Glu’s security team decided to prioritize an email security solution that is easy to use, automated, and would cover the gamut of ever-changing email threats their organization and customers face on a daily basis.
Microsoft 365 E5 with Valimail Enforce™ and Defend enabled Glu to achieve its optimal security posture without shifting priorities and without the risk of manual configuration errors.
Glu received immediate benefits from ATP upon configuration. And, within 60 days, Glu reached DMARC enforcement, completely eliminating the possibility of exact-domain phishing attacks against the brand.
With a history spanning over a decade, Glu is a leading creator of mobile games. Glu’s diverse portfolio features top-grossing and award-winning titles available worldwide on various platforms including the App Store and Google Play. One of Glu’s core values is ‘Trust Each Other,’ and the company has extended that value by creating a trusted email ecosystem through a layered approach that includes email authentication, a key component of which is DMARC enforcement.
Dominic Martinelli, Vice President of Customer and Technical Operations, and John Fox, Senior Security Engineer, lead the team responsible for IT, DevOps, cybersecurity, corporate infrastructure, incident breach management, security controls, and customer care. They were eager to implement a best-of-breed email security solution. They looked at many solutions, but when they scoped the amount of work required, it was clear that it would require re-allocating resources from other initiatives. They needed a solution that was automated, easy-to-configure, and could stop modern email attacks.
DMARC was frequently a topic of discussion, but the conversation always came back to the amount of work that implementing it and the associated standards would take. “DMARC was pretty challenging to manage with setting up all of the SPF and DKIM rules,” says Fox. “A big fear of ours was that if DMARC was done incorrectly we’d block the spoofed emails — but also block legitimate email and create more pain,” says Martinelli.
After discovering the integration between Valimail and Microsoft, it was clear that they had found the solution their team needed. It would enable Glu to deploy and maintain an email authentication project quickly without the risk associated with trying to build a workable solution themselves. “The solution itself is solid, and Valimail has been there to provide support whenever needed,” says Martinelli. “It finally felt like we had a safe, effective, and efficient way to upgrade our email security and implement DMARC.”
Further, Microsoft ATP Safe Links and Safe Attachments gave Glu the peace of mind that it could rely on Microsoft technology rather than people to examine malicious links and attachments. Users are blocked or notified when they click on a link deemed unsafe. And any unsafe attachments are sent to a detonation chamber prior to being passed along to the user.
Within 60 days, Glu was able to achieve DMARC enforcement as well. Without Valimail’s automated platform in place, DMARC projects usually take over 12 months and have only a 20 percent success rate. By contrast, Glu found that even with its complex infrastructure, the implementation process was simple and allowed the team to achieve protection quickly. “It was pretty seamless,” says Fox of the 60-day process. “We immediately improved our visibility and could confidently move to an updated enforcement policy that was applied by our M365 environment.”
Having already deployed Valimail Enforce at full enforcement, Glu added Valimail Defend to their existing environment. Both products integrate with Microsoft 365 so they work together with a simple configuration change. Glu was able to stop malicious email attacks and see global email data immediately upon configuration
Glu has the certainty of knowing that if bad actors are attempting to send fraudulent emails in their name, they will never reach anyone’s inbox. Employees, customers, and partners can be confident that any email coming from a Glu domain can be trusted. Martinelli says, “With phishing attacks becoming more sophisticated, and email increasing in popularity as an attack vector, it creates a sense of comfort to know that we have mechanisms in place to stop these types of attacks cold.”