Microsoft’s ATP

How to use Microsoft’s ATP offerings to secure your systems and find out which one is best for you


Do you use Microsoft 365 or Office 365?

With over 200 million active users each month, it’s likely that your answer is a resounding yes. And these numbers are only growing by the day, thanks to the immense range and flexibility of Microsoft’s stellar security offerings – Advanced Threat Protection (ATP for short), Microsoft Defender ATP and Azure ATP.

These three ATP offerings are powerhouses in the security market – combining simplicity and reliability into one neat little package. Now if you’re thinking this is right up your alley – keep reading, you’ll get a kick out of this. (If not, keep reading anyway – you never know what you might learn.)

If you’re still wondering why ATP is important, there is one single sentence that we think explains this quite well:

“One single vulnerability is all an attacker needs.”

  • Window Snyder, Chief Security Officer, Fastly

Don’t fall into the trap of leaving your systems unguarded.

So whether you’re a veteran Microsoft user or fresh out of your first introduction to the software, you’ll love these seven Microsoft Defender, Office 365 ATP and Azure ATP features that can keep your business safe from unknown threats and help you win more business.

 

Office 365 ATP vs Microsoft Defender ATP vs Azure ATP 

Before we get into the nitty gritty of what each ATP product can offer you, we first want to go over what each one does.

Office 365 ATP is heavily focussed on email management and security – keeping your employees safe from malicious attachments and suspicious emails. It’s constantly scanning incoming emails and looking to stop threats before they occur.

Microsoft Defender ATP on the other hand, centres around reporting, threat monitoring and identifying weaknesses in your systems. The aim is to not just stop breaches, but to also spot potential trends, in order to ensure that you and your business are in control, from end user to end user.

As technology continues to change and evolve, businesses need to find new ways to stop increasingly sophisticated attacks. No longer are we able to slap on anti-virus and be as secure as Fort Knox, attackers are finding new exploits constantly, and if you aren’t taking active steps then you’ll be left behind in the dust. Both Office 365 ATP and Microsoft Defender ATP are adept at identifying and stopping attacks and threat actors from getting a hold of your systems, ensuring you won’t be left in said dust.

You may also be a user of Azure ATP, which is a reconnaissance defence system, detecting any suspicious activity that may be occurring within your systems. We know, we’re throwing another spanner into the works, but bear with us. Azure ATP builds off of a central database that learns the behaviours of your staff and alerts you through the workspace portal when there are any suspicious changes.

To put it simply, Office 365 ATP is email protection, Microsoft Defender ATP is endpoint protection and Azure ATP is identity protection.

 

1. Real time reporting

Many businesses are unsure of how to take the first proactive steps when it comes to ensuring the safety of their systems. With so much to keep track of, it can be a daunting task for businesses of any size – especially when everything’s changing at such a rapid pace.

This is where ATP’s real time reporting comes in.

ATP, (particularly Microsoft Defender’s ATP), contains a unique type of reporting functionality to help you watch for specific trends in your data.

These reports allow you to respond to possible threats immediately, significantly reducing the chance of downtime and therefore ultimately saving you money.

There’s so much potential for your business to not only survive but thrive.

Report filters also give users the option to narrow down data – becoming more specific as you choose in order to show you the details of your systems. This means you’re not only able to stop potential threats as they happen, but also pick up on data trends that can help you make changes to create a more efficient space.

From trigger alerts to device compliance, it’s all there for you.

 

2. Anti-phishing policies

It’s highly likely that you may have heard of the very famous case of phishing that targeted Sony in September 2014. For those of you who haven’t, the company’s systems were compromised through the use of phishing emails disguised as Apple ID verification emails, leading to leaked information, downed systems and an utter catastrophe all around.

This is the reason phishing is undoubtedly one of the most dangerous threats to business– it often uses social engineering and trickery for the attackers own gain. Often enough, the motive is financial, but this is not always the case.

To put it into perspective, for an organisation with 1-250 employees, at least one in 323 emails is malicious. For businesses with over 1000 employees, this equates to approximately one in 823 emails.

What separates today’s phishing attempts from ones in the past is that many of these attempts are often well-disguised – showing little to no signs of malicious intent. Alarming, right? But this doesn’t mean your business is completely exposed.

Policies are the frontline for your staff and can be the difference between safety or disaster. You have full control – allowing you to determine what user and domains should be protected. Modifying and enhancing these policies also allows you to stay compliant with your security at all times.

