Skip to content

Hit enter to search or ESC to close

Protection against cyber-attacks has always been complex. But today, detecting and preventing attacks against businesses is more complicated than ever. The volume and sophistication of cyber threats are unparalleled. If you use Microsoft 365, you should be aware of potential gaps in the native security within the productivity suite. Studies have shown that these gaps have resulted in almost 20% of phishing emails circumventing Microsoft 365 Exchange Defender and Microsoft Exchange Online Protection (EOP).

This article explores the security gaps in M365 and how ICES solutions provide a more comprehensive, defense-in-depth approach to phishing prevention.

Did You Know?


cyber attacks begin with phishing

10 minutes

to seamlessly install PhishTitan

$10.5 trillion

estimated global cybercrime cost

295 days

to stop & spot a phishing attack

Phishing Volume and Sophistication Overload

The Anti-Phishing Working Group (AWPG) research for Q1 2023 identified 1,624,144 phishing attacks, describing the situation as "This is a record high -- the worst quarter for phishing that APWG has ever observed.” Notably, APWG data for Q3 was slightly lower but still described as the “third-highest quarterly total that the APWG has ever recorded.”

Volume is one thing, but sophistication is another challenge altogether. If a secure email solution could catch threats, it would do so effectively, even with high volumes. However, the new era of phishing has changed the metrics. Phishing is no longer the clumsily put-together spoof email that even the most straightforward email gateways can detect. Phishing is now polymorphic, evasive, and often multi-stage; cybercriminals may also use compromised email accounts to carry out these attacks, making detection challenging.

What is Defense-in-Depth, and Why Use it?

Sophisticated tactics to evade detection need an intelligent mechanism to detect any cloaked attempt to hide in plain sight; this is where the defense-in-depth strategy comes in. What do security professionals mean when they talk about "defense-in-depth"? The U.S. National Security Agency (NSA) originally coined the phrase to describe a military strategy. However, used in cybersecurity, defense-in-depth is an approach that uses multiple layers of protective mechanisms to ensure that evasive tactics, commonly used by cybercriminals, are identified, and malicious actions and objects (such as phishing emails) are stopped. This approach protects endpoints, servers, and data and prevents human-centered attacks. More recently, a defense-in-depth approach can utilize intelligent technologies, adding even stronger techniques to identify obfuscated and evasive phishing.

In terms of email security, a defense-in-depth approach has become critical as cybercriminals have evolved their techniques and tactics to evade native email security gateways, such as Microsoft Exchange Online Protection (EOP) and Defender used to protect M365.

Research for Q1 2023 identified 1,624,144 phishing attacks, describing the situation as "This is a record high -- the worst quarter for phishing that APWG has ever observed.”

Where are the Security Gaps in M365 Native Security?

According to a report, 90% of companies have security gaps in their M365 environment. These gaps in the native security offered in M365 are being exploited by cybercriminals using evasive and exploitative tactics. Some examples will give you an insight into how these gaps have come about:

MFA Bypassed: Cybercriminals now have techniques to bypass the multifactor authentication built into Microsoft 365. Adversary-in-the-middle (AiTM) is a phishing technique where attackers compromise an email account and add a new rogue authenticator. This allows them to evade detection more efficiently and to persist in the system, allowing them to carry out longitudinal attacks. Poor security follow-ups and alerts compound the security gap. Unfortunately, in this example of the MFA bypass, the rogue authenticator was set up without a warning being sent to the legitimate account holder.

Configuration Errors: Email security in native M365 security is defined using policies. If these policies are not configured correctly, or a new threat emerges that is not reflected in a policy, a security gap occurs, and phishing emails can slip through the net.

Send Errors: M365 cannot detect if an incorrect recipient is added to an email. This allows sensitive content to be sent out of the organization, causing embarrassment and non-compliance with regulations. Similarly, M365 cannot detect if the wrong document is attached to an email.

Multi-Stage Email Attacks: M365 native security is good at detecting generic phishing emails. However, many modern phishing campaigns are not one-off phishing campaigns. Instead, current scams often use multiple stages and compromise legitimate email accounts to enter the network. Phishing emails are likely highly targeted, focusing on administrator or accounts payable roles. As Business Email Compromise is called the $43 billion scam by the FBI, it uses complex tactics to steal large sums of money. M365 native security does not utilize behavioral analytics or natural language processing and cannot connect across multiple stages to detect nefarious events. 

