Securing Microsoft 365 email with GLIMPS Malware: an advanced threat protection

Companies using Microsoft 365 for their messaging are facing increasingly sophisticated cyberattacks.

While the Microsoft environment offers native security solutions, these can prove insufficient in the face of zero-day attacks and malware capable of sandbox evasion.

According to Hornet Security, formerly Vade Secure, 8 out of 10 companies base their e-mail security on features such as Microsoft Exchange Online Protection (EOP), which is the American company’s first level of filtering and therefore the most economical offering.

A risky choice, given that, as the consulting firm Deloitte reminds us, 91 % of all cyber attacks begin with a phishing email as the primary vector of compromise.

In response, GLIMPS introduces a dedicated connector for Microsoft 365 email. Featuring integration with Graph APIs, this solution provides in-depth scanning of attachments and links present in e-mails, without interrupting their delivery.

How does GLIMPS Malware integrate with Microsoft 365? How does this solution enhance the protection of your electronic exchanges? Find out in this article.

Previously, GLIMPS Malware‘s approach was based on a so-called “flow cut” architecture: emails were intercepted as they arrived in the Microsoft environment, then analyzed before being redistributed according to whether they were clean or malicious.

While this method provided effective protection, it was not without its flaws, as Cédric Gibert, Product Director at GLIMPS, explains: “In the event of network failure or unavailability, emails could be temporarily delayed, creating a Single Point of Failure (SPOF) in the distribution chain.”

With the integration of Microsoft’s Graph APIs, GLIMPS Malware now eliminates this SPOF by adopting an asynchronous, so-called “parallel” approach. Now, emails are first received and delivered by Microsoft 365 to the user’s inbox without any interruption. A hidden copy of the messages is then scanned in real time by GLIMPS Malware‘s detection engines using Microsoft 365’s Graph APIs.

Depending on the analysis verdict, actions such as deleting, quarantining or flagging emails by adding a label can be applied directly to users’ inboxes, with no slowdown to be expected.

With this new architecture, GLIMPS Malware meets the expectations of companies that today prioritize the fluidity and efficiency of collaboration tools, particularly in so-called digital workplace environments such as Microsoft 365.

Although Microsoft 365 offers built-in security features, it has several limitations in the face of sophisticated threats targeting businesses.

One of the main shortcomings lies in its sandboxing solution, designed to execute malicious files and links in an isolated environment before delivering the email to the user. This approach suffers from two major drawbacks: high processing times and an inability to detect modern evasion techniques.

On average, the Microsoft sandbox can take up to 30 seconds to process an e-mail. This is perceived as a hindrance to end-users, particularly in business environments where rapid email processing is essential. To reduce these delays, compromises are often made on analysis depth, thereby reducing detection efficiency.

While dynamic analysis using a sandbox may have worked just a few years ago, cyber attackers are now exploiting advanced techniques to bypass sandboxes.

Modern malware is able to detect that it is being executed in a simulated environment. It then adapts its behavior by remaining inactive, and in some cases can even collect information about the environment and transmit this data to the command and control (C2) server.

Another drawback is that the antivirus integrated into Microsoft 365 relies mainly on known signature databases, limiting its ability to detect zero-day or polymorphic attacks. This reactive approach exposes companies to significant risks in the face of increasingly innovative cyber-attacks.

GLIMPS Malware‘s main strength lies in its ability to detect cyberthreats in attachments, thanks to algorithms combining Deep File Inspection, concept-code and artificial intelligence.

It’s not uncommon to find malware embedded in a PDF or archive that can evade conventional antivirus programs by masking its malicious behavior.

Without needing to go through a decompilation stage, GLIMPS’ solution scans these files in depth, inspecting their structure, code and execution logic, giving it the ability to detect malware designed to bypass sandboxes and signature-based solutions.

In addition, URL analysis ensures that links contained in e-mails do not redirect to malicious sites, even when the latter exploit evasion techniques or context-dependent content differentiation.

GLIMPS Malware also stands out for its scalability. As Cédric Gibert points out: “In two years, the solution has gone from a processing capacity of 50,000 and then 100,000 emails per day, to 500,000 emails today, with the aim of reaching several million emails per day in the near future.”

According to the Statista Institute, Microsoft 365 will be used by 2 million companies 2 million companies worldwide by 2025.

With its connector for Microsoft 365, GLIMPS redefines email security standards.

Combining analysis without having to cut off the messaging flow thanks to Graph APIs, and combining advanced technologies such as Deep File Inspection, the solution guarantees enhanced protection without compromise.

Protect your Microsoft 365 messaging today with GLIMPS. Request a free demo and find out how our solution can secure your business exchanges.