Strengthening email security in Microsoft 365 against today’s cyber threats

Organizations using Microsoft 365 for their messaging are facing increasingly sophisticated cyberattacks.

While the Microsoft environment integrates native security filters, these prove insufficient against advanced threats such as zero-day exploits and sandbox-evasion malwares that target enterprises.

To address this challenge, we created GLIMPS Email Security for M365. Featuring integration with Microsoft Graph APIs, this solution ensures thorough scanning (body, attachments, and URLs) without interrupting email delivery.

The main gaps lie in entry-level offerings, such as Microsoft Exchange Online Protection (EOP). It is the most economical option and is used by the majority of enterprises.

This is a strategically risky choice, as consulting firm Deloitte reminds us: 91% of cyberattacks use email as their primary compromise vector.

The sandboxing solution (available in advanced subscription plans) is designed to execute malicious files and links in an isolated environment before delivering the email to the user. It offers a higher degree of security but proves costly.

Moreover, this approach has two major drawbacks: high processing time and an inability to detect modern evasion techniques.

On average, Microsoft’s sandbox can take up to 30 seconds to process a message. This duration is perceived as a bottleneck for end users, particularly in professional environments where speed is essential. To reduce these delays, compromises are often made on analysis depth, thereby reducing detection effectiveness.

Added to this is the inability to identify malware designed to bypass sandboxes, increasingly used by cyberattackers. These malwares are capable of detecting when they are executed in a simulated environment. They then adapt their behavior, remaining inactive, and can in some cases collect information about the environment and transmit it to the command and control (C2) server.

Another drawback: the antivirus integrated into Microsoft 365 relies primarily on known signature databases, limiting its ability to detect zero-day or polymorphic attacks. On average, 40% of advanced threats would go undetected.

These reactive technologies expose organizations to significant risks from increasingly innovative malware.

GLIMPS Email Security has the ability to detect the most complex malware that slips under Microsoft 365 security radar, present in both the email body, attachments, and URLs.

This translates to more than 30 analysis technologies, orchestrated to identify threats at different levels of the email.

Detecting weak signals in the email body

Today, AI benefits cybercriminals and enables them to create massive phishing campaigns that are increasingly sophisticated and better targeted. There is therefore a genuine need to protect against these forms of attacks.

This is why our expert teams developed a new sovereign AI model, trained to detect phishing and all kinds of fraudulent messages (BEC and spoofing, spam, mass advertising sends, etc.). It is capable of recognizing weak signals and identifying malicious content within seconds.

Detecting threats in attachments

For this part of emails, it is the GLIMPS Malware technology specialized in file analysis that intervenes. It goes further than conventional solutions by combining Deep File Inspection, concept-code analysis, and artificial intelligence to offer advanced attachment analysis and detect the most complex attacks.

It is not uncommon to observe malware embedded in a PDF or archive that can evade conventional antivirus by masking its malicious behavior.

Without needing decompilation, GLIMPS Malware engines scan these documents in depth, inspecting their structure, code, and execution logic. Thus, they detect malware designed to bypass sandboxes and signature-based tools.

Analyzing URLs

GLIMPS Email Security ensures that links contained in emails do not redirect to malicious sites, even when these exploit evasion techniques or content differentiation based on context.

The Detection As Code approach

We chose to apply Detection As Code principles to our solution. It integrates more than 500 rules, enabling rapid and continuous evolution of detection capabilities in response to new attacks. This also guarantees maximum agility in deploying new rules without requiring heavy infrastructure updates.

Previously, our solution relied on an architecture called “stream cutting”: emails were intercepted upon arrival in the Microsoft environment, then analyzed before being redistributed based on their safe or malicious nature.

While this method ensured effective protection, it was not without flaws, as explained by Cédric Gibert, Product Director at GLIMPS: “In case of failure or network unavailability, messages could be temporarily delayed, creating a Single Point of Failure (SPOF) in the distribution chain.”

With the integration of Microsoft Graph APIs, our tool eliminates this SPOF by adopting an asynchronous, “parallel” approach.

Emails are first received and distributed by Microsoft 365 to the user’s inbox without any interruption. A hidden copy of messages is scanned in parallel and in real-time using Microsoft 365 Graph APIs.

According to the analysis verdict, actions such as deletion, quarantine, or marking via label addition can be applied directly to inboxes, without impact on user experience and productivity.

With this new architecture, GLIMPS Email Security meets the expectations of enterprises that today prioritize fluidity and efficiency of collaboration tools, particularly in digital workplace environments such as Microsoft 365.

Faced with the gaps in Microsoft 365’s native security, GLIMPS Email Security redefines protection standards by combining multi-layered analysis and a flow-through approach using Graph APIs.

Secure your Microsoft 365 messaging today. Contact us and discover how our solution can protect your business communications.