The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency and international cybersecurity partners, issued guidance on Thursday to help cyber defenders better defend on-premises Microsoft Exchange servers against exploitation.
The Microsoft Exchange Server Security Best Practices guide recommends proactive prevention techniques to address cyber threats and protect sensitive information within on-premises Exchange Servers as part of hybrid Exchange environments.
The guidance builds upon CISA’s emergency directive issued in August that directed federal agencies to take mitigation steps to deal with a “high-severity vulnerability” in Microsoft Exchange.
“With the threat to Exchange servers remaining persistent, enforcing a prevention posture and adhering to these best practices is crucial for safeguarding our critical communication systems,” Nick Andersen, executive assistant director for the Cybersecurity Division at CISA, said in a press release. “This guidance empowers organizations to proactively mitigate threats, protect enterprise assets, and ensure the resilience of their operations.”
“Furthermore, CISA recommends that organizations evaluate the use of cloud-based email services instead of managing the complexities associated with hosting their own communication services,” Andersen added. “CISA provides secure baselines for these [cloud-based services] through our Secure Cloud Business Applications (SCuBA) program.”
Andersen joined Palo Alto Networks’ Public Sector Ignite event in Tysons, Va., on Thursday morning, where he shared more details on the guidance.
He said the guide is meant to help organizations understand the evolving nature of the threat and take specific actions to mitigate it.
“On-prem Exchange, naturally, is an older way of doing business, but it’s a core, critical way of doing business for a lot of organizations,” Andersen said during the event. “For those that are continuing to do business in that way, we want to provide them with specific, actual recommendations that they can take back and implement within their environments.”
“It’s about being able to collaborate with that private sector entity, being able to collaborate with the international community, being able to talk inside the federal family and say, ‘Here’s real risk. How are we going to manage it actively today?’” Andersen said.
In the press release, CISA noted that it has issued 20 joint cybersecurity advisories and threat intelligence guides with its Five Eyes allies – the United Kingdom, Canada, Australia, and New Zealand – under the Trump administration.
“Even amid a prolonged government shutdown riddled with partisan rhetoric, CISA remains dedicated to safeguarding critical infrastructure by providing timely guidance to minimize disruptions and to thwart nation-state threats,” said Madhu Gottumukkala, CISA’s acting director.