Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session


How Varonis Helps with Email Security

Data Security, Threat Detection

Email is one of the most common points of entry for malware (at over 94%) and phishing emails are on the rise, costing companies an average of $1.6 million. Compromised email accounts can be used for everything from social engineering to exfiltrating sensitive data to jeopardizing the security of an entire network.

Varonis monitors and protects Microsoft Exchange and Exchange Online to keep your data safe from email attacks.

Get the Free Pen Testing Active Directory Environments EBook

“This really opened my eyes to AD security in a way defensive work never did.”

Unusual Mailbox Access & Configuration Changes

Can you tell when an email has been marked as unread by somebody else? Can you easily monitor permission changes on executive mailboxes? Whether it’s a rogue insider threat or a hacker who trying to escalate and pivot through important mailboxes, Varonis detects anomalous activity including:

Marking messages as unread

Detect when an unusual number of email messages are marked as unread… by a user who’s not the owner of the mailbox. This typically indicates that an attacker may be accessing sensitive email data – and then covering their tracks.

Permission changes on executive mailboxes

Executive mailboxes contain a wealth of sensitive and confidential information: it’s important to monitor permission changes to these privileged accounts, and make sure the elevated access is legitimate (rather than an attacker impersonating an executive). Varonis automatically identifies privileged accounts – so you can easily monitor suspicious behavior across executive accounts.

Unusual access to mailboxes

It’s a red flag when an admin or service account begins to access new mailboxes. Typically, this type of behavioral change suggests an attacker is impersonating the account to exploit sensitive data contained within the mailbox.

Phishing Emails & Malicious Attachments

Phishing is one of the most common ways to compromise email security – and Varonis can help you detect it. Phishing emails often use common file names and extensions to appear legitimate (encouraging users to click on them), and those attachments contain a frequently used series of specific characters that indicate that it contains malicious code.

When a malicious attachment like this is included in an email, Varonis can identify that it contains common content that’s indicative of a phishing email or malware-inducing file attachment.

Suspicious Email Activity & Email Behavior

Unusual email activity and abnormal email behavior represent a risk that not only email has been compromised, but it’s being leveraged as a vehicle to get sensitive data out. Varonis detects abnormal email behavior that may signal data exfiltration or unauthorized access, including:

Unusual volume of emails sent to a single external email address

Detect when a mailbox sends an unusual number of emails to a single recipient outside of the company. It may be an indicator that sensitive data is being exfiltrated to a single external address.

Automatic forwarding

If automatic forwarding of incoming messages is set up, it may compromise that mailbox – and suggests that an attacker is trying to redirect data outside of the organization.

Activity from a blacklisted location

If an account is active from a blacklisted location, it may mean that the mailbox has been breached and is being used by an attacker.

Email Security, Reporting, and Risk Dashboards

Phishing in a cloud environment can lead to even higher risk than email on-premises – there’s no need to bypass perimeter or network security, and public folders and stale data can quickly get out of hand.

Manage (and reduce) that risk for both Exchange and Exchange Online with intuitive, accessible dashboards that enable you to easily monitor exchange mailboxes, mailboxes with unusual permissions, public folders, and more.

Automatically generate reports that detail unusual mailbox activity by users other than the mailbox owner, access activity, and audit permissions for users other than the mailbox owner.

Want to learn more about how to protect Exchange on-premises or in the cloud? Get a 1:1 customized demo with one of our email security experts and see how Varonis can protect your email environment

Sarah Hospelhorn

Sarah Hospelhorn

Based in Brooklyn, NY, Sarah focuses on the strategy behind solving problems in data security. She’s been in tech for over 20 years, with experience in software, hardware, and cryptography.


Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.