Gone Phishing? Protect Yourself with Microsoft’s ATP
The practice of phishing is increasingly being used to gain illicit access to organizations’ sensitive data and communications. The big news from Microsoft Ignite this year is Microsoft has stepped up to address the escalating phishing issue with the latest enhanced release of Advanced Threat Protection (ATP) for Office 365, Windows and Azure. The latest Advanced Threat Protection (ATP) now uses machine learning to detect and block phishing messages before they hit your inbox.
Phishing is a tried and tested method of gaining access to an organization’s information. It has been a trusted tacit for hackers, attackers and cyber-invaders much longer than most organizations realize.
The first documented cases of phishing occurred on AOL in the mid-nineties. Hackers used various tools and tricks to impersonate AOL admins in an attempt to trick users into divulging their passwords. Once they got a bite, they could then attempt to find any credit card information associated with that account.
The success of phishing is due to its reliance on human error. The most advanced security systems in the world can be penetrated by hackers if they can convince Mark in accounting that he’s communicating with his manager/boss or colleague. Given this, it is often considered a primitive attack that only affects the least savvy users. But human error does not equal human incompetence. Anyone, and I mean ANYONE can be phished.
So without removing these email and other tools altogether, how can you feel assured the members of your organization aren’t being targeted? That’s is the advantage of Advanced Threat Protection [ATP] from Microsoft.
Advanced Threat Protection to the Rescue
The latest release of Advanced Threat Protection [ATP] was heavily showcased at this year’s Microsoft Ignite conference. As the 1st Microsoft Cloud Partner in Canada, we were eager to learn how ATP’s various tools protect organizations from phishing attempts. These tools have been incorporated into several Microsoft products and may even be available to you right now.
Advanced Threat Protection for Microsoft Office 365
If phishing attacks are the baited hooks cast into the ocean to attract your fish (i.e passwords and other sensitive data), then ATP for Office 365 is a giant electromagnet preventing these hooks from even making it into the water. ATP’s new phishing detection uses a set of machine learning models, as well as impersonation detection algorithms, to make sure “phishers” don’t even make it into the inbox. More specifically, emails sent to your employees are checked against these models and algorithms determine whether the emails contain attempts to extract information from your users, and whether or not they are attempting to disguise themselves as something or someone they’re not.
Image Source: Microsoft Office 365 ATP
Specific examples of ATPs capabilities in Office 365 include:
- Safe Links: Malicious links are dynamically blocked while good links are accessible.
- Safe Attachments: Messages and Attachments are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent.
- Spoof Intelligence: detects when a sender appears to be sending mail on behalf of one or more user accounts within one of your organization’s domains.
- Quarantine: Messages identified by Office 365 as phishing mail are sent to quarantine, where authorized users can review, delete or manage email messages.
An obvious concern of this approach is that what may work for one organization may not necessarily work for another. Fortunately, Microsoft has created a system that can be tailored to your needs. For example, Global Administrators and Security Admins are able to define policies that specify which users should be protected from phishing attacks. These policies can be applied to different groups defined by manually created lists of email addresses, pre-existing email groups or even entire domains. What’s more, ATP can use Mailbox intelligence to create a map of how users in your organization communicate with each other and the outside world, allowing it to better detect impersonation attempts.
Windows Defender Advanced Threat Protection (ATP)
If the aforementioned hook does manage to land a “fish,” it’s important that the targeted organization is able to respond in a timely and effective matter. Windows Defender ATP assists with this, not only using sophisticated behavioral alerts to detect attacks, but also giving admins the necessary tools to determine the type of attack, its source and its consequences.
More specifically, using the Windows Defender ATP console, admins can pinpoint malicious file downloads (and where they come from) as well as whether users visited a credential-stealing site. What’s more, data gathered by ATP can be used retroactively to identify phishing attacks that may have previously gone unnoticed.
Advanced Threat Protection for Microsoft OneDrive, Teams, SharePoint
Last, but certainly not least, there are Advanced Threat Protection Tools for Microsoft One Drive, Teams and Sharepoint. With employees increasingly relying on these tools, it’s critical that these platforms provide a safe environment for collaboration.
In short, when a file is shared in any of these tools, ATP uses sharing and guest activity events, along with smart heuristics and threat signals to identify malicious files. These files are then blocked (as indicated in the below image) meaning that regular users are unable to open, copied, moved or shared. They can only be deleted. However, users with the necessary permissions are able to view these filed in quarantine. Depending on their evaluation, the files can either be downloaded, released, reported or deleted.
Image Source: Microsoft Advanced Threat Protection for Files/Documents
“No Phishing Zone” with ATP
As the 1st Microsoft Cloud Partner, an inaugural 100 FastTrack Ready Microsoft Partner as well as Western Canadian’s Leading Microsoft System Center Partner, Steeves and Associates has the expertise to help you configure and successfully leverage Microsoft’s latest enhanced ATP tools for your Microsoft 365 platform and Azure solutions. If you have questions, comments or would like to discuss implementing these Advanced Threat Protection tools, contact us at firstname.lastname@example.org or 1-888-952-8800.
Additional ATP Resources: