Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report

How Varonis Helps with Email Security

2 min read
Published June 17, 2020
Last updated October 14, 2022

Email is one of the most common points of entry for malware (at over 94%) and phishing emails are on the rise, costing companies an average of $1.6 million. Compromised email accounts can be used for everything from social engineering to exfiltrating sensitive data to jeopardizing the security of an entire network.

Varonis monitors and protects Microsoft Exchange and Exchange Online to keep your data safe from email attacks.

Get the Free Pentesting Active
Directory Environments e-book

Unusual Mailbox Access & Configuration Changes

Can you tell when an email has been marked as unread by somebody else? Can you easily monitor permission changes on executive mailboxes? Whether it’s a rogue insider threat or a hacker who trying to escalate and pivot through important mailboxes, Varonis detects anomalous activity including:

Marking messages as unread

Detect when an unusual number of email messages are marked as unread… by a user who’s not the owner of the mailbox. This typically indicates that an attacker may be accessing sensitive email data – and then covering their tracks.

Permission changes on executive mailboxes

Executive mailboxes contain a wealth of sensitive and confidential information: it’s important to monitor permission changes to these privileged accounts, and make sure the elevated access is legitimate (rather than an attacker impersonating an executive). Varonis automatically identifies privileged accounts – so you can easily monitor suspicious behavior across executive accounts.

Unusual access to mailboxes

It’s a red flag when an admin or service account begins to access new mailboxes. Typically, this type of behavioral change suggests an attacker is impersonating the account to exploit sensitive data contained within the mailbox.

Phishing Emails & Malicious Attachments

Phishing is one of the most common ways to compromise email security – and Varonis can help you detect it. Phishing emails often use common file names and extensions to appear legitimate (encouraging users to click on them), and those attachments contain a frequently used series of specific characters that indicate that it contains malicious code.

When a malicious attachment like this is included in an email, Varonis can identify that it contains common content that’s indicative of a phishing email or malware-inducing file attachment.

Suspicious Email Activity & Email Behavior

Unusual email activity and abnormal email behavior represent a risk that not only email has been compromised, but it’s being leveraged as a vehicle to get sensitive data out. Varonis detects abnormal email behavior that may signal data exfiltration or unauthorized access, including:

Unusual volume of emails sent to a single external email address

Detect when a mailbox sends an unusual number of emails to a single recipient outside of the company. It may be an indicator that sensitive data is being exfiltrated to a single external address.

Automatic forwarding

If automatic forwarding of incoming messages is set up, it may compromise that mailbox – and suggests that an attacker is trying to redirect data outside of the organization.

Activity from a blacklisted location

If an account is active from a blacklisted location, it may mean that the mailbox has been breached and is being used by an attacker.

Email Security, Reporting, and Risk Dashboards

Phishing in a cloud environment can lead to even higher risk than email on-premises – there’s no need to bypass perimeter or network security, and public folders and stale data can quickly get out of hand.

Manage (and reduce) that risk for both Exchange and Exchange Online with intuitive, accessible dashboards that enable you to easily monitor exchange mailboxes, mailboxes with unusual permissions, public folders, and more.

Automatically generate reports that detail unusual mailbox activity by users other than the mailbox owner, access activity, and audit permissions for users other than the mailbox owner.

Want to learn more about how to protect Exchange on-premises or in the cloud? Get a 1:1 customized demo with one of our email security experts and see how Varonis can protect your email environment

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
speed-data: why-cybersecurity-is-an-unceasing-progression-with-siwar-el-assad
Speed Data: Why Cybersecurity is an Unceasing Progression With Siwar El Assad
Siwar El Assad chats about the impact of cybersecurity on modern society, the reality of breaches, and how a chance encounter led Siwar to the industry.
DSPM Deep Dive: Debunking Data Security Myths
DSPM is the leading acronym in cybersecurity. However, the recent buzz has cluttered the meaning of data security posture management. Let's demystify it.
Speed Data: Rethinking Traditional Cybersecurity Principles With Rick Howard
Rick Howard, author, journalist, and Senior Fellow at the CyberWire, chats about his new book on rebooting cybersecurity principles with Varonis' Megan Garza.
The Benefits of Threat and Data Breach Reports
Threat and data breach reports can help organizations manage security risks and develop mitigation strategies. Learn our three pillars of effective data protection and the benefits from these reports.