Video summary: This video discusses high volume logon attacks (HVA) against Microsoft Exchange servers and Messageware Exchange Protocol Guard’s role in countering these attacks.
Cybersecurity threats are becoming more sophisticated and relentless, especially for critical infrastructure like email servers. One such threat to be aware of is the high-volume logon attack (HVA), which targets on-premises Microsoft Exchange servers. These attacks attempt to breach security by testing thousands of username and password combinations in mere seconds, exploiting the very mechanisms designed to authenticate legitimate users.
HVAs can manifest in various forms, including scripted attacks on logon forms, programmatic attacks against the Exchange Server API, and even direct assaults on protected Exchange virtual directories. Such attacks can cause significant disruption, as they often lead to Active Directory (AD) account lockouts and the potential theft of passwords. This is a critical concern for organizations using Microsoft Exchange Server 2019, where even the presence of multi-factor authentication (MFA) is insufficient to prevent the chaos caused by High Volume Attacks.
During an High Volume Attack, organizations can experience turmoil within their Active Directory as users get locked out, preventing them from accessing their emails and disrupting business operations. This is where Messageware Exchange Protocol Guard (EPG) comes into play. Messageware EPG is a robust security solution designed to counteract high-volume attacks on Microsoft Exchange servers.
Messageware EPG offers several key features that strengthen Exchange servers security against attacks:
- Real-time Threat Data and Ban Lists: EPG continuously monitors for suspicious activities and uses real-time threat intelligence. This system proactively blocks both scans and attacks, and also allows administrators to quickly identify and block attackers, adding them to ban lists before they can cause significant damage.
- Dynamic Tarpit and Independent Locking System: By recognizing and banning repeat offenders of logon attempts against a variety Exchange services, attackers efforts to discover passwords are frustrated and foiled. Additionally, EPG’s independent locking system ensures legitimate user accounts are not disabled, allowing for productive and uninterrupted access for users.
- Dynamic CAPTCHA Triggering: Upon detecting unusual activity that could signal an attack, EPG dynamically triggers CAPTCHAs to verify if the login attempts are human. This adds an extra layer of defences against automated attack tools.
- Geo-blocking and IP Targeted Blocking: EPG can restrict access based on geographical location or specific IP addresses, providing another level of security by preventing logons from regions or IPs that are deemed high risk or are not recognized as part of the organization’s normal traffic patterns.
High Volume Attacks continue to pose significant threats to organizations using Microsoft Exchange Server 2019. It is imperative to deploy advanced security measures like Messageware Exchange Protocol Guard. EPG’s comprehensive suite of protective features ensures that your email infrastructure remains secure, your users’ productivity is uninterrupted, and your data is safeguarded from unauthorized access.