Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report

How Varonis Helps with Email Security

2 min read
Last updated Oct 14, 2022


    Email is one of the most common points of entry for malware (at over 94%) and phishing emails are on the rise, costing companies an average of $1.6 million. Compromised email accounts can be used for everything from social engineering to exfiltrating sensitive data to jeopardizing the security of an entire network.

    Varonis monitors and protects Microsoft Exchange and Exchange Online to keep your data safe from email attacks.

    Get the Free Pentesting Active
    Directory Environments e-book

    Unusual Mailbox Access & Configuration Changes

    Can you tell when an email has been marked as unread by somebody else? Can you easily monitor permission changes on executive mailboxes? Whether it’s a rogue insider threat or a hacker who trying to escalate and pivot through important mailboxes, Varonis detects anomalous activity including:

    Marking messages as unread

    Detect when an unusual number of email messages are marked as unread… by a user who’s not the owner of the mailbox. This typically indicates that an attacker may be accessing sensitive email data – and then covering their tracks.

    Permission changes on executive mailboxes

    Executive mailboxes contain a wealth of sensitive and confidential information: it’s important to monitor permission changes to these privileged accounts, and make sure the elevated access is legitimate (rather than an attacker impersonating an executive). Varonis automatically identifies privileged accounts – so you can easily monitor suspicious behavior across executive accounts.

    Unusual access to mailboxes

    It’s a red flag when an admin or service account begins to access new mailboxes. Typically, this type of behavioral change suggests an attacker is impersonating the account to exploit sensitive data contained within the mailbox.

    Phishing Emails & Malicious Attachments

    Phishing is one of the most common ways to compromise email security – and Varonis can help you detect it. Phishing emails often use common file names and extensions to appear legitimate (encouraging users to click on them), and those attachments contain a frequently used series of specific characters that indicate that it contains malicious code.

    When a malicious attachment like this is included in an email, Varonis can identify that it contains common content that’s indicative of a phishing email or malware-inducing file attachment.

    Suspicious Email Activity & Email Behavior

    Unusual email activity and abnormal email behavior represent a risk that not only email has been compromised, but it’s being leveraged as a vehicle to get sensitive data out. Varonis detects abnormal email behavior that may signal data exfiltration or unauthorized access, including:

    Unusual volume of emails sent to a single external email address

    Detect when a mailbox sends an unusual number of emails to a single recipient outside of the company. It may be an indicator that sensitive data is being exfiltrated to a single external address.

    Automatic forwarding

    If automatic forwarding of incoming messages is set up, it may compromise that mailbox – and suggests that an attacker is trying to redirect data outside of the organization.

    Activity from a blacklisted location

    If an account is active from a blacklisted location, it may mean that the mailbox has been breached and is being used by an attacker.

    Email Security, Reporting, and Risk Dashboards

    Phishing in a cloud environment can lead to even higher risk than email on-premises – there’s no need to bypass perimeter or network security, and public folders and stale data can quickly get out of hand.

    Manage (and reduce) that risk for both Exchange and Exchange Online with intuitive, accessible dashboards that enable you to easily monitor exchange mailboxes, mailboxes with unusual permissions, public folders, and more.

    Automatically generate reports that detail unusual mailbox activity by users other than the mailbox owner, access activity, and audit permissions for users other than the mailbox owner.

    Want to learn more about how to protect Exchange on-premises or in the cloud? Get a 1:1 customized demo with one of our email security experts and see how Varonis can protect your email environment

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.

    Free Data Risk Assessment

    Join 7,000+ organizations that traded data darkness for automated protection. Get started in minutes.