One of the issues that M365 native security has is that cybercriminals are developing Phishing-as-a-Service kits that specifically bypass this security. A recent highly sophisticated example is the W3LL phishing kit. This kit was designed to make Business Email Compromise (BEC) scams daccessible to even novice scammers. The kit allows cybercriminals to bypass Microsoft’s MFA and includes obfuscation methods for email headers and body text to evade detection.

Hear from our Customers

Security system for companies

What do you like best about PhishTitan? It is helpful against scammers and used frequency in the base of security What problems is PhishTitan solving and how is that benefiting you? It is a basic security needed for every mail users against scammers

Samuel J.


Saves time and money.

I can guarantee you that we have seen ROI if only because it's blocking the phishing links. That one piece alone saves time and money.

Cindi Cockerham

Network Engineer

PhishTitan is the Next Best Thing

Comments: We are a current customer of their SpamTitan product and have expanded our buy with the company because the products are sound and a great value. Ease of setup Ease of deployment Straightforwardness of features and settings



PhishTitan Review - IDT

We are still assessing the product, for now, the reporting spam function appears to be solid.


Director, Information Systems

Simple setup, minimal maintenance

Pros: PhishTitan is extremely easy to setup & onboard customers, it typically takes us less than 5 minutes to have a client completely onboarded onto the platform. We've been using the platform for around 6 months now and have had to perform next to no maintenance on it, it just works. Phishing detection is extremely accurate Cons: Not had any issues to report yet! And based on their responses from queries, their support team would be on it straight away with a fast resolution. Overall: Great product, easy to use & setup, great detection & next to no maintenance required. Would fully recommend the product to greatly reduce your phishing threats and administration time.

Ricky B.

IT Operations Director

ICES Closes the Email Security Gaps

Integrated Cloud Email Security (ICES) is a technological vanguard in email security that closes the security gaps found in M365. ICES solutions are designed to detect and prevent advanced phishing threats using behavioral analytics, AI, and natural language processing. ICES solutions can make contextual decisions informed by intelligent pattern detection. This contextual analysis is critical in identifying multi-stage attacks such as Business Email Compromise (BEC), where email conversations could look legitimate until the context and history of the exchange are analyzed.

ICES solutions are cloud-native SaaS solutions that offer all the inherent capabilities of cloud solutions, including scalability, ease of deployment, and centralized maintenance and management. ICES closes the gaps in Microsoft 365 native security to provide a complete defense-in-depth approach.

Features of PhishTitan, an ICES Solution

PhishTitan is an ICES solution that uses a defense-in-depth approach to email security. The intelligent, protective layers used to capture even the most deceptive and evasive phishing-related attacks include the following features:

  • AI-Driven Threat Intelligence: URL and web page anti-phishing analysis based on AI trained using data from a vast threat corpus. The system learns over time and can identify patterns, adjusting tactics to capture emerging threats. 
  • Real-Time Threat Analysis: PhishTitan's AI-driven anti-phishing service follows malicious links in an email to check the website. The email will be released to the user’s inbox if the website is legitimate.
  • Time of Click Protection: PhishTitan rewrites URLs and checks the website associated with the link. If the website is a phishing site, the user will be prevented from entering the website.
  • URL Rewriting and Analysis: URL analysis validates the security of the URL against multiple curated anti-phishing feeds. This system works with the ‘time of click’ protection to prevent successful phishing attacks. 
  • Link Lock Service: A service that ensures the company remains protected even if a recipient clicks a URL in a malicious email.
  • Smart Mail Protection: Compares incoming mail with a list of known threats. Curated data from multiple sources across the global threat landscape ensures that the most current threats are always part of this list.
  • Data Loss Prevention (DLP)Prevents sensitive data from leaving the corporate network, whether by accident or maliciously.
  • Native Integration with Office 365 Email: PhishTitan works symbiotically with the native security in M365 to offer inline advanced phishing protection seamlessly.

Chat with a TitanHQ ICES expert to see how PhishTitan can close the security gaps in M365.

Susan Morrow

Susan Morrow


Talk to our Team today

Talk to our Team today