ADVANCED THREAT PROTECTION

Keeping users’ PCs, laptops, smart phones or bank accounts from being owned by ransomware or phishing attacks protected.

Case Studies

“The vast majority of advanced threats come through email. Preventing those threats in the first place is a top priority. Microsoft IT needed to go beyond traditional technologies to stop advanced threats like zero-day attacks and phishing.”

FACE IT, USERS ARE CLICK-HAPPY. WHEN ATTACHMENTS AND LINKS LOOK INTERESTING, THEY’RE GOING TO OPEN THEM.

It’s not always due to cluelessness. The main perpetrators for these attacks are organized crime syndicates and state-affiliated Actors, who put lots of time into creating clever, legit-looking content.

To keep users’ PCs, laptops, smart phones or bank accounts from being owned by ransomware or phishing attacks, consider turning on Office 365 Advanced Threat Protection. To date, it’s been the most widely deployed feature of Office 365’s E5 bundle, because it solves a real issue facing organizations. It’s also available for only $2/user/month a la carte.

Advanced Threat Protection uses Safe Attachments and Safe Links capabilities to ensure another layer of security for users.

End users aren’t aware of threats and may unknowingly allow viruses or malware to attack their machines. An example of a well-meaning employee eagerly clicking their way into the hurt locker is a salesperson who is sent an email with an attached word document. The email gives vaguely mentions an attached purchase order. Programmed to process POs, the sales rep opens the attached file only to realize that they’ve installed a virus. Or maybe they don’t, and the virus silently installed a keylogger which captures their bank account data next time they enter it. Either way, they’re owned.

Exchange Online Protection does a good job quarantining/cleaning known viruses and malware from email. But if users are sent new/undetected malware that looks legit enough to open, how can the organization stay protected? Advanced Threat Protection (ATP) protects the user and organization at the time of the click, not just at the time of delivery.

Advanced Threat Protection uses machine learning and an advanced analysis/cleansing service to protect against unknown malware and viruses, providing better zero-day protection to email. All inbound email is sent through multiple filters. Those showing characteristics of known exploits are blocked, those showing characteristics of known/safe messages are delivered. If the message falls somewhere in the middle, it’s subjected to the additional filtering of Advanced Threat Protection.

There are three likely means to install malware. Emails with malicious attachments, websites serving up drive-by downloads with each visit, and a hybrid of the two—emails with links to pages with drive-by code installs.

Read on about how Advanced Threat Protection uses Safe Attachments and Safe Links capabilities to ensure another layer of security for users.

Making Attachments Safe

If an attachment is suspicious/unknown, it’s sent to a “detonation chamber” sandbox where it’s assessed for certain principles (.exes, calling registry keys, accessing privileges, etc.). This takes between 7-8 minutes, with a 30 minute SLA to deliver the email. Based on machine learnt past behavior and administrator settings, ATP can block or rewrite the attachments that are suspicious, and redirect to an administrative account (options shown below).

The impact isn’t crippling to end users. If malware is found, and the attachment is stripped or safely changed, notification is still sent to receiver and sender. Admins can see who’s clicked on what links with settings below.

Making Links Safe

Safe links is a feature in Advanced Threat Protection that helps prevent users from following links in email that link to web sites that may be malicious. When URLs are detected within email, they’re checked against the machine-learning databases for suspicious characteristics.

When a user hovers over the URL in the email, they’ll see a prefix on the URL nasafelinks.outlook.com which lets them know that once clicked, Advanced Threat Protection will evaluate that link before allowing it to open. If it’s deemed secure, the page pops up within seconds. If it’s not deemed secure, the link initiates a session in a new protective shell (in an isolated browser window/environment) and alerts the user that there’s danger ahead (as below). 

Sometimes, URLs are sent through using known, safe destinations, but sophisticated attackers will go back and change the DNS destination of the malware-infested hyperlinks, so that they’re no longer sensed by some anti-malware apps. With ATP, if the URL has been rewritten, the user tries to click on the hyperlink, ATP checks at that moment, and warn the user from going to that bad link.

These are examples of how ATP protects the user at the time of the click, not just at the time of delivery protection.

