E-mail and messaging applications are one of the preferred avenues for cybercriminals to introduce malware onto computers through attachments or links to malicious websites. These threats are masked in emails of false job offers, notifications of fines, alerts of payments due and even come from affected senders that we trust. In short, falling into the trap of these attacks is very simple .
Advanced protection with Microsoft Defender for Office 365
Office 365 already provides businesses with basic security measures that protect email from known spam, malware, and viruses. However, as hackers launch increasingly sophisticated and damaging attacks, companies need new tools capable of neutralizing them. For this, Microsoft offers us Microsoft Defender for Office 365 , formerly Office 365 ATP, a tool that enriches the security of the platform by providing protection against advanced threats.
What is Microsoft Defender for Office 365?
Defender for Office 365 is Microsoft’s cloud-based service that protects against phishing, spoofing, and other sophisticated malware attacks through malicious links delivered through email and Office collaboration tools. 365, including SharePoint Online, OneDrive for Business, and Microsoft Teams. It offers comprehensive protection by offering surveillance throughout the entire life cycle of an attack:
- Prevention , filtering targeted attacks against corporate email, credential spoofing, ransomware, and advanced malware.
- Detection of malicious and suspicious content through artificial intelligence, correlating attack patterns to identify danger.
- Threat analysis through a control panel, to track attacks on the environment.
- Response and correction , allowing to automate responses to incidents that occur.
In this article, we are going to discuss each of the capabilities included in this powerful Office 365 security solution.
Protection against insecure attachments
Microsoft Defender for Office 365 includes two protection capabilities, Safe Attachments and Dynamic Delivery. With Safe Attachments , attachments are subjected to real-time malware behavior analysis that uses machine learning techniques to evaluate them for suspicious activity. If no suspicious activity is detected, the file is released for delivery with minimal delay time.
Dynamic Delivery , allows the user to read and respond to the mail while its attachment is being scanned, thus avoiding the penalty in user productivity. The service delivers the mail to the recipient with a message indicating that the attached file is being scanned and its progress.
Additionally, Dynamic Delivery displays a preview of the file it is scanning, further minimizing work interruptions for the user.
Protection against malicious links
Office 365 security tools scan messages in transit, blocking any malicious hyperlinks before the user can click. However, in the most advanced attacks these malicious urls are hidden in seemingly safe links that reach the recipient and in which even the most discerning user can fall victim to them.
Generic mail that includes various malicious links hidden in apparently safe links.
To deal with these malicious techniques, Defender for Office 365 has two functionalities, Safe Links and Url detonation , which act when the user clicks on the link, performing a reputation check and analysis of the link in real time, blocking the link in case it’s malicious.
When the user clicks on a malicious URL, Microsoft Defender for Office 365 automatically begins the scan, showing the user screens reporting the situation. The protection of that link remains, blocking it every time the user clicks.
Microsoft has taken a big step in the protection coverage of Microsoft Defender for Office 365 by adding the Internal Safe Links functionality. This ability protects users from malicious links sent between people in the same organization.
Internal Safe Link acts the same as Safe Link ; When a user clicks on a link, the tool analyzes it in real time and blocks it if it is malicious. This functionality deals with the scenarios in which someone impersonates the identity of a person in our organization, also preventing emails from leaving it.
Protection against identity theft (Anti-Phishing)
This functionality that protects us from phishing attacks that come from people we know a priori but in reality they are not the ones who have sent us the mail (this is what is called an attack based on impersonation). These types of phishing attacks are extremely dangerous because the recipient, when the mail “theoretically” comes from someone who seems to be a member of your organization, tends to trust and easily fall into deception. If our domains are correctly configured, an impersonation using exactly our domain should not be possible, but Microsoft Defender for Office 365 intercepts as impersonation attempts also those senders that, being incorrect, confuse because they are very similar (For example, we received an email from a sender “zperez@softegn.es”, when in reality, if this user existed, it would be “zperez@softeng.es”.
Once this new advanced functionality is activated (the policy is not activated by default ), automatically the system gradually learns how each user communicates with others inside and outside the organization, applying predictive artificial intelligence and finally protecting all users. Microsoft Defender for Office 365 licensed users.
Protection against spoofed emails from external domains (Anti-Spoofing)
This ability helps detect and block spoofed emails from external domains . Spoofing is a malicious spoofing technique that occurs when an email message originates from someone who is not who they claim to be.
To combat this type of attack, Defender for Office 365 includes a system capable of detecting spoofed emails through:
- Detection of the security settings of the source domain: By activating this functionality, Office 365 will only accept emails that come from domains that are not vulnerable to being spoofed. Specifically, for each new email that arrives at our company, check that the sender’s domain has the correct security settings *, guaranteeing that it has been sent from an account that really belongs to that domain. Otherwise, if we receive emails that come from domains without these well-configured protocols, Microsoft Defender for Office 365 blocks these emails, preventing them from reaching our users.
* SPF, DMARC, and DKIM are the standard email authentication protocols that help protect against spam and phishing
- Reputation filters: Check the safe sender lists and the history of previous submissions from that domain.
- Anomaly Patterns: Checks for pattern anomalies by comparing with previous submissions from that domain.
Get advanced reports and track links in messages
Microsoft Defender for Office 365 offers extensive reporting and tracking capabilities that provide administrators with insight into the type of attacks that are occurring in the organization with information from who is the target in your company, malware and spam sent or received in the company and the category of attacks you face.
Advanced reports allow you to investigate messages that were blocked due to an unknown virus or malware:
The URL tracking function allows an analysis of the links that users have clicked, also showing the blocked ones:
Collaborates safer
The ability of advanced protection for files that are shared from SharePoint Online, OneDrive for the company and Microsoft Teams offers companies a safer way to work, I m asking users to open or download malicious files.
How to acquire Microsoft Defender for Office 365?
Defender for Office 365 offers us two plans:
Microsoft Defender for Office 365 Plan 1: It is included in the Office 365 Enterprise E5 version and can be added in the following Office 365 plans that have a mail license, specifically:
- Exchange Online Plan 1 and Plan 2
- Exchange Online Kiosk
- Exchange Online Protection
- Microsoft 365 Business Basic
- Microsoft 365 Business Standard
-
Office 365 Enterprise F3
- Office 365 Enterprise E1 and E3
Microsoft Defender for Office 365 Plan 2: This plan combines all the capabilities of Plan 1 plus the Office 365 Threat Intelligence threat intelligence solution, it is included in Microsoft 365 Enterprise E5 and Office 365 Enterprise E5 .
From Softeng we offer you our experience and our services to help you draw up and agree on the most appropriate strategy to implement security solutions in the cloud that ensure the continuity of your business .
You want to know more? Contact us to find out how to protect your company!