At a glance
Manchester Airports Group (MAG) wanted to implement an integrated cloud email security solution to neutralize the phishing attacks that were getting through native defenses in Microsoft 365 and prevent sensitive information being sent to the wrong recipient.
Using Egress Defend and Egress Prevent, MAG now leverages AI-powered behavioral-based detection to eliminate inbound and outbound threats, while real-time teachable moments delivered by the products improve security awareness.
The need for a defense-in-depth approach in Microsoft 365
As the largest airport operator in the UK with over six thousand employees and fifty-five million passengers each year, it is important for Manchester Airports Group (MAG) to stop employees from interacting with advanced phishing attacks that could compromise operational efficiency. Additionally, MAG need to ensure the right information is shared with the correct recipients by email.
Despite extensive use of phishing simulation campaigns to create a culture of security awareness, Alcus Erasmus, Head of Cyber Security Engineering at MAG, explains: “The reality is that phishing threats are becoming more sophisticated, making it extremely difficult for employees to identify attacks. We were particularly concerned about phishing emails sent from compromised accounts.”
“In addition, it was a priority for us to mitigate the risk of misdirected emails, as the consequences for an organization involved in a data breach has become increasingly severe. Therefore, MAG recognized the need to add an additional layer of security to our native controls in Microsoft 365, supporting a defense-in-depth approach.”
Proactively preventing inbound and outbound threats
Alcus and the team at MAG started working with Egress in 2021. Following a successful solution evaluation in 2022, they implemented Egress Defend and Egress Prevent to neutralize sophisticated threats slipping through its native security and stop emails from being sent to the wrong recipient.
Integrating with Microsoft 365 as part of the Egress Intelligent Email Security platform, both Defend and Prevent use AI models to detect threats and use real-time nudges to alert users before security incidents can occur.
Defend utilizes pre-generative and zero-trust models, as well as linguistic, contextual, and behavioral analysis to detect advanced inbound threats such as phishing emails sent from legitimate compromised accounts. Prevent uses contextual machine learning and pretrained deep neural networks to identify abnormal sending behavior, stopping emails and attachments from being sent to an unauthorized recipient.
The team at MAG were particularly interested in Defend’s dynamic heat-based warning system. “The interactive banners instantly grab users’ attention, alerting them to risk and informing them about the threats they face.” states Alcus. “Coupled with this are Prevent’s real-time prompts that nudge users when they are about to make a mistake, meaning they’re educated while we’re proactively preventing a security incident.”
“Defend and Prevent prompts are both unobtrusive and introduce minimal user friction, only being displayed when necessary, meaning our employees’ workflow is not interrupted.”
“We can see that employees are paying attention to the real-time prompts and actively changing their behavior.”
Alcus Erasmus, Head of Cyber Security Engineering, MAG
Egress delivers detection results that matter
In a 90-day period, 2570 phishing attacks had bypassed Microsoft’s security defenses and were detected and neutralized by Defend. Of the attacks that slipped past Microsoft, 68% were from compromised accounts, 32% impersonated a company, and 40% included an attachment as the payload.
“Egress does what it is supposed to do - and more!” states Alcus. “Not only has Defend successfully prevented sophisticated phishing attacks that were slipping through our native defenses in Microsoft 365, but Prevent has demonstrated its value by stopping misdirected emails and any resulting security incident that would have occurred. We can see that employees are paying attention to the real-time prompts and actively changing their behavior.”
In addition, the security operations team at MAG were impressed with the administration and remediation capabilities for both Egress Defend and Prevent. “The analytic dashboards give us actionable intelligence on the number of suspicious emails MAG receives, as well as how many Prevent prompts have been accepted and incidents avoided. We can use this intelligence to drive user training and ensure employees receive a more tailored experience.”
Alcus concludes: “The statistics speak for themselves. Egress catches the phishing attacks that were evading Microsoft 365 and putting our organization at risk. Egress has elevated our email security defenses, while also supporting our training program and wider security culture.”