Guest post by Conor Magee, Solutions Consultant, Ergo
Email remains top of the list for hackers and cybercriminals looking to gain access to restricted systems or data. Traditionally this has comprised of emails infected with malware and viruses, sent either out to databases of random addresses or targeted to a specific organisation or individual. The standard defence against this type of attack is using email filtering solutions that scan against a continuously updated list of known threats.
With the constantly increasing number of viruses and malware, this type of protection is as important as ever. On top of this, there are a new set of challenges that need to be addressed – unique threats hidden within email attachments, including rapidly changing malware and zero day attacks, and malicious URLs in the body of emails. These are designed to avoid standard protection by behaving in a way that does not flag them as a threat and once delivered to the user, have a high chance of successfully infecting the target network.
Microsoft Office 365 offers inbuilt, robust protection against traditional email threats through “Exchange Online Protection”, which is enabled on all existing Exchange Online mailboxes by default. This email filtering service uses multiple scanning engines and the latest virus definitions on each email to effectively defend against these infections.
Office 365 Advanced Threat Protection
Defending against threats that have not been seen before requires a proactive approach to email scanning. Office 365 “Advanced Threat Protection” provides in depth scanning services for attachments and URLs using technologies called Safe Attachments and Safe Links.
Safe Attachments takes incoming email attachments and opens them within a special environment to monitor their activity. This service simulates a number of different operating systems to maximise the chance that novel viruses and malware are identified and blocked before they get anywhere near your network. Suspicious attachments are then blocked and stripped out of the email before it is sent on to the destination mailbox for delivery.
Safe Links follows all web links within an email to their final destination to determine if they lead to any malicious sites or content. This provides security against links that first go to a legitimate site but are automatically redirected to a malicious site thereafter. Any dangerous links are disabled within the email before it is delivered to the end user, allowing the content to be safely viewed. Included with Safe Links is the ability to generate a report containing the users that have attempted to follow the disabled links. This allows organisations to identify users that are potentially vulnerable to malicious emails and to provide information on how to recognise these emails in future.
For organisations that have Office 365 Enterprise E5 licensing in place, these Advanced Threat Protection services are already included as part of the licensing package and just need to be configured and enabled. For organisations that have Exchange Online, Enterprise E1 or E3 licensing, Advanced Threat Protection can be added as a standalone license, adding an additional layer of security to existing email services.