Protect your business email with Office 365 Advanced Threat Protection
Email is one of the preferred ways for cybercriminals to introduce malware into computers through attachments or links to malicious websites. These threats are masked in mails of false offers of employment, notifications of fines, alerts of overdue payments and even come from affected senders that are of our confidence. In short, falling into the trap of these attacks is very simple .
Advanced protection with Office 365
Office 365 already provides companies with basic security measures that protect email against spam, malware and known viruses. However, as hackers launch increasingly sophisticated and damaging attacks, companies need new tools capable of neutralizing them. For this, Microsoft offers Office 365 Advanced Threat Protection (ATP) , a tool that enriches the security of the platform providing protection against advanced threats.
What is Office 365 ATP?
Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your mailboxes against any kind of sophisticated attack and offers an immediate response to zero-day attacks ( Attack exploits an unknown vulnerability ). Also, a few days ago Microsoft announced that it extends the advanced protection against file attacks from SharePoint Online, OneDrive for the company and Microsoft Teams. In this article, we will discuss each of the capabilities included in this powerful Office 365 security solution.
Protection against unsecured attachments
ATP includes two protection features, Safe Attachments and Dynamic Delivery. With Safe Attachments , attachments undergo real-time malware behavior analysis that uses machine learning techniques to evaluate them for suspicious activity. If no suspicious activity is detected, the file is released for delivery with a minimum delay time.
Dynamic Delivery , allows the user to read and reply to the email while his / her attachment is being scanned, thus avoiding the user's productivity penalty. The service delivers the mail to the recipient with a message indicating that the attached file and its progress are being scanned.
Microsoft is working on a new Dynamic Delivery functionality that will show a preview of the file it is scanning, further minimizing work interruptions for the user.
Protection against malicious links
Office 365 security tools scan messages in transit, blocking any malicious hyperlinks before the user can click. However, in the most advanced attacks these malicious urls are hidden in seemingly secure links that reach the recipient. For this, ATP has two features, Safe Links and Url detonation , which act when the user clicks on the link, performing a reputation check and link analysis in real time, blocking the link if it is malicious.
The links of malicious links are applied to the links included in the body of a message and those included in Office documents, such as Word, Excel, PowerPoint and Visio.
When the user clicks on a malicious URL, ATP automatically begins the scan, showing the user screens that inform about the situation. The protection of that link remains, blocking it every time the user clicks.
Protection against identity theft (Anti-Phishing)
New functionality that protects us from phishing attacks that come from people that we know a priori but in reality they are not the ones who sent us the mail (this is what is called attack based on impersonation ). This type of phishing attacks are extremely dangerous because the recipient, when the mail comes "theoretically" from who looks like a member of their organization, usually trust and easily fall into deception. If our domains are well configured, an impersonation using exactly our domain should not be possible, but Office 365 ATP intercepts as impersonation attempts also those senders who are not correct, they confuse to be very similar (For example, we receive an email from a sender "firstname.lastname@example.org", when in reality, if this user existed, it would be "email@example.com".
Once activated this new advanced functionality (the policy is not activated by default ), automatically the system gradually learns how each user communicates with others inside and outside the organization, applying predictive artificial intelligence and finally protecting all users with Office 365 ATP license (even up to 20 external addresses).
Get advanced reports and track message links
ATP offers extensive information and tracking capabilities that provide managers with an insight into the type of attacks that are occurring in the company with information on who is the target in your company, the malware and spam sent or received in the company and the category of the attacks you face .
Advanced reports allow you to investigate messages that were blocked due to an unknown virus or malware:
The URL tracking feature allows you to perform an analysis of malicious links that have been clicked:
How to acquire Office 365 Advanced Threat Protection?
ATP is included in the Office 365 Enterprise E5 version and can be added to the following Office 365 plans that have an email license, namely:
- Exchange Online Plan 1 and plan 2
- Exchange Online Kiosk
- Exchange Online Protection
- Office 365 Essentials
- Office 365 Premium company
- Office 365 Enterprise E1 and E3
- Office 365 Enteprise K1
From Softeng we offer you our experience and our services to help you draw and agree on the most appropriate strategy to implement security solutions in the cloud that ensure the continuity of your business .
You want to know more? Contact us to discover how to protect your company!
Yes, I want to know more!