtering in our email platforms…