How does Advanced Threat Protection secure email in Office 365?

Because email is so critical to day-to-day business, it’s become a prime target for cyber attackers looking to gain access to your organisation. With increasingly sophisticated malware campaigns being launched daily and data breaches constantly on the rise, how can you be sure your email environment isn’t exposed? With Advanced Threat Protection for Office 365, Microsoft answers your call.

 

What is Advanced Threat Protection?

Microsoft has proven its commitment to cyber security over the past few years, and recently announced that it would continue to invest over $1bn in the area in 2017. In addition to bolstering Windows 10 and its Azure cloud platform, the software giant has also introduced a host of measures to improve the security features of Office 365 in recent times. One of the most successful of these features is Advanced Threat Protection.

Originally released as ‘Exchange Advanced Threat Protection’ in 2015 and since renamed, Office 365 Advanced Threat Protection is a technology package which hardens your email environment’s vulnerability to malicious malware and clickable web links. It complements the security features of Exchange Online Protection and Advanced Threat Analytics, dealing with threats that your antivirus software won’t yet have registered, and ensuring zero-day protection around sensitive data shared by email.

Identifying malware and unsafe attachments

Most businesses will use their mailboxes as a way to allow employees, and sometimes external parties, to share files with each other as attachments. It’s crucial to the effective and efficient running of an organisation that employees can access and use email services freely and easily; but, with malware being as common and sophisticated as it is these days, mailboxes also exist as potential surfaces for a malicious cyber attack.

Advanced Threat Protection helps resolve this problem by means of a feature called Safe Attachments, which opens any document attached to an email in a cordoned-off virtual environment, in which it then analyses the file for suspicious properties. If deemed unsafe or malicious, attached files are moved out of your inbox and into a ‘detonation chamber’.

Essentially this means it takes the suspicious attachment and places it in a virtual environment that’s extremely sensitive to any change detected within it. Here, it executes the attachment safely and without risk, and monitors exactly what it does once executed.

You might be wondering – how does ATP know if an attachment is malicious? Well, there are certain common behaviours that pieces of malware will likely do in pursuit of access to your organisation. This might be establishing a command-and-control communication channel through which to harvest and store desired information, or creating persistence on a user’s machine; there are a range of expected suspicious activities, and ATP is wise to them all.

If there’s anything about files that are sent to your mailbox that is detected as malicious, the attachment isn’t presented to the user. You’re left with a clean inbox, and options for further responsive action.

Scanning and detonating malicious URLs

In addition to attached files, ATP also monitors links or URLs that are included in or attached to an email, using a component called Safe Links. Expanding on the content-scanning capabilities of Online Protection, Safe Links protects your email environment with immediate effect when links are clicked on by users.

While the content to which the monitored link directs is being scanned, the URL under scrutiny is rewritten so that it goes through Office 365. The URLs are examined in real time, at the exact time a user clicks them, meaning no time or productivity has to be lost in order to ensure protection. If a link is deemed to be unsafe within ATP, the user receives a warning not to visit the site, or a notification that the site has been blocked.

This feature also offers extensive reporting capability, meaning you can easily and comprehensively understand what’s happening in your organisation and who’s been receiving malware. You’re given full visibility. It’s an incredibly powerful feature, and one we can expect to continue evolving and adapting on an almost weekly basis.

Rich reporting and critical insights

So what happens with the security findings Advanced Threat Protection makes when it’s performing all these checks and scans? In order to give admins visibility into each potentially dangerous click within the company, the details that ATP uncovers are aggregated into rich reports.

This means you’ll have critical insights into who within your organisation is being maliciously targeted, as well as the category of the attacks you’re up against. Messages that get blocked and individual malicious links contained within them are all traceable once detonated for safety, meaning that – as well as protecting your email environment for you in the immediate instance – ATP also arms you with the information needed to carry out your own responses thereafter.

 

Conclusion

Today’s malware-laden climate might very well present you with a daunting prospect: whether you shut your mailbox down or open it up to a breach, you risk a disastrous stop to productivity and, potentially, further damaging losses beyond that. The easiest way to ensure this doesn’t happen to your organisation? Office 365 Advanced Threat Protection. Harness the power to properly safeguard your mailbox, or risk falling victim to malicious activity beyond your control.

To find out more about Advanced Threat Protection and the other security features available for Office 365, view a recording of our ‘Secure Productive Enterprise: What’s Inside Microsoft’s New Security Suite?’ webinar.