David J Rosenthal, profile picture
Uploaded byDavid J Rosenthal
PDF, PPTX4,554 views

Microsoft Office 365 Advanced Threat Protection

The document discusses Office 365 Advanced Threat Protection (ATP), highlighting its features aimed at safeguarding business-critical data from various cyber threats like phishing and malware. It details the capabilities of the ATP system, including email protection through safe attachments and links, machine learning models for threat detection, and the extension of security measures across Office 365 workloads. Additionally, it outlines improvements in threat reporting and future integrations to enhance security management.

Embed presentation

Download as PDF, PPTX
Office 365 Advanced Threat Protection Productivitybuilt on security DavidJ. Rosenthal, VP & GM, DigitalBusiness MicrosoftMTC – NYC May 2, 2018
1 billion Windows devices updated 450 billion Microsoft Azure user authentications 400 billion Office emails analyzed Integration across our platforms and services Cloud App Security
Office 365 Advance Threat Protection addresses our customer’s challenges Protect business critical data Detect compromised users Gain visibility to respond to threats
Protect your data
Protect business critical data Most security experts agree that email remains the #1 attack vector emails analyzed every month in office 365 of all email traffic is spam (Mar ‘17)2 increase in ransomeware- infected emails (2016-2017)1
Protect your data • Advanced Threat Protection Safe Attachments: detonating malicious attachments Detonation
Attachment sent to sandbox Protect your data • Our features and enhancements limit the impact to user productivity: Dynamic Delivery Dynamic delivery: Reducing the impact from sandboxing latency Continuously lowering latency times Email with attachment Email body goes through basic email security Sandboxing Malicious attachment Safe attachment
Protect your data • Our features and enhancements limit the impact to user productivity: Document Preview
Protect your data • Advanced Threat Protection Safe Links: Time of click protection for malicious links Web servers perform latest URL reputation check Rewriting URLs to redirect to a web server. User clicking URL is taken to EOP web servers for the latest check at the “time- of-click”
Office 365 Phish Protection Stack (Enhanced) 12 Mail Flow Protection Post Delivery Protection ATP Safe link Time of click Protection ATP ZAP Sender Authentication Checks Implicit Intra Org Domain Spoof Detection Soon: ATP Implicit External Domain Spoof Detection Soon: ATP User mailbox Intelligence Soon: ATP User Impersonation Detection Soon: ATP Domain Impersonation Detection AV Engine Scan URL Reputation Scan New: ATP Attachment Detonation for phishing ATP Heuristic Clustering Phish Content Analysis Heuristics/Rules ATP Machine Learning Models Multi factor Authentication for Office 365 New: Safe link for Internal MailNew: ATP block of attachments with bad URLs New: Windows 10 based Rep Scan Enhanced: Safe link for Office Clients ATP Safe link Time of click Protection ATP ZAP Sender Authentication Checks Implicit Intra Org Domain Spoof Detection Soon: ATP Implicit External Domain Spoof Detection Soon: ATP User Intelligence Soon: ATP User Impersonation Detection Soon: ATP Domain Impersonation Detection AV Engine Scan URL Reputation Scan New: ATP Attachment Detonation for phishing ATP Heuristic Clustering Phish Content Analysis Heuristics/Rules ATP Machine Learning Models Multi factor Authentication for Office 365 New: Safe link for Internal Mail New: ATP block of attachments with bad URLs New: Windows 10 based Rep Scan Enhanced: Safe link for Office Clients Enhanced: Client Tips for Suspicious Mails Tenant Block URL for Safe links New: Explore malicious submissions in Threat Explorer Monitor for risky user/App activity Enhanced:Threat Explorer New: Rich Reports & Insights Detect & Respond
Protect leveraging Machine Learning Models identifying phish lures Analyses Millions of samples ML Model Model generation Good - Inbox Bad - Phish action Applying what we learnedLearning from the good and bad Base protection
