Questions about ECOS

[ShaneDT 13]

One of the reasons I use and recommend ESET antivirus to all my customers is the ESET add-in for Outlook. Microsoft 365 Exchange Online (EO) servers do a good job of filtering out threats but some malware especially phishing emails still get through. ESET does a very good job of filtering these out once received by Outlook. Very rarely do I see anything malicious get through to a users Inbox.

But of course this only works when the email is first received by Outlook. If the email is first received in Outlook Web or on a mobile device, it's not scanned or removed by ESET.

So I'm looking for a traditional email scanning solution, an online service that scans all incoming emails before they get to Exchange Online. ie where you reconfigure your MX record to point to the scanning service for mail delivery, it then scans all emails for your Domains, then forwards them onto Exchange Online.

So my first stop is of course ESET. But ESET doesn't seem to have this type of product.

Instead now we have ECOS which connects to and integrates with the Office 365 tenant.
So I have a few questions about ECOS please.

From what I've researched it appears ECOS is licenced based on the number of users protected. By default if selecting the automatic setting it detects and protects all licenced users only.
With this default setting, does that mean emails sent to shared mailboxes and distribution groups are not scanned?

If manually adding the shared mailboxes I assume each of these would then count for an additional licence?

What about distribution groups - can these also be selected for protection?

From my understanding of researching so far, ECOS doesn't actually sit in front of Exchange Online, EO actually 'passes' emails to ECOS to be scanned. And it seems there are instances where this does not happen (post on here about forwarded emails from shared mailboxes)?

So it appears there is NO WAY to ensure ALL incoming emails are scanned by ECOS? 
As ECOS is relying on EO to deliver emails for scanning, which doesn't always happen.

[ShaneDT 13]

No response or answers, even from Marcos?

Sadly it looks like I'll be going with another vendor for this. 

[product_manager_8 5]

Hi @ShaneDT, my apologies for the delay, I usually get automatic notifications for new threads but did not this time for some reason.

To answer your questions, you are correct, ECOS is licensed per user. Shared mailbox is still seen as a user so you will need a license to cover it. But if you purchase ECOS as part of a bundle, you will get 10% extra licensed seats which should cover these cases.

Distribution groups cannot be protected as they do not have their own mailbox. However, if your distribution group has 5 members and all of them are protected, the emails sent to them will be scanned as they land in each user´s mailbox.

You are correct about the architecture of ECOS, that it gets GraphAPI notifications after the email is received. In 99% cases, this happens within 1-2 seconds and then the email gets scanned. We also check for missed notifications because as you mentioned, we are relying on MS to send the notifications.

We are currently evaluating all options, including addition of a secure email gateway, similar to what our ESET Mail Security for Exchange is for on-prem. The market however is moving away from these kinds of traditional solutions but that does not mean you won´t see one from us in the future.

I will use your valuable input in our discussions about future improvements/products.

[ShaneDT 13]

Thanks for your detailed reply.

I think there is a place for a product like ECOS but equally I think a simple in front gateway has its place as well. 

Not everyone is going to want such a complicated solution to a simple problem. Nor will everyone be comfortable providing integration to their tenants for third party applications. As secure as I'd expect ECOS would be, every connection is another potential weakness.

So until ESET releases a cloud managed email gateway, sadly I'll need to look elsewhere. Any recommendations  

[product_manager_8 5]

There are pros and cons to everything If there is a gateway in front of the mailbox, and the gateway is out of order for whatever reason, the email may not get delivered at all as it could remain stuck at the gateway and would not be forwarded to the mailbox. On the flipside, with API security solutions, if that solution goes down, the email gets delivered, but it wouldn´t be scanned. Of course this is an edge case, but still something to think about.

I don´t know about our competitors but when we onboard a new tenant (which is extremely easy and short), we only request minimal permissions necessary for ECOS to work. And you can also revoke them at any time if you want.

I am not trying to convince you to choose ESET for your mail security, but I want to make sure you make an informed choice. If you decide to go with a competitor, and we end up releasing a gateway in the future, I hope we can win you back as our customer

Edited February 7 by product_manager_8

[ShaneDT 13]

Don't worry, you don't have to convince me. If ESET had the product I was looking for I wouldn't even consider looking elsewhere.

Re the permissions for ECOS, so for example it includes 'Read and Write files in all site collections'.

So as an example this essentially gives ECOS full access to everything on SharePoint and OneDrive for all users.

I realize the application needs to be able to do this to scan the files and quarantine anything detected, but yeah nah I don't want to give any third party app direct access into my tenant, nor would I consider this for most of my customers.

Anyway, if ESET does introduce a gateway product please let me know