Implementation of enhanced email threat protection

172

Service: Executing projects
Area of expertise: Cyber Security

THE SITUATION

Denmark’s largest railway company needed to improve its existing email security by scanning all inbound and outbound mail-traffic – to be able to remove ill-intended emails. A tool had been chosen but needed to be implemented..

WHAT WE DID

Kopenhagen Konsulting was responsible for the coordination and implementation of a newly acquired email threat protection system (ETP). The purpose of the system was to scan all inbound and outbound mail-traffic in order to protect against ill-intended emails. The ETP system has two modes available to it. The client initially wanted to implement the ETP system in BCC mode. Blind carbon copy (BCC) mode integration between O365/EOP and ETP Cloud is accomplished through the use of a transport rule and by whitelisting the ETP Cloud Internet Protocol (IP) address ranges and domains. The transport rule will BCC all external inbound email to ETP Cloud for analysis.
However, after having implemented the system in BCC mode the client decided to change the implementation to an inline mode to improve security. This meant changing to the mode integrated with AV/AS between O365/EOP. This is accomplished by whitelisting the ETP Cloud Internet Protocol (IP) ranges and domains and through modification of the domain mail exchanger (MX) records. These rules will allow messages sent from the system to be delivered without the risk of being quarantined by O365. Once the domain MX records are changed, mail will start to route through ETP Cloud. The transfer from BCC to inline AV/AS was handled with significant care due to the importance of a constant mail-flow during corona lock-down. For this reason, preparation, proper communication, testing and hyper-care were given more time than usual. Specifically, it was important to make certain that proper testing could be facilitated during the implementation and hyper-care. This was achieved through lowering of the time-to-live levels for all records (MX, SPF, etc.). Had there been an issue during the implementation it would have been simple to revert back to the old mail-flow with minimum down-time.

OUTCOME

The client received a full implementation of the new email security system (email threat protection – ETP) and the implementation was completed without it having any negative impact on the daily operations as all time-to-live levels for all records (MX, SPF, etc.) had been lowered as a part of the implementation strategy.