• Implicit Spoof Protection; DMARC; SPF • Content based protection • URL verification against known phishing lists • Safety Tips for mails detected as phish • Inline Reporting • Machine Learning Models • Time of Click Protection (Safe links) • Detonation of Content • Users contact graph Domain Spoof • DMARC, DKIM • SPF • Intra Org spoof • Cross domain spoof Compromised • Compromised account Impersonation • Look alike domains • Display name tricks Content • Attachments • URLs • Text Protect with Office 365 ATP enhanced Anti-phish Capabilities
Protect: Admins can create enhanced Anti-impersonation settings
Protect with Mailbox Intelligence
Protect: Admins can apply internal safe links for intra-org emails
Protect: Admins can apply sophisticated anti-spoof settings
Protect users by enabling message reporting of potential phish enable
Protect your data • Advanced threat protection: URL detonation DetonationEmail with link Link added to reputation server
Protect your data • Threat protection extends to your entire Office 365 ecosystem Email is only one attack vector Threat protection has extended coverage Microsoft enables security for multiple office workloads Office 365
Protect your data • Advanced threat protection for your collaboration workloads Sandboxing and detonation • anonymous links • companywide sharing • explicit sharing • guest user activity collaboration signals • malware in email + SPO • Windows Defender • Windows Defender ATP • suspicious logins • risky IP addresses • irregular file activity threat feeds • users • IPs • On-demand patterns (e.g. WannaCry) activity watch lists Leverage Signals Apply Smart Heuristics Files in SPO, ODB and Teams 1st and 3rd party reputation Multiple AV engines SharePoint OneDrive Microsoft Teams
Protect your data • Advanced security for your desktop clients Improve your security against advanced threats, unknown malware, and zero-day attacks Protect users from malicious links with time-of-click protection Safeguard your environment from malicious documents using virtual environments Word Excel PowerPoint Visio
Detect compromised users
Reporting dashboard
Detect compromised users Security & compliance center reporting dashboard • Inbound vs. Outbound Malware
Security & compliance center reporting dashboard • Inbound vs. Outbound Malware • ATP Safe Attachment File Disposition Detect compromised users
Security & compliance center reporting dashboard • Inbound vs. Outbound Malware • ATP Safe Attachment File Disposition • ATP Safe Attachment Files Caught (Excel, PPT, Word, etc.) Detect compromised users
Security & compliance center reporting dashboard • Inbound vs. Outbound Malware • ATP Safe Attachment File Disposition • ATP Safe Attachment Files Caught (Excel, PPT, Word, etc.) • Malware caught in tenant Detect compromised users
Security & compliance center reporting dashboard • Inbound vs. Outbound Malware • ATP Safe Attachment File Disposition • ATP Safe Attachment Files Caught (Excel, PPT, Word, etc.) • Malware caught in tenant • Message details/trace Detect compromised users
• Detection technology used (Safe Links/Safe Attachments/EOP) • Detonation details (also offered in Threat Intelligence) • Links blocked with emails for the last 7 days • Message details/trace (also offered in Threat Intelligence) Advanced reporting for advanced threat protection Detect compromised users
Gain visibility to respond to threats
Gain Visibility : Office ATP Dashboard
Today and Beyond
Security Focused Investments for Advanced Threat Protection 60 s
What’s next? ATP SIEM Integration We will be enabling SIEM integration for ATP. ATP’s threat feeds will be available through the Office 365 Management Activity API which can then connect to several different SIEM solutions. Safe Links Native Link Rendering ATP Safe Links solution will soon enable users to see the original link when they hover over a URL. This feature is especially useful for users who have been trained on looking for malicious indicators for URLs.
© 2018 Razor Technology, LLCwww.razor-tech.com @DavidJRosenthal Slideshare www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Cell: 215.801.4430 Office: 866.RZR.DATA LETS KEEP IN TOUCH
© 2017 Microsoft Corporation. All rights reserved. 46

