Protection for Exchange Online - FileWall Review
The following blog post is a paid review for FileWall expressing the opinion of the author.
FileWall is a 3rd party Cloud Email Security solution for Exchange Online. In general, I am not a huge fan of adding 3rd party solutions into Exchange Online for several reasons…
First, Microsoft does a decent job of virus protection for your mailboxes within Office 365, and that protection is included in the licensing fee for every mailbox. Exchange Online Protection (EOP) is not a flawless system, but I find it to be adequate for most mailboxes in most circumstances. I do find that some customers do not trust Microsoft anti-virus protection, and probably never will. I am not sure if that lack of trust is justified or not, and that is not really the point here.
The big problem I have with 3rd party AV solutions is that all 3rd party AV solutions I have seen require the customer to make changes to the routing of your mail flow such that your email goes into (and generally out of) that company’s infrastructure before getting to your Office 365 tenant. 3rd party AV solutions necessarily make the built-in protection of EOP less effective because this setup obfuscates the original source information about where the email message originates.
Regardless of 3rd party AV solutions being “better” than the protection that EOP provides or not (I am not sure how you would judge that for future threats and it is hard to definitively judge for past viruses too), they do make EOP less effective.
Secondly, outside of the routing changes needed for all the 3rd party AV solutions that work with Exchange Online they also introduce an unnecessary level of complexity to your end-user’s email experience. If an end-user does not receive an email message they are expecting, there is generally no easy way for that user to know if the message was held by EOP or your 3rd party AV solution.
FileWall works differently
Here is the big upside to FileWall, there is no need to change your email routing configuration for FileWall to work.
FileWall is a plug in available in the Azure Marketplace. FileWall can be setup in your Exchange Online tenant without the need for you to modify your MX records at all. FileWall can be setup for a s ingle user within your tenant while not having any access to or making any modifications on any other mailbox within your tenant. For me, this solves a lot of the problems I have with other 3rd party AV solutions that work with Exchange Online. Once configured FileWall can scan all messages sent and received within mailboxes for which is it setup, even email messages you just send to yourself. Most 3rd party AV solutions do not work for message sent within your tenant unless you make considerable routing changes to your tenant that force internal messages to route out to the 3rd party solutions servers.
FileWall vs Safe Attachments
Microsoft does have a solution that is natively available within Office 365 that can be compared to FileWall, Microsoft Defender (formerly named Advanced Threat Protection). These two solutions are both designed to protected end-users and the overall Office 365 tenant against malware entering via attachments, but they work very differently.
Microsoft Defender includes a sub-feature called Safe Attachments that works by building a virtual sandbox environment and executing attachments within that environment, then watching to see if anything “bad” happens. I do not have the full technical detail on what exactly Microsoft does behind the scenes, but I can say that the big knock from customers about Safe Attachments is that it can slowdown email delivery considerably.
FileWall uses a system that they call Content Disarm and Reconstruction. Instead of looking for virus signatures (which may or may not match a specific virus at any given time), CDR disables the dangerous functionality of specific files types. This is all configurable within the FileWall admin console so that administrators can remove as little or as much of this dangerous functionality as their organizations deem appropriate. Administrators can block macros in Word files, or hundreds of different elements in dozens of different files types. In my tenant I turned on FileWall for all file types and all elements and so far, I have not experienced any functionality issues with received attachments.
Within the FileWall admin console administrators can create separate policies for different groups of users or individual users, so this solution is as customizable as you would like it to be.
What does FileWall cost?
FileWall is $1 per user per month, and free for Microsoft CSP’s. That is considerably less expensive than most of the 3rd party AV solutions I am aware of, and in my less than humble opinion a much more useful solution.
It is difficult to compare the price of FileWall to any of the add-on security features offered by Microsoft because of Microsoft super confusing licensing. Suffice to say, FileWall is not very expensive for the level of protection that it offers.
Wrap Up
I will “bottom line” it here. FileWall is easy to setup, does not require changes to your email routing, and inexpensive. It adds a level of protection against malware entering your Office 365 tenant via email attachments that I do not think is available with other solutions. I have had it working in my tenant for a while now, and it has caught malicious attachments. If your organization is looking for additional malware protection, FileWall is a good low-risk option to try.