HornetSecurity 365 Total Protection review: Keeping email squeaky clean

Tough email protection for Microsoft 365 that’s simple to deploy, easy to manage and very affordable

HornetSecurity 365 Total Protection screenshot

IT Pro Verdict


  • +

    Very good value

  • +

    Swift on-boarding

  • +

    Sophisticated email security features

  • +

    Excellent reporting services


  • -

    Nothing noteworthy

Microsoft 365 is the dominant cloud email and collaboration service, and the recent rapid move to hybrid and home working has increased its usage enormously. Unfortunately, this popularity has a downside: although Microsoft does provide built-in email security features, they are comparatively basic, making the platform a juicy target for cybercriminals.

It isn’t advisable to rely only on your cloud provider for security either, as businesses are ultimately responsible for the safety of their own data. So it makes sense to adopt a defence-in-depth strategy, and HornetSecurity 365 Total Security is one provider that aims to offer complete email security solution.

HornetSecurity 365 Total Protection: Features and on-boarding

HornetSecurity offers two packages: the Business option costs €2 per user per month and provides essential security services, such as spam and malware protection, content controls, compliance filters and live tracking of email, while the Enterprise package increases monthly costs per user to €4 but enables a heap of compliance features. In particular, while Microsoft 365 isn’t great at email archiving, HornetSecurity improves matters enormously with legally compliant real-time archiving, fast eDiscovery services, a whopping 10-year maximum retention period and unlimited archive space for each user.

Encryption comes as standard with both packages, with support for global S/MIME and PGP. Businesses working with partners that don’t normally use encryption will also appreciate the WebSafe service, which allows users to send encrypted emails that can be safely opened using a web browser.

Setup is fast too. HornetSecurity claims a 30-second on-boarding process, and we found this to be quite feasible. You simply need to change your domain MX records, go to the registration link provided, input your credentials and leave the automated setup routine to create the required connectors to route your inbound and outbound mail through the HornetSecurity servers.

HornetSecurity 365 Total Protection review: Instant protection

Full spam and malware protection starts immediately. The service is enabled by default, and the only options available are to decide whether dodgy messages should be quarantined or tagged for onward processing. The "infomail" filter uses over 15,000 heuristics to weed out nuisances such as newsletters or mass marketing campaigns, and this can be globally disabled or set so users can decide whether they want to use it.

The administrative cloud portal is easy to navigate, opening with a live email-tracking view which is far more informative than the Microsoft 365 reporting service. It shows all email activity for the selected period and assigns a colour code to each message to denote whether it has been classified as clean, spam or infomail, whether it contains malicious content or an infected attachment, or whether it has been rejected by custom filters.

HornetSecurity 365 Total Protection screenshot

You can drill down to find certain types of message by applying filters such as direction, delivery status or size; selecting the colour legend icons at the top instantly changes the view so you only see emails with those classifications. Any individual email can be inspected by selecting its icon, which opens a menu for viewing the header and content, releasing it, adding the sender to deny or allow lists and reporting it as spam.

Users can take advantage of the self-service features by logging in to a personal portal with their Microsoft 365 credentials, reviewing emails and releasing them if permitted. Along with graphical reports of mail activity in their portal, quarantine reports can be emailed out at regular intervals and show all spam activity plus quarantined attachments with quick links to review and deliver them.

HornetSecurity 365 Total Protection review: Security settings

The portal’s security settings page provides a single point for configuring all the HornetSecurity services. Both packages provide content control, which can remove attachments that are encrypted or contain executables and block Word, Excel and PowerPoint attachments with macros.

You can supplement this with custom lists of forbidden attachment file types, or restrict emails to a maximum size, and separate settings can be applied for inbound and outbound mail flows.

There's also a compliance filter, which uses inbound and outbound rules to look for specific keywords in messages, and reject them if found. Simple rules look for keywords in the message header or body, while advanced rules can be applied to senders, recipients, IP addresses, hostnames and attachments.

We tested this with an outbound rule and found it worked exactly as promised: any messages sent by our users that contained our keyword in the subject line showed as rejected in the live mail tracking screen. The senders meanwhile received a message stating that the recipient’s mail domain had rejected the message as spam, with no indication that HornetSecurity was working behind the scenes.

HornetSecurity 365 Total Protection review: Advanced features

The ATP (advanced threat protection) service in the enterprise package uses multiple methods to combat emails containing malicious URLs, content or attachments, along with spear phishing attacks.

For one, web links are automatically rewritten using a secure proxy to see what they connect to and scan for potential threats. When our users clicked on web links in our test emails, a browser opened with a stripped-down view of the web site: clicking on a link at the top allowed the site to be checked by the ATP scanner before the full web site was presented.

Then there's the ATP sandbox, a secure virtual environment where HornetSecurity opens suspect emails, checks their contents and sends back forensic reports including PCAP traffic dumps and screenshots. The targeted forensics filter protects against spear phishing by analysing message contents to determine intent and spot spoofed addresses.

Businesses caught out by 2020s four-hour Microsoft 365 outage will also find the enterprise continuity service of great interest. It’s enabled in the portal for entire domains or specific users, and kicks in when normal services go down; during these times, HornetSecurity routes all mail through its own emergency servers, retains copies for up to three months and automatically merges them back when services return.

HornetSecurity 365 Total Protection review: Verdict

We tested 365 Total Protection for nearly a month, and during this time absolutely nothing slipped past its mail defences. That's a very impressive performance, and it’s easy to deploy and manage too, with plenty of options for customisation. It's a true enterprise-class email protection service at a price SMBs can afford.

Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.