Applying “global intelligence” to enforce security and compliance across your business with Office 365 E5
Office 365 provides unmatched security intelligence to help businesses protect, detect and respond to threats. This should come as a good news for businesses using or looking to move to Office 365. Given the explosive growth in data production and the need to have access to this data 24/7/365 and from any device, IT is tasked with securing this corporate data whilst making it easier than ever for authorised users to access it…
Of course, to stay ahead of the evolving threat landscape, businesses need the ability to analyse and learn from that data in order to identify, intercept and respond to threats.
Vast Improvements to Office 365 Advanced Threat Protection
At the recent series of Partner Events around the globe, Microsoft has announced several enhancements coming in the coming months to what Microsoft calls their Intelligent Security Graph which manifests itself into the Advanced Security features within Office 365. These include:
- Brand New reports—To provide better and easier to digest insights to malware activity. IT Security Teams will soon have a new reporting dashboard to see details of any malware that Office 365 Advanced Threat Protection is analysing.
- Dynamic delivery—One of the down-falls of “scanning and detonating” attachments to see if they are safe is performance. Microsoft has announced that better performance and lower latency for emails with attachments is coming very soon. Users will now see a placeholder while attachments are scanned in a sandbox environment and only if deemed safe, will the attachments be re-inserted into the email.
- URL detonation—This will build on the attachment detonation feature but will apply to URLs – providing the best possible protection against malicious URLs. Not only will Office 365 now check against a list of malicious URLs when a user clicks on a link, but Office 365 will now also perform real-time behavioural malware analysis in a sandbox environment to identify any malicious links. URL reputation checks are already part of Advanced Threat Protection today and URL detonation which is about to enter preview will add to this protection.
- Broader protection across the rest of Office 365—Advanced Threat Protection will be extended to include protection for other Office 365 services including SharePoint Online, Word, Excel, PowerPoint and OneDrive for Business.
Note: Advanced Threat Protection is available now as part of Office 365 E5 or as add-on to any Office 365 Enterprise plan. Windows 10 ATP is available as part of Microsoft’s Secure Productive Enterprise.
Global Threat Intelligence
We know attacks are going to happen and we know no business is safe against the threat of cyber-attack, but businesses today are being targeted with increasingly sophisticated attacks.
Microsoft announced at their Ignite Conference in Atlanta, Threat Intelligence, which helps IT proactively uncover and protect against advanced threats by analysing billions of data signals across both the Office consumer and Office commercial services as well as signals from it’s Windows 10 Desktop and Azure Cloud Services. Microsoft Threat Intelligence also provides deep insights from cyber threat hunters to create a comprehensive view of malware trends around the world.
IT and Security will be presented with a dashboard that contains rich insights to allow them to perform deep investigation of malware. Threat Intelligence will also be able to integrate data with the businesses existing security management and SEM tools.
Threat Intelligence will not only alert security admins, it will proactively create and “suggest” security policies to help protect the business against malware. For example, if analytics show that attacks are happening in the financial industry, the service will alert businesses in the financial services industry to the trend. Threat Intelligence will then dynamically create and suggest additional security policies to help protect the business before these new attacks get to their network.
Rob Quickenden, Chief Strategy officer at Cisilion