Protect your company's email with Office 365 Advanced Threat Protection
Email is one of the preferred ways for cybercriminals to introduce malware onto computers through attachments or links to malicious websites. These threats are masked in emails of bogus job offers, fines notifications, overdue payment alerts and even come from affected senders that we trust. In short, falling into the trap of these attacks is very simple .
Advanced protection with Office 365
Office 365 already provides businesses with basic security measures that protect email against known spam, malware, and viruses. However, as hackers launch increasingly sophisticated and damaging attacks, companies need new tools capable of neutralizing them. For this, Microsoft offers us Office 365 Advanced Threat Protection (ATP) , a tool that enriches the security of the platform by providing protection against advanced threats.
What is Office 365 ATP?
Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your mailboxes against any type of sophisticated attack and offers an immediate response to zero-day attacks ( attack that exploits an unknown vulnerability ). Additionally, Microsoft announced that it extends advanced file attack protection from SharePoint Online, OneDrive for Business, and Microsoft Teams. In this article we will discuss each of the capabilities included in this powerful Office 365 security solution.
Protection against insecure attachments
ATP includes two protection functionalities, Safe Attachments and Dynamic Delivery. With Safe Attachments , attachments undergo real-time malware behavior analysis that uses machine learning techniques to evaluate them for suspicious activity. If suspicious activity is not detected, the file is released for delivery with minimal delay time.
Dynamic Delivery allows the user to read and reply to email while their attachment is being scanned, thus avoiding the penalty on user productivity. The service delivers the mail to the recipient with a message indicating that the attachment and its progress are being scanned.
Microsoft is working on new Dynamic Delivery functionality that will preview the file you are scanning, further minimizing work interruptions for the user.
Protection against malicious links
Office 365 security tools scan messages in transit, blocking any malicious hyperlinks before the user can click. However, in more advanced attacks these malicious urls are hidden in apparently secure links that reach the recipient and in which even the most discerning user can be a victim of them.
Generic email that includes various malicious links hidden in apparently secure links.
To deal with these malicious techniques, ATP has two functionalities, Safe Links and Url detonation , which act when the user clicks on the link, performing a reputation check and analysis of the link in real time, blocking the link in case of make it malicious.
When the user clicks on a malicious URL, ATP automatically begins the scan, showing the user screens that report the situation. The protection of that link remains, blocking it every time the user clicks.
Microsoft has taken a big step in protecting Office 365 ATP coverage by adding the Internal Safe Links functionality. This ability protects users from malicious links sent between people in the same organization.
Internal Safe Link acts the same as Safe Link ; When a user clicks on a link, the tool analyzes it in real time and blocks it if it is malicious. This functionality addresses the scenarios in which someone impersonates the identity of a person in our organization, also preventing emails from leaving it.
I meanProtection against spoofing (Anti-Phishing)
New functionality that protects us from phishing attacks that come from people that we know a priori but in reality it is not they who have sent us the email (this is what is called an attack based on impersonation). These types of phishing attacks are extremely dangerous because the recipient, when the email comes "theoretically" from someone who seems to be a member of their organization, usually trusts and is easily deceived. If our domains are well configured, an impersonation using exactly our domain should not be possible, but Office 365 ATP intercepts as spoofing attempts also those senders who, being incorrect, confuse being very similar (For example, we received an email from a sender "firstname.lastname@example.org", when in reality, if this user existed, it would be "email@example.com".
Once this new advanced functionality is activated (the policy is not activated by default ), the system automatically learns gradually how each user communicates with others inside and outside the organization, applying predictive artificial intelligence and finally protecting all users. Office 365 ATP licensed users.
Protection against counterfeit emails from external domains (Anti-Spoofing)
This new capability helps detect and block counterfeit emails from external domains . Spoofing is a malicious phishing technique that occurs when an email message originates from someone who is not who they say they are.
To combat these types of attacks, Office 365 ATP includes a system capable of detecting counterfeit emails through:
- Detecting the security settings of the source domain: By activating this functionality, Office 365 will only accept emails that come from domains that are not vulnerable to being impersonated. Specifically, for each new email that arrives at our company, it checks that the sender's domain has the correct security settings *, guaranteeing that it has been sent from an account that really belongs to that domain. Otherwise, if we receive emails that come from domains without these well-configured protocols, Office 365 ATP blocks these emails, preventing them from reaching our users.
* SPF, DMARC and DKIM are standard email authentication protocols that help protect against spam and phishing
- Reputation Filters: Check lists of safe senders and history of previous shipments from that domain.
- Anomaly Patterns: Checks for anomalies in patterns comparing to previous submissions from that domain.
I meanGet advanced reporting and track message links
ATP offers extensive reporting and tracking capabilities that give administrators insight into the type of attacks that are occurring in the organization with information from who is the target in your company, malware and spam sent or received in the company and the category of attacks you are facing.
Advanced reporting allows you to investigate messages that were blocked due to an unknown virus or malware:
The URL tracking function allows an analysis of the links that users have clicked on, also showing blocked ones:
How to acquire Office 365 Advanced Threat Protection?
ATP offers us two plans:
Office 365 ATP Plan 1: It is included in the Office 365 Enterprise E5 version and can be added in the following Office 365 plans that have a mail license, specifically:
- Exchange Online Plan 1 and Plan 2
- Exchange Online Kiosk
- Exchange Online Protection
- Office 365 Essentials
- Office 365 Premium Business
- Office 365 Enterprise E1 and E3
- Office 365 Enteprise K1
Office 365 ATP Plan 2: This plan combines all the capabilities of ATP Plan 1 plus the Office 365 Threat Intelligence threat intelligence solution, included in Microsoft 365 Enterprise E5 and Office 365 Enterprise E5 .
From Softeng we offer you our experience and our services to help you map out and agree on the most appropriate strategy to implement security solutions in the cloud that ensure the continuity of your business .
You want to know more? Contact us to discover how to protect your company!
Yes, I want to know more!