More Related Content

PDF
An introduction to Defender for Business
byRobert Crane
 
PDF
Microsoft Office 365 Security and Compliance
byDavid J Rosenthal
 
PPTX
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
byVignesh Ganesan I Microsoft MVP
 
PPTX
Office 365 Security Best Practices
byCommunity IT Innovators
 
PDF
Microsoft 365 Security Overview
byRobert Crane
 
PDF
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
byDavid J Rosenthal
 
PDF
Introduction to Microsoft Enterprise Mobility + Security
byAntonioMaio2
 
PDF
Microsoft 365 eEnterprise E5 Overview
byDavid J Rosenthal
 
An introduction to Defender for Business
byRobert Crane
 
Microsoft Office 365 Security and Compliance
byDavid J Rosenthal
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
byVignesh Ganesan I Microsoft MVP
 
Office 365 Security Best Practices
byCommunity IT Innovators
 
Microsoft 365 Security Overview
byRobert Crane
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
byDavid J Rosenthal
 
Introduction to Microsoft Enterprise Mobility + Security
byAntonioMaio2
 
Microsoft 365 eEnterprise E5 Overview
byDavid J Rosenthal
 

What's hot

PDF
An introduction to Office 365 Advanced Threat Protection (ATP)
byRobert Crane
 
PPTX
Microsoft Defender for Endpoint
byCheah Eng Soon
 
PDF
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
PPTX
Microsoft Information Protection: Your Security and Compliance Framework
byAlistair Pugin
 
PPTX
Microsoft Defender for Endpoint Overview.pptx
byBenAissaTaher1
 
PDF
Microsoft Defender and Azure Sentinel
byDavid J Rosenthal
 
PDF
Azure Information Protection
byRobert Crane
 
PPTX
2 Modern Security - Microsoft Information Protection
byAndrew Bettany
 
PPTX
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
PPTX
Labelling in Microsoft 365 - Retention & Sensitivity
byDrew Madelung
 
PDF
Cloud App Security Customer Presentation.pdf
byErikHof4
 
PDF
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
byDavid J Rosenthal
 
PDF
Microsoft Zero Trust
byDavid J Rosenthal
 
PPTX
Fundamentals of Microsoft 365 Security , Identity and Compliance
byVignesh Ganesan I Microsoft MVP
 
PDF
Microsoft Azure Sentinel
byBGA Cyber Security
 
PPTX
Patch Management Best Practices
byIvanti
 
PDF
Overview of Data Loss Prevention Policies in Office 365
byDock 365
 
PPTX
Azure sentinel
byMarius Sandbu
 
PPTX
Zero Trust Model
byYash
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
byKrishna Srikanth Manda
 
An introduction to Office 365 Advanced Threat Protection (ATP)
byRobert Crane
 
Microsoft Defender for Endpoint
byCheah Eng Soon
 
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
Microsoft Information Protection: Your Security and Compliance Framework
byAlistair Pugin
 
Microsoft Defender for Endpoint Overview.pptx
byBenAissaTaher1
 
Microsoft Defender and Azure Sentinel
byDavid J Rosenthal
 
Azure Information Protection
byRobert Crane
 
2 Modern Security - Microsoft Information Protection
byAndrew Bettany
 
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
Labelling in Microsoft 365 - Retention & Sensitivity
byDrew Madelung
 
Cloud App Security Customer Presentation.pdf
byErikHof4
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
byDavid J Rosenthal
 
Microsoft Zero Trust
byDavid J Rosenthal
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
byVignesh Ganesan I Microsoft MVP
 
Microsoft Azure Sentinel
byBGA Cyber Security
 
Patch Management Best Practices
byIvanti
 
Overview of Data Loss Prevention Policies in Office 365
byDock 365
 
Azure sentinel
byMarius Sandbu
 
Zero Trust Model
byYash
 
Cyber Security Awareness Session for Executives and Non-IT professionals
byKrishna Srikanth Manda
 

Similar to Microsoft Office 365 Advanced Threat Protection

PDF
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
PPTX
Security and compliance in Office 365 -Part 1
byVignesh Ganesan I Microsoft MVP
 
PDF
Secure remote work
byAllessandra Negri
 
PPTX
Secure Modern Workplace With Microsoft 365 Threat Protection
byAmmar Hasayen
 
PPTX
Security and Compliance with SharePoint and Office 365
byRichard Harbridge
 
PDF
Microsoft Office 365 Security and Compliance Updates
byDavid J Rosenthal
 
PPTX
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
byjeffgellman
 
PDF
Microsoft 365 | Modern workplace
bySiddick Elaheebocus
 
PPTX
Securing your Organization with Microsoft 365
byRavikumar Sathyamurthy
 
PDF
May 2020 Microsoft 365 Need to Know Webinar
byRobert Crane
 
PDF
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
byDean Iacovelli
 
PPTX
Office 365 advanced threat protection
bySoHo Dragon
 
PDF
Being more secure using Microsoft 365 Business
byRobert Crane
 
PDF
Threat management lifecycle in ottica GDPR
byJürgen Ambrosi
 
PDF
December 2019 Microsoft 365 Need to Know Webinar
byRobert Crane
 
PDF
2018-10-23 2B - a deep dive into Microsoft 365 security - Muditha Chathuranga
byaOS Community
 
