Email is one of the most common points of entry for malware (at over 94%) and phishing emails are on the rise, costing companies an average of $1.6 million. Compromised email accounts can be used for everything from social engineering to exfiltrating sensitive data to jeopardizing the security of an entire network.
Varonis monitors and protects Microsoft Exchange and Exchange Online to keep your data safe from email attacks.
Get the Free Pentesting Active
Directory Environments e-book
Unusual Mailbox Access & Configuration Changes
Can you tell when an email has been marked as unread by somebody else? Can you easily monitor permission changes on executive mailboxes? Whether it’s a rogue insider threat or a hacker who trying to escalate and pivot through important mailboxes, Varonis detects anomalous activity including:
Marking messages as unread
Detect when an unusual number of email messages are marked as unread… by a user who’s not the owner of the mailbox. This typically indicates that an attacker may be accessing sensitive email data – and then covering their tracks.
Permission changes on executive mailboxes
Executive mailboxes contain a wealth of sensitive and confidential information: it’s important to monitor permission changes to these privileged accounts, and make sure the elevated access is legitimate (rather than an attacker impersonating an executive). Varonis automatically identifies privileged accounts – so you can easily monitor suspicious behavior across executive accounts.
Unusual access to mailboxes
It’s a red flag when an admin or service account begins to access new mailboxes. Typically, this type of behavioral change suggests an attacker is impersonating the account to exploit sensitive data contained within the mailbox.
Phishing Emails & Malicious Attachments
Phishing is one of the most common ways to compromise email security – and Varonis can help you detect it. Phishing emails often use common file names and extensions to appear legitimate (encouraging users to click on them), and those attachments contain a frequently used series of specific characters that indicate that it contains malicious code.
When a malicious attachment like this is included in an email, Varonis can identify that it contains common content that’s indicative of a phishing email or malware-inducing file attachment.
Suspicious Email Activity & Email Behavior
Unusual email activity and abnormal email behavior represent a risk that not only email has been compromised, but it’s being leveraged as a vehicle to get sensitive data out. Varonis detects abnormal email behavior that may signal data exfiltration or unauthorized access, including:
Unusual volume of emails sent to a single external email address
Detect when a mailbox sends an unusual number of emails to a single recipient outside of the company. It may be an indicator that sensitive data is being exfiltrated to a single external address.
Automatic forwarding
If automatic forwarding of incoming messages is set up, it may compromise that mailbox – and suggests that an attacker is trying to redirect data outside of the organization.
Activity from a blacklisted location
If an account is active from a blacklisted location, it may mean that the mailbox has been breached and is being used by an attacker.
Email Security, Reporting, and Risk Dashboards
Phishing in a cloud environment can lead to even higher risk than email on-premises – there’s no need to bypass perimeter or network security, and public folders and stale data can quickly get out of hand.
Manage (and reduce) that risk for both Exchange and Exchange Online with intuitive, accessible dashboards that enable you to easily monitor exchange mailboxes, mailboxes with unusual permissions, public folders, and more.
Automatically generate reports that detail unusual mailbox activity by users other than the mailbox owner, access activity, and audit permissions for users other than the mailbox owner.
Want to learn more about how to protect Exchange on-premises or in the cloud? Get a 1:1 customized demo with one of our email security experts and see how Varonis can protect your email environment
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.

Michael Buckbee
Michael has worked as a sysadmin and software developer for Silicon Valley startups, the US Navy, and everything in between.