Blog Details

  • Home
  • Fully Protect your Microsoft Exchange server with TransientX

Fully Protect your Microsoft Exchange server with TransientX

Hafnium attack a wakeup call to protect on-premises assets with true zero trust application access.

A Critical Problem To Address

On March 3, 2021 the US Government issued a rare directive to mitigate vulnerabilities with on-premises Microsoft Exchange servers because of a widespread hack by a state-sponsored group Microsoft calls Hafnium. With 43% of all Exchange mail accounts managed on-premises, and more than 30,000 servers in the United States alone, the risk of Chinese hackers obtaining invaluable data from these at-risk servers is the new info-pandemic The underlying reason why this hack is so widespread is simple: Businesses have cracks in IT infrastructure that permit hackers to violate two key tenets of IT security:

  1. Protect the servers: Block bad-actors from access to the enterprise data center or private cloud where the apps and data reside
  2. Protect the data: Prevent end-users or malware on devices to exfiltrate data

Hackers have accessed Microsoft Exchange through publicly exposed paths, and back-door breaches have allowed them to access the server directly. To stop both risks, all access to the servers must be controlled. Specifically, unprotected access to these services must be stopped:

  • Outlook Web Access (OWA)
  • Microsoft Active Sync for mobile access
  • Microsoft MAPI over HTTP access for Outlook to access Exchange
VPN: You are still at risk

The first answer that may come to mind is to use a VPN. That unfortunately just kicks the can down the road. The VPN limits access to the data center only. However, any infected end-user device then just needs to connect via the VPN to OWA or the Exchange server. At that point, malware will have unfettered access

ZTNA: You could still be exposed

Many zero trust access services have arisen to limit user devices to only access designated servers. Said differently, if a user device uses Zero-Trust Network Access (ZTNA) and their infected device is accessing an application other than Exchange, they will not be able to reach Exchange and infect the server. This is fine if the user is not using Outlook or OWA. If they are, once Outlook attempts to access Exchange, most ZTNA solutions will treat this as a legitimate access request and open the path to Exchange. Then, malware on the device will likewise have a clear path to Exchange!

TransientX: The only Zero Trust solution to prevent Microsoft Exchange Server infections

The only fool-proof way to protect enterprise-managed on-premises Microsoft Exchange servers is via TransientAccess, the next-generation Zero Trust Application Access solution from TransientX. TransientAccess delivers three distinct capabilities to prevent malware from ever reaching the Exchange server, for all access methods:

  • Hide the Exchange Server: The server IP addresses, and DNS names are never published or visible. The TransientAccess virtual network dynamically maps virtual addresses to the real address, with different mappings per user and per server. Malware looking for these servers cannot find them because they are camouflaged. By preventing this potential east-west traversal, malware is blocked from attacking the servers.
  • Connect the app to the Exchange server: TransientAccess is unique in the market in its ability to securely wrap any application, including browsers and Outlook, in an isolated workspace to limit its available network destinations. Therefore, malware cannot reach the enterprise data center without infecting Outlook itself, or the browser directly.
  • Secure the browser and Outlook from malware: The TransientAccess secure micro-container protects applications from malware. When the user activates their browser to reach OWA, or uses Outlook, the secure micro-container prevents malware from affecting the application. This means that as long as the browser or Outlook are protected by TransientAccess, malware cannot reach or infect Exchange servers.
Protecting Microsoft Exchange with Zero Trust Application Access

  Below is a comparison between VPN, basic ZTNA, and TransientAccess:

  VPN Zero Trust Network Access TransientX- Zero Trust Application Access
Protect Data Center and cloud
 
 
 
Controlled Access  
 
 
Prevent Malware from accessing Exchange    
 
Prevent users from copying, downloading data    
 
VPN vs ZTNA vs Zero Trust Application Access with TransientAcccess

Visit  www.transientx.com for more on zero-trust network access or go here to get TransientAccess now for free!

Leave Comment

Egemen Tas


22+ Years of Experience​

As President and Chief Executive Officer of TransientX, Inc., a pioneer in network of applications technology, he is responsible for strategy and day to day operations.​

Before TransientX, he served as Chief Technology Officer at COMODO Cybersecurity, and during his tenure created some of the world’s most disruptive cybersecurity products, including COMODO Endpoint Security, lauded by NSA and Wikileaks as impenetrable.

Egemen is also a noted “white hat” who has been cited in a number of ethical hacking publications and whose tools are still used today in related subject courses around the world, including those offered by the reputable SANS Institute.

He has been recently recognized in the industry as one of the 40 Most Influential Turkish Americans.

Egemen holds a degree in Computer Science from Bogazici University in Istanbul, Turkey.

This will close in 0 seconds

Jeffrey S. Harrell


20+ Years of Experience​

Jeffrey has served as the Company’s Chief Financial Officer and VP of Business Strategy since June 2020.

Previously, he co-founded several technology companies which were subsequently acquired in the semiconductor and software industries. Jeffrey practiced corporate law for more than 20 years.

Jeffrey has a J.D. from the University of Virginia School of Law and a B.S. in accounting and finance from Virginia Tech.

He is also a certified public accountant (Virginia).

This will close in 0 seconds

Selhan Bilsay


20+ Years of Experience​

Selhan is responsible for engineering activities and product development ​

Before joining TransientX, he was the general manager of COMODO’s R&D operations in Turkey. ​

Being one of the leaders who worked in NATO cybersecurity doctrine, he is a seasoned expert in millitary defense industry with more than 15 years experience in the sector.

Selhan holds MBA degree from The Hague University, The Netherlands and BSc degree in Electronics Engineering from Hacettepe University, Ankara-Turkey

This will close in 0 seconds

Chad Loeven


As VP Marketing, Chad Loeven is responsible for all things digital and messaging. Chad has been involved in enterprise security for over 20 years and brings a thorough vision of our industry to the table, making sure our alignment within the industry is perfect.

After having successfully guided Vircom, Sunbelt (acquired by GFI) and Silicium (acquired by RSA), he directed RSA’s strategic partnerships. He most recently headed up VMRay’s U.S. operation, building out the sales, marketing and customer success teams.

This will close in 0 seconds

John Sarina


John is responsible for driving enterprise sales through our channel partners at Transientx.

Prior to Transientx, John has held sales leadership roles for notable startups NetScreen/Juniper, Riverbed, PaloAlto Networks. Johns experience bringing new disruptive technologies to market has yielded over $500 Million in revenue contribution.

This will close in 0 seconds