PDF
March 2021 Microsoft 365 Need to Know Webinar
byRobert Crane
 
PDF
Softwerx Microsoft 365 Security Webinar Presentation
byPatrick Leckie
 
PPTX
Intro to Office 365 Security & Compliance Center
byCraig Jahnke
 
PDF
Learn how to protect against and recover from data breaches in Office 365
byAntonioMaio2
 
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
Security and compliance in Office 365 -Part 1
byVignesh Ganesan I Microsoft MVP
 
Secure remote work
byAllessandra Negri
 
Secure Modern Workplace With Microsoft 365 Threat Protection
byAmmar Hasayen
 
Security and Compliance with SharePoint and Office 365
byRichard Harbridge
 
Microsoft Office 365 Security and Compliance Updates
byDavid J Rosenthal
 
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
byjeffgellman
 
Microsoft 365 | Modern workplace
bySiddick Elaheebocus
 
Securing your Organization with Microsoft 365
byRavikumar Sathyamurthy
 
May 2020 Microsoft 365 Need to Know Webinar
byRobert Crane
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
byDean Iacovelli
 
Office 365 advanced threat protection
bySoHo Dragon
 
Being more secure using Microsoft 365 Business
byRobert Crane
 
Threat management lifecycle in ottica GDPR
byJürgen Ambrosi
 
December 2019 Microsoft 365 Need to Know Webinar
byRobert Crane
 
2018-10-23 2B - a deep dive into Microsoft 365 security - Muditha Chathuranga
byaOS Community
 
March 2021 Microsoft 365 Need to Know Webinar
byRobert Crane
 
Softwerx Microsoft 365 Security Webinar Presentation
byPatrick Leckie
 
Intro to Office 365 Security & Compliance Center
byCraig Jahnke
 
Learn how to protect against and recover from data breaches in Office 365
byAntonioMaio2
 

More from David J Rosenthal

PDF
Azure Arc Overview from Microsoft
byDavid J Rosenthal
 
PDF
Microsoft Azure Active Directory
byDavid J Rosenthal
 
PDF
A Secure Journey to Cloud with Microsoft 365
byDavid J Rosenthal
 
PDF
Microsoft Teams Phone - Calling Made Simple
byDavid J Rosenthal
 
PDF
Microsoft Viva Topics
byDavid J Rosenthal
 
PDF
Viva Connections from Microsoft
byDavid J Rosenthal
 
PDF
Microsoft Windows Server 2022 Overview
byDavid J Rosenthal
 
PDF
Whats New in Microsoft Teams Calling November 2021
byDavid J Rosenthal
 
PDF
Windows 11 for the Enterprise
byDavid J Rosenthal
 
PDF
Microsoft Viva Learning
byDavid J Rosenthal
 
PDF
Microsoft Viva Introduction
byDavid J Rosenthal
 
PDF
Better Meetings with Microsoft Teams
byDavid J Rosenthal
 
PDF
Microsoft Power BI Overview
byDavid J Rosenthal
 
PDF
What is New in Teams Meetings and Meeting Rooms July 2021
byDavid J Rosenthal
 
PDF
Nintex Worflow Overview
byDavid J Rosenthal
 
PDF
Modernize Java Apps on Microsoft Azure
byDavid J Rosenthal
 
PDF
Windows365 Hybrid Windows for a Hybrid World
byDavid J Rosenthal
 
PDF
Microsoft Scheduler for M365 - Personal Digital Assistant
byDavid J Rosenthal
 
PDF
Whats New in Microsoft Teams Hybrid Meetings November 2021
byDavid J Rosenthal
 
PDF
Protect your hybrid workforce across the attack chain
byDavid J Rosenthal
 
Azure Arc Overview from Microsoft
byDavid J Rosenthal
 
Microsoft Azure Active Directory
byDavid J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
byDavid J Rosenthal
 
Microsoft Teams Phone - Calling Made Simple
byDavid J Rosenthal
 
Microsoft Viva Topics
byDavid J Rosenthal
 
Viva Connections from Microsoft
byDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
byDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
byDavid J Rosenthal
 
