A couple of weeks ago I wrote about phishing attacks and how to spot them.  This week I watched a webinar from Microsoft about their Office 365 Advanced Threat Protection (ATP) Service, which does a lot of that work for you.  And then some!  Microsoft’s ATP Service protects 3 times more users than all other competitors combined.  In fact, 3 times more than the next closest competitor.  Considering that phishing campaigns have spiked over the past couple of years, this kind of cyber security omnipresence is music to our ears.

What does it cover?

Microsoft’s Office 365 ATP Service protects all areas of the Office 365 platform:  Word, Excel, Outlook, SharePoint, Teams, etc.    When a threat is uncovered in one area, Microsoft shares that discovery and subsequent solution across all other components.  For example, if a threat is picked up in an email, Microsoft will analyze it, create a protective solution, and then send that solution back not just to Outlook, but also to the rest of the components of Office 365.  They even share it outside the Office platform (to Windows, Bing, Azure and so on.)    Microsoft calls this pooling of detected threats and sharing of solutions “Threat Intelligence”.

Education, education, education

The obvious goal of most administrators is to have a workplace filled with savvy users.  Those users know how to stay clear of incoming threats to begin with.  With Office 365’s ATP and Threat Intelligence services, administrators can simulate phishing attacks on end users as part of the educational process.  Likewise, they can also simulate password attacks to make sure users have appropriately complex passwords. And administrators can apply a “Report Message” plug-in and allow end users to apply what they’ve learned and report potential phishing attempts.  Other than the obvious analysis of the senders of the phishing messages, this reporting method also allows for analysis of the recipient who did the reporting.  Does he report a lot of these types of messages?  Is there something about his online behavior or setup that is causing him to be more vulnerable to attacks?

Protection every step of the way

Office 365 ATP Service offers comprehensive mail flow protection.  As a message enters the system, it applies cross-domain authentication and weans out spoof sites (fake websites that appear to be coming from legitimate organizations).   Microsoft has also added two new features in its quest to stop bogus senders from hitting their targets: Office 365 ATP Service User Impersonation Detection and Domain Impersonation Detection.   They compile and share the information gathered from any discoveries to build a sort of online “reputation” for specific senders.

But even after mail is delivered to its intended recipient (if the above-mentioned methods did not detect any problems at the level of the sender’s identification), the threat of a weaponized message still exists. What I’m talking about is an email that appears to have benign content, but one click of a link or opening of an attachment could change all that.   This is where Post-Delivery Protection kicks in.    Office 365 has “Time of Click” protection, Safe Link for internal mail, multi-factor authentication measures, and Enhanced Safe Links for Office clients.  (Thus the “and then some” reference at the beginning of this post.)

Better safe than sorry!

You can add on Microsoft Office 365 Advanced Threat Protection Service to your Office 365 subscriptions for a nominal per-user fee.  Give yourself peace of mind knowing you are helping to protect your organization’s data at every turn.  You can read in more detail about what Microsoft has to offer by way of protection here:  https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-atp.  And if you already know you’re ready to add on these protections services and would like a quote, just let us know at sales@cgnet.com./