Email is a prime target for cyber attackers looking to gain access to your organisation.
It’s no surprise. Email is so critical to day-to-day business.
With increasingly sophisticated malware campaigns being launched daily and data breaches constantly on the rise, how can you be sure your email environment isn’t exposed? With Advanced Threat Protection for Office 365, Microsoft answers your call.
Microsoft has proven its commitment to cyber security over the past few years, and recently announced that it would continue to invest over $1bn in the area in 2017. In addition to bolstering Windows 10 and its Azure cloud platform, the software giant has also introduced a host of measures to improve the security features of Office 365 in recent times. One of the most successful of these features is Advanced Threat Protection.
Originally released as ‘Exchange Advanced Threat Protection’ in 2015 and since renamed, Office 365 Advanced Threat Protection is a technology package which hardens your email environment’s vulnerability to malicious malware and clickable web links. It complements the security features of Exchange Online Protection and Advanced Threat Analytics, dealing with threats that your antivirus software won’t yet have registered, and ensuring zero-day protection around sensitive data shared by email.
Most businesses will use their mailboxes as a way to allow employees, and sometimes external parties, to share files with each other as attachments. It’s crucial to the effective and efficient running of an organisation that employees can access and use email services freely and easily; but, with malware being as common and sophisticated as it is these days, mailboxes also exist as potential surfaces for a malicious cyber attack.
Advanced Threat Protection helps resolve this problem by means of a feature called Safe Attachments, which opens any document attached to an email in a cordoned-off virtual environment, in which it then analyses the file for suspicious properties. If deemed unsafe or malicious, attached files are moved out of your inbox and into a ‘detonation chamber’.
“How does ATP know if an attachment is malicious?”
Essentially this means it takes the suspicious attachment and places it in a virtual environment that’s extremely sensitive to any change detected within it. Here, it executes the attachment safely and without risk, and monitors exactly what it does once executed.
You might be wondering – how does ATP know if an attachment is malicious? Well, there are certain common behaviours that pieces of malware will likely do in pursuit of access to your organisation. This might be establishing a command-and-control communication channel through which to harvest and store desired information, or creating persistence on a user’s machine; there are a range of expected suspicious activities, and ATP is wise to them all.
If there’s anything about files that are sent to your mailbox that is detected as malicious, the attachment isn’t presented to the user. You’re left with a clean inbox, and options for further responsive action.
In addition to attached files, ATP also monitors links or URLs that are included in or attached to an email, using a component called Safe Links. Expanding on the content-scanning capabilities of Online Protection, Safe Links protects your email environment with immediate effect when links are clicked on by users.
While the content to which the monitored link directs is being scanned, the URL under scrutiny is rewritten so that it goes through Office 365. The URLs are examined in real time, at the exact time a user clicks them, meaning no time or productivity has to be lost in order to ensure protection. If a link is deemed to be unsafe within ATP, the user receives a warning not to visit the site, or a notification that the site has been blocked.
This feature also offers extensive reporting capability, meaning you can easily and comprehensively understand what’s happening in your organisation and who’s been receiving malware. You’re given full visibility. It’s an incredibly powerful feature, and one we can expect to continue evolving and adapting on an almost weekly basis.
So what happens with the security findings Advanced Threat Protection makes when it’s performing all these checks and scans? In order to give admins visibility into each potentially dangerous click within the company, the details that ATP uncovers are aggregated into rich reports.
This means you’ll have critical insights into who within your organisation is being maliciously targeted, as well as the category of the attacks you’re up against. Messages that get blocked and individual malicious links contained within them are all traceable once detonated for safety, meaning that – as well as protecting your email environment for you in the immediate instance – ATP also arms you with the information needed to carry out your own responses thereafter.
Today’s malware-laden climate might very well present you with a daunting prospect: whether you shut your mailbox down or open it up to a breach, you risk a disastrous stop to productivity and, potentially, further damaging losses beyond that. The easiest way to ensure this doesn’t happen to your organisation? Office 365 Advanced Threat Protection.
Harness the power to properly safeguard your mailbox, or risk falling victim to malicious activity beyond your control.
Next, watch our conditional access and MFA webinar on-demand and learn why these technologies are key to securing your organisation’s assets.
Or download ‘The business case for cyber security’ e-Guide for best practice on how to take a proactive and pre-emptive approach to tackling the issue.
Visualise your current security and privacy position, get an improvements roadmap and obtain buy-in at board level.Learn more
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.
Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".Continue to ThirdSpace
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.