Sophos Phishing Protection



How Sophos Can Help While there’s no silver bullet when it comes to phishing, we can help you at every point in the attack chain. Start with phishing visibility and education, and back up with pre- and post-delivery protection. Plus, you can control everything through a single Sophos Central management console. Here at Sophos, we’re innovators in virus security, focusing on developing new applicable technologies to fight malware, phishing, ransomware and other forms of cybercrime with solutions stretching back over 30 years.

Impersonation Protection detects phishing emails that pretend to come from well-known brands or from important people within your organization.

Restriction This option is only available with an Email Advanced license.

Go to Overview > Global Settings > Impersonation Protection.

Impersonation Protection looks for two types of impersonation:

  1. Imitation of a well-known brand, often a financial organization or online shopping site.
  2. Use of the names of important people in phishing emails.

Impersonation Protection is turned on by default and controlled by Email Security policy settings.

Sophos Phishing ProtectionSophos Phishing Protection

VIP management

On the VIP management page you can enter up to 200 email addresses of very important people (VIPs) in your organization. Emails are monitored for signs of impersonation of these addresses.

You can manually add email addresses with the Add VIP function.

The Help me find VIPs function searches a connected Active Directory (AD) service for high-risk users. The more information you’ve added to your AD entries (for example job titles) the better the results are. You then select users from the search results.

Sophos Spam Protection

Protect your Microsoft Office 365 users from malicious emails.

Restriction You can only use this feature if you've joined the Early Access Program.

With O365 Security you can set up Post delivery protection. This includes Auto search and destroy, which searches your users' Microsoft Office 365 mailboxes to identify and quarantine malicious emails.

You must add your Microsoft Office 365 tenant domains to Sophos Central in Email Gateway Dashboard > Addresses and domains before you can use Post delivery protection.

Restriction You must be a Super Admin to set up and manage connections to your Microsoft Office 365 tenants.

Set up O365 Security

Sophos Phishing Protection

When you set up O365 Security you must give permission for Sophos applications to access your Microsoft services. This allows us to scan users' inboxes for malicious emails.

You can find out how to set up O365 Security and turn on Auto search and destroy in Setup Post delivery protection.

Sophos Malware Protection

Manage Microsoft Office 365 connections

You can see the status of connections to your Microsoft Office 365 tenants in Overview > Global settings > Domain Settings / Status.

For more information see Domains Settings/Status.

Sophos Utm Phishing Protection

Manage quarantined messages

Auto search and destroy automatically looks for malicious emails from your users' inboxes, and quarantines them. You can find quarantined emails from Office 365 users in Email Gateway Dashboard > Quarantined Messages > Post delivery quarantine.

Sophos malware protection

For more information see Quarantined Messages.

Reports

O365 Security reports are available in Overview > Logs & Reports > Post delivery summary.

Sophos Phishing Protection

For more information see Post delivery summary report.