This case involves attacks at a division of a large Telco with a strong IT team operating more than sixty on-premises servers and mandating a 2FA security solution for any division managing their own Exchange Servers.
And then … several incidents lead one Division’s security team to discover that password guessing was occurring against their Outlook Web and Admin (OWA & ECP) sign-on pages. This was very unexpected with the mandated 2FA solution in place. In fact, two specific issues were occurring:
- Attacking the sign-on page, password guessing was successful and credentials were stolen, and
- Attacking the sign-on page, Active Directory was locking out valid users from their accounts.
The Telco Division initiated a project to enhance their 2FA solution and tighten their security posture, with these three initial goals:
- Stop password guessing and automated brute force attacks;
- Block hostile sources and resolve AD lock-outs without impacting individual users;
- Obtain security analytics and reporting data for logons to Exchange Server services.
This led them to Messageware and our Exchange Protocol Guard (EPG) product. On a remote web-demo and resulting pilot project, the product team was impressed with a combination of EPG’s CAPTCHA system to prevent automated guessing, EPG’S Locking system to independently block attacking sessions (TARPIT), and EPG’S Reporting and Alert systems.
And, they also discovered the need to protect ActiveSync, EWS and Autodiscover as these Exchange services are vulnerable vectors left unprotected by 2FA solutions.