Windows 11 for the Enterprise
byDavid J Rosenthal
 
Microsoft Viva Learning
byDavid J Rosenthal
 
Microsoft Viva Introduction
byDavid J Rosenthal
 
Better Meetings with Microsoft Teams
byDavid J Rosenthal
 
Microsoft Power BI Overview
byDavid J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
byDavid J Rosenthal
 
Nintex Worflow Overview
byDavid J Rosenthal
 
Modernize Java Apps on Microsoft Azure
byDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
byDavid J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
byDavid J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
byDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
byDavid J Rosenthal
 

Recently uploaded

PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
December Patch Tuesday
byIvanti
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
The year in review - MarvelClient in 2025
bypanagenda
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 

Microsoft Office 365 Advanced Threat Protection

  • 1.
    Office 365 AdvancedThreat Protection Productivitybuilt on security DavidJ. Rosenthal, VP & GM, DigitalBusiness MicrosoftMTC – NYC May 2, 2018
  • 3.
    1 billion Windows devicesupdated 450 billion Microsoft Azure user authentications 400 billion Office emails analyzed Integration across our platforms and services Cloud App Security
  • 4.
    Office 365 AdvanceThreat Protection addresses our customer’s challenges Protect business critical data Detect compromised users Gain visibility to respond to threats
  • 5.
  • 6.
    Protect business criticaldata Most security experts agree that email remains the #1 attack vector emails analyzed every month in office 365 of all email traffic is spam (Mar ‘17)2 increase in ransomeware- infected emails (2016-2017)1
  • 7.
    Protect your data •Advanced Threat Protection Safe Attachments: detonating malicious attachments Detonation
  • 9.
    Attachment sent to sandbox Protectyour data • Our features and enhancements limit the impact to user productivity: Dynamic Delivery Dynamic delivery: Reducing the impact from sandboxing latency Continuously lowering latency times Email with attachment Email body goes through basic email security Sandboxing Malicious attachment Safe attachment
  • 10.
    Protect your data •Our features and enhancements limit the impact to user productivity: Document Preview
  • 11.
    Protect your data •Advanced Threat Protection Safe Links: Time of click protection for malicious links Web servers perform latest URL reputation check Rewriting URLs to redirect to a web server. User clicking URL is taken to EOP web servers for the latest check at the “time- of-click”
  • 12.
    Office 365 PhishProtection Stack (Enhanced) 12 Mail Flow Protection Post Delivery Protection ATP Safe link Time of click Protection ATP ZAP Sender Authentication Checks Implicit Intra Org Domain Spoof Detection Soon: ATP Implicit External Domain Spoof Detection Soon: ATP User mailbox Intelligence Soon: ATP User Impersonation Detection Soon: ATP Domain Impersonation Detection AV Engine Scan URL Reputation Scan New: ATP Attachment Detonation for phishing ATP Heuristic Clustering Phish Content Analysis Heuristics/Rules ATP Machine Learning Models Multi factor Authentication for Office 365 New: Safe link for Internal MailNew: ATP block of attachments with bad URLs New: Windows 10 based Rep Scan Enhanced: Safe link for Office Clients ATP Safe link Time of click Protection ATP ZAP Sender Authentication Checks Implicit Intra Org Domain Spoof Detection Soon: ATP Implicit External Domain Spoof Detection Soon: ATP User Intelligence Soon: ATP User Impersonation Detection Soon: ATP Domain Impersonation Detection AV Engine Scan URL Reputation Scan New: ATP Attachment Detonation for phishing ATP Heuristic Clustering Phish Content Analysis Heuristics/Rules ATP Machine Learning Models Multi factor Authentication for Office 365 New: Safe link for Internal Mail New: ATP block of attachments with bad URLs New: Windows 10 based Rep Scan Enhanced: Safe link for Office Clients Enhanced: Client Tips for Suspicious Mails Tenant Block URL for Safe links New: Explore malicious submissions in Threat Explorer Monitor for risky user/App activity Enhanced:Threat Explorer New: Rich Reports & Insights Detect & Respond
  • 13.
    Protect leveraging MachineLearning Models identifying phish lures Analyses Millions of samples ML Model Model generation Good - Inbox Bad - Phish action Applying what we learnedLearning from the good and bad Base protection