 

Enabling Technologies are experts in securing productivity applications in the cloud. See one recommendation to get educated and start using security within Office 365, or contact us

 

 

Enabling Technologies' capabilities provides organizations with secure, cloud communications using Office 365 and Azure. Professional security services include:

GUIDANCE

Need to refresh your security policy for SaaS, BYOD, and DLP? Enabling’s experts can help.

 

 

PLAN

TRAINING

Do your IT Pros need training on O365/Azure security? Check out our security training courses.

 

 

LEARN

SERVICES

Microsoft’s 400+ cloud security features are off by default. Let us handle the day to day so you can get on with your business.

 

DEPLOY

SUPPORT

If monitoring your security alerts is a daunting task, our support team can filter and triage anomalies.

 

 

MANAGE

ENABLING TECHNOLOGIES

We build a smarter, more connected, more enjoyable workplace using the Microsoft Communications and Collaboration stack. Our perspective from thousands of projects and predictable methodology translates to your successful project. Our award winning Organizational Change Management program drives user adoption and acceptance which delivers full value for your UC investment.

CAREERS AT ENABLING TECHNOLOGIES

We are always looking for dynamic new talent to join our team. If you have a passion for innovation and learning, we encourage you to browse our current openings!

2015 Microsoft Partner of Year

 

2015 Microsoft Partner of Year

Communications Market Acceleration

 

Read more...

Why we won the award…

What technologies we provide users is an important decision, but perhaps the most important question of all is “will they use it?” Enabling’s “Lights, Camera, Adoption!” Organizational Change Management program provides customers with the tools required to successfully drive user acceptance and high adoption of new technologies. Enabling ensures that everyone in the organization is excited to use the new technology with fun and exciting pre-planned deployment plans. Operational Change Management made all the difference with one of Enabling’s local clients. Enabling just finished up working with this new client to deploy Lync Enterprise Voice at over 70 locations with more than 7,000 users. They were able to use the preplanned roll out plans from Enabling Technologies to insure a successful adoption.

Note: Click anywhere outside of this box to close the box.

2012 Microsoft Partner of Year

 

 

2012 Microsoft Partner of Year

Unified Communications Solutions. Instant Messaging / Presence / Conferencing / Voice

 

Read more...

Why we won the award…

Our client, one of the nation’s leading architecture and engineering firms, wanted to improve customer relationship management. They required their project managers to take notes of customer phone calls in Dynamics’ CRM. However, their PMs only used CRM to log calls, and rarely kept it open and available. Getting to CRM’s call notes page took eight mouse clicks for each phone call, taking time and effort. Many times, the PMs were unwilling or unable to spend the extra time to comply with procedures. Enabling created ETC CRM Sync, which uses Lync APIs to automatically pop a screen to the customer’s CRM page, where the PM can immediate start taking notes. The integration significantly reduced the time and effort it normally takes to log the call notes in CRM. Not only did Enabling’s solution save their project managers time, but the company has much more accurate reporting and a complete call history for all their clients in CRM.

Note: Click anywhere outside of this box to close the box.

2010 Microsoft Partner of Year

 

 

2010 Microsoft Partner of Year

Unified Communications Solutions. Instant Messaging / Presence / Conferencing / Voice

 

Read more...

Why we won the award…

Our client, a global provider of strategic outsourcing services, looked to Enabling for assistance rolling out Unified Communications to their organization. Depending on the time of year and the status of outsourcing contracts, user counts ranged between 7,000-14,000. They needed to replace their older Avaya PBXs and Voicemail systems. Enabling designed and implemented Lync, including Enterprise Voice, and Exchange Unified Messaging. In addition, Enabling used Lync’s APIs to connect to the client’s attendance/absentee tracking system. When an employee called in sick, Lync’s IVR took the call, prompted the caller to enter an employee ID and reason for absence, then inserted the information into the attendance application. Lync would then place an outcall to other potential substitutes and prompted them to ask if they’d be able to cover the shift. This saved FTEs from having to manually handle the process, and enabled quicker coverage for absenteeism. Lync not only proved to be a reliable voice system, but Enabling turned it into an extensible business enabler.

Note: Click anywhere outside of this box to close the box.
About Us
Contact
Technologies
Successes