MS Exchange Security Assessments

An organization’s mail server is a critical business application and is often overlooked when designing security programs.  But how long can a business function without Email?   How much critical or embarrassing organization data is being stored and passed by employees via Email?  In 2014, the Sony Corporation lost use of their Email server access for over a week and had some executive level data exposed during an attack and lead to an embarrassing situation. 

Microsoft Exchange is by far the most dominate corporate mail server and is often excluded from security testing due to its criticality.  Network administrators sometimes exempt Exchange servers from routine patching services due to fear of crashing the core server.

Exchange is often exposed to the Web as an open Internet service and is vulnerable to scanning and exploitation, yet Exchange’s host server security is often ignored with weak passwords and no end point protection.  Our security consultants can assess and advise you on your Email server security to bring it into align with your organization’s security profile.  SD will look at items such as spam and malware management, server configuration and maintenance, DLP settings, AD synchronization, encryption and secure message delivery.