Like so many accounting firms, this top 400 accounting firm has moved much of its IT to the cloud—specifically, to Office 365’s core applications and email. With clients nationwide, this firm is a financial accounting partner for a diverse field of individuals, as well as all sizes of closely-held businesses and nonprofit organizations. The company agreed to share its story under anonymity to minimize its security risk profile.
Office 365 Security Wasn’t Enough
When the company’s IT manager (“Ron” to maintain anonymity), came on board in the summer of 2016, one of his top priorities was to ensure that the firm had the absolute best security possible in place for the firm’s users. On his first day, he knew they needed additional layers of security beyond Office 365’s native solution.
Prior to Ron’s arrival, the firm had fallen victim to a number of phishing attacks, including an aggressive ransomware attack, even with Office 365’s Advanced Threat Protection enabled. They had paid extra for Microsoft’s best security, but it was not enough.
“Microsoft Advanced Threat Protection is not a 100% solution,” Ron commented. “It has some basic security features, but it’s not an all-encompassing security solution.
“In one attack, someone registered a domain very similar to our web domain (e.g., xyzcpas.com), with an extra ‘e’ in the middle (e.g., xyzecpas.com). The attacker then created an email address using one of our employee’s names and sent infected documents to our other employees. The built-in Office 365 tools did nothing to detect or prevent it. I knew we needed more robust security in place.”
The Avanan Solution
Ron discovered Avanan while looking at Check Point Sandblast Threat Extraction. Considered one the most advanced security tools for the datacenter, it was not available for the cloud, except on the Avanan platform. Ron immediately engaged in an Avanan trial, during which Avanan and Check Point identified and prevented a host of phishing attempts similar the attacks Office 365 had allowed all summer. No other product had demonstrated such a clear and immediate difference.
Beyond email security, Ron also deployed a number of other tools to build the complete security stack he needed.
- Check Point AV for signature-based scanning
- Check Point Threat Emulation for sandboxing
- Solegate Email Protector for zero-day threats
- Cyren Anti-Phishing for malicious emails
- Global Velocity Data Leakage Prevention for data classification and compliance.
“No one vendor can do everything, so I appreciate using Avanan to plug into the companies that are the best at what they do. More importantly, they all worked seamlessly on the single platform. It was literally one click and they were working.”
“Since implementing Avanan, nothing has gotten through. We’ve seen more phishing attempts, but they’ve been caught by Avanan and its partners."
“I’m very happy with Avanan. I like the built-in anomaly detection so I can see if there are any login attempts from outside the US or mass email attempts."
“I’ve recommended Avanan to my previous employer and I’m sure I’ll do the same for other companies looking for security beyond basic Office 365 capabilities,” Ron added.