  • 14.
    • Implicit SpoofProtection; DMARC; SPF • Content based protection • URL verification against known phishing lists • Safety Tips for mails detected as phish • Inline Reporting • Machine Learning Models • Time of Click Protection (Safe links) • Detonation of Content • Users contact graph Domain Spoof • DMARC, DKIM • SPF • Intra Org spoof • Cross domain spoof Compromised • Compromised account Impersonation • Look alike domains • Display name tricks Content • Attachments • URLs • Text Protect with Office 365 ATP enhanced Anti-phish Capabilities
  • 15.
    Protect: Admins cancreate enhanced Anti-impersonation settings
  • 16.
  • 17.
    Protect: Admins canapply internal safe links for intra-org emails
  • 18.
    Protect: Admins canapply sophisticated anti-spoof settings
  • 19.
    Protect users byenabling message reporting of potential phish enable
  • 20.
    Protect your data •Advanced threat protection: URL detonation DetonationEmail with link Link added to reputation server
  • 21.
    Protect your data •Threat protection extends to your entire Office 365 ecosystem Email is only one attack vector Threat protection has extended coverage Microsoft enables security for multiple office workloads Office 365
  • 22.
    Protect your data •Advanced threat protection for your collaboration workloads Sandboxing and detonation • anonymous links • companywide sharing • explicit sharing • guest user activity collaboration signals • malware in email + SPO • Windows Defender • Windows Defender ATP • suspicious logins • risky IP addresses • irregular file activity threat feeds • users • IPs • On-demand patterns (e.g. WannaCry) activity watch lists Leverage Signals Apply Smart Heuristics Files in SPO, ODB and Teams 1st and 3rd party reputation Multiple AV engines SharePoint OneDrive Microsoft Teams
  • 23.
    Protect your data •Advanced security for your desktop clients Improve your security against advanced threats, unknown malware, and zero-day attacks Protect users from malicious links with time-of-click protection Safeguard your environment from malicious documents using virtual environments Word Excel PowerPoint Visio
  • 24.
  • 25.
  • 26.
    Detect compromised users Security& compliance center reporting dashboard • Inbound vs. Outbound Malware
  • 27.
    Security & compliancecenter reporting dashboard • Inbound vs. Outbound Malware • ATP Safe Attachment File Disposition Detect compromised users
  • 28.
    Security & compliancecenter reporting dashboard • Inbound vs. Outbound Malware • ATP Safe Attachment File Disposition • ATP Safe Attachment Files Caught (Excel, PPT, Word, etc.) Detect compromised users
  • 29.
    Security & compliancecenter reporting dashboard • Inbound vs. Outbound Malware • ATP Safe Attachment File Disposition • ATP Safe Attachment Files Caught (Excel, PPT, Word, etc.) • Malware caught in tenant Detect compromised users
  • 30.
    Security & compliancecenter reporting dashboard • Inbound vs. Outbound Malware • ATP Safe Attachment File Disposition • ATP Safe Attachment Files Caught (Excel, PPT, Word, etc.) • Malware caught in tenant • Message details/trace Detect compromised users
  • 31.
    • Detection technologyused (Safe Links/Safe Attachments/EOP) • Detonation details (also offered in Threat Intelligence) • Links blocked with emails for the last 7 days • Message details/trace (also offered in Threat Intelligence) Advanced reporting for advanced threat protection Detect compromised users
  • 32.
    Gain visibility torespond to threats
  • 33.
    Gain Visibility :Office ATP Dashboard
  • 42.
  • 43.
    Security Focused Investmentsfor Advanced Threat Protection 60 s
  • 44.
    What’s next? ATP SIEMIntegration We will be enabling SIEM integration for ATP. ATP’s threat feeds will be available through the Office 365 Management Activity API which can then connect to several different SIEM solutions. Safe Links Native Link Rendering ATP Safe Links solution will soon enable users to see the original link when they hover over a URL. This feature is especially useful for users who have been trained on looking for malicious indicators for URLs.
  • 45.
    © 2018 RazorTechnology, LLCwww.razor-tech.com @DavidJRosenthal Slideshare www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Cell: 215.801.4430 Office: 866.RZR.DATA LETS KEEP IN TOUCH
  • 46.
    © 2017 MicrosoftCorporation. All rights reserved. 46