ATP does a fantastic job at keeping your business safe from threats, both inside and outside your organisation. Part of its strength comes in allowing your employees to submit reports on emails that look suspicious, in order to build a stronger and more complete database. This also includes threats such as spoofing, stopping emails from appearing that may seem to be from a legitimate address but are not.

 

3. Safe Attachments 

If you had the chance to stop a potential threat before it occurred, would you take it?

It may seem like an obvious yes answer, but not everyone knows the Safe Attachments technology even exists, or if they do, how to use it successfully – and as such, they’re not gaining the valuable protection it provides.

With approximately 13.4% of malicious email attachments being opened, even one click can be catastrophic.  Safe Attachments works by opening any file that’s contained in an email and ‘detonating’ it in a ‘sandbox environment’ to check for any malicious material. This is generally done by looking at the behaviour and nature of the file, ensuring it does what it says and isn’t hiding any ulterior motives. If the email is deemed malicious, it will remove the attachment and provide a text document explaining this to the user.

And the best part?

All of this happens before the user even receives the email. If there’s an issue, the would-be recipient is notified of the threat. Otherwise, there are no signs this process has occurred at all. This means you avoid disruptions,  making it a seamless addition to your security.

All actions that are taken before the email reaches its destined inbox are defined by your own policies, ranging from who the policy covers to how the email’s handled – meaning all control is in your hands.

 

4. Threat tracking and intelligence

When it comes to security, businesses no longer have to act in a solely preventative way.

In the past, IT was focussed on simply stopping an attack. There was little to no way to completely prevent an attack, simply to be as prepared as possible. Modern technologies now allow you to do what was once thought impossible.

Threat tracking provides you with vital intelligence on various cybersecurity issues that have the potential to impact your business. This includes the ability to view active campaigns and see potential threats both big and small, as well as offering widgets that help you understand the information.

When it comes to protecting a business, there’s a common misconception that anti-malware programs are enough. Unfortunately, traditional anti-malware systems are unable to pick up threats that are evolving at such a rapid pace, leaving businesses vulnerable and open to attack without the business even being aware its exposed.

Threat analytics play an important part in determining any potential issues with your systems. This is done through tools that uncover insights and trending issues, and allow you to prepare for future use. Some of these tools include:

  • Latest threats
  • High-impact threats
  • Threat summary
  • Security configuration status
  • Vulnerability patching status
  • Device with alerts
  • Mitigation details

The core idea is to take protection to the next level using proactive security measures, instead of taking a reactive damage-control stance when the worst happens.

 

5. Attack simulator

Your staff are the most important and valuable defence system when it comes to the protection of your systems. As such, you would want to prepare them for any and all possibilities, right?

Microsoft’s threat simulator works by sending through a custom attack, disguised as an email that would not be unusual to receive in your inbox. This is done through the use of a template phishing email, or with a custom template.

Once sent out, the simulator records every link clicked, who clicked on them and what time. When a link from the email is opened, it provides a message to the person that tells them that they would have been hacked if it weren’t a simulated environment, as well as information on how to check an email is truly legitimate.

To make sense of the data presented to you, the attack simulator pulls together a list of statistics that determine how successful a real attack would have been in your organisation. It then shows you factors such as total users targeted and overall success rate, to help you decide how best to engage your staff.

There are many types of attacks that can be simulated, including password attacks, a spear phishing attack or a spray password attack. They’re built to imitate common scams that often target employees of businesses of all sizes and industries.

These attacks are a vital part in your businesses security. With human error making up approximately 90% of cyber breaches in businesses, there is no reason to not train your staff to have an eagle eye to potentially harmful emails.

 

6. Safe Links 

Have you ever heard the old saying, “not everything is always as it seems.”

It’s easy to become complacent and click on an email, and even a link, without thinking twice. After all, the average person receives approximately 120 work emails a day, and our level of alertness tends to lower as the day goes on. This is where Safe Links come in.

Much like anti-phishing, Safe Links can be implemented through the use of policies to protect users via a proxy server. This server checks if the URL provided is safe to view – running the link through Microsoft’s reputation database to see if it’s a known malicious link.

If it’s decided the link isn’t safe, the user will be warned via messages such as this website has been classified as malicious or this website was blocked by your Office 365 administrator. This database is constantly shifting and growing to incorporate a wide variety of URL’s and sites, looking to stop even the most inconspicuous of malicious links.

With safe links, you are able to do what you do best, without having to worry about potential threats to your business.

Ready to start being more proactive with your business security? Contact us today and let us help your business reach its goals with our personalised consultations.
(07) 3390 8833
info@infotech.com.au

 

Don't forget to share!