Depend on us to get your organisation to the next level.
BCN have a heritage of delivering outcomes through our cloud-first services and currently support over 1200 customers across specialist sectors.
Your tech partner
Posted on October 26th 2018
As a child my Mum would always praise the virtues of wearing layers. “You’ll catch your death of cold” she’d say, so we’d wear vests, shirts, long johns and coats in the winter.
Without sounding too cheesy, the same can be said for IT security – the more layers you have, the warmer (safer) you’ll be from the cold (data beaches, intrusions).
In the broadest sense you can think of your layers like armour – a single sheet just a few millimetres thick and it will be easily pierced. However, combine five or six of the sheets together and you have a much greater chance of stopping any bullets.
These layers start from the furthest reaches of your network where an attack can start and extend right down to your own desktop or laptop.
From the outside in, these layers typically consist of:
Naturally the first line of the defence is one of the most important, if you can stop these threats at the door then you don’t need to worry about engaging your other defences.
(Verizon, 2018 Data Breach Investigations Report)
Over the past year we’ve seen an increasing number of reports of “hacked” email accounts from our customers, some of which have led to serious issues such as data loss and fraud.
However, the term “hacked” is actually pretty misleading in itself, what typically happens in most cases is the user freely hands over their username and password, such as in one of the following scenarios:
(Symantec, Internet Security Threat Report (ISTR) 2018)
This is where Microsoft Advanced Threat Protection for Office 365 comes in – the first line of defence for modern Email based attacks.
Most Email anti-virus technologies rely on analysing “patterns” for file attachments that may contain malware or infected files. However, the security landscape is constantly evolving and presently a significant number of successful attacks occur just like the scenarios above, without ever having to deliver an infected file.
So, what exactly does Advanced Threat Protection provide above and beyond normal Email filtering?
Utilising a pattern-less approach, Safe Attachments can detect malicious attachments in your incoming Email by executing the files in a virtual environment to determine if they are genuine or not. If the file is determined to be malicious, it is removed, and the remainder of the email is delivered. This approach is useful at detecting newly evolving attacks or techniques that wouldn’t typically be detected by traditional Anti-Virus.
One of the benefits of using a cloud Email service such as Office 365 is the shared security intelligence. Microsoft process hundreds of millions of Emails every day and the combined intelligence gathered from attacks on other customers is made available to you.
Safe Links provides an ingenious way of protecting your users from clicking malicious / phishing links in Emails. If such a link is detected, it is automatically replaced with a warning page when clicked:
In addition to preventing the user from ever leaking their credentials or visiting a malicious website, administrators can also report on how many users have clicked on malicious links in the first place and use this to drive more relevant user training.
In addition to Email, Advanced Threat Protection can also scan files uploaded to OneDrive and SharePoint – this is performed in the background using advanced threat indicators to determine which files require scanning. If discovered, malicious files are blocked and can no longer be opened except by an administrator.
Since the first specification draft for Email in 1982 it has been incredibly easy to fake or “Spoof” Emails to make them appear as if they are coming from someone else.
Spoof Intelligence provides a comprehensive suite of reports for Emails coming in to your organisation and allows you to authorise those parties who can legitimately “spoof” your emails (such as Marketing firms, etc).
One of the most common methods of gaining trust that attackers use is to “Spoof” an email pretending to be from someone you know, so it’s important that you have the right controls to identify these and potentially block them.
In addition to utilising Advanced Threat Protection to detect spoofing it is also worth ensuring your Email domain is configured with the standard anti-spoofing technologies such as SPF, DKIM & DMARC.
Spear phishing attacks are a type of phishing attack that are specifically personalised to an individual, they rely on accurately impersonating a user they trust and use sophisticated social engineering practices to trick the user into handing over their credentials or data.
Advanced Threat Protection Anti-phishing provides another layer of protection by attempting to block Emails that are determined to be “phishing” type emails by using machine learning algorithms.
By using advanced understanding of a user’s email habits and personal contacts. Advanced Threat Protection learns how each individual user communicates with other users inside and outside the organization and builds up a map of these relationships. This map allows the system to understand more details about how to ensure the right messages are identified as impersonation.
You can also configure a list of “key” users who will have special attention placed on them by the algorithm, typically these should be HR, Billing or Accounts roles that are often primary phishing targets.
So, how do you deploy Advanced Threat Protection? If you’re already on Office 365 then it’s simple, purchase and assign an add-on licence for each user and then configure all the required policies. As with any cloud solution there is quite a bit of configuration required to enable the policies for all the above features. To ensure the settings and thresholds meet your business requirements we recommend taking advantage of our Advanced Threat Protection configuration and deployment service.