Oh &*^% I Clicked That Link!


Securing your environment in a cloud-first world is a challenge. We’ve beaten the drum of “assume breach”, we’ve hammered the protect/detect/respond nail to death, but threat actors continue to wreak havoc. With GDPR looming, security and policy are going to have to be even more tightly integrated.

Striking the right balance of education, policy, and security tools can make all the difference, but how do you prioritize one over the other?

A recent security blog post listed grammar as the single most effective tool against phishing and malware. Paying for all of your employees to get a Masters of English is probably not in your IT budget, though, and users need to be productive in their actual roles.

Fortunately, Office 365 offers Advanced Threat Protection is designed to keep the bad guys from ever reaching your users in the first place, with attachment scanning and URL filtering at a IT-budget friendly cost. And unlike a Masters graduate, Office 365 Advanced Threat Protection won’t quit to write the next great American novel.

Microsoft recently revealed a 600% uptick in phishing and malware attacks against Office 365 customers. Recently as in: Q3 2017 alone. That’s a gigantic surge, and we’re seeing more activity than ever with customers asking for help untangling what went wrong, when, and how to recover.

It has become such a big deal, in fact, that we’re baking the cost of O365 Advanced Threat Protection into every migration now. At $2/user/month, it’s awfully cheap insurance with a tremendous set of capabilities.

We have attachment scanning, leveraging the power of the Microsoft Graph, to detect known attack vectors and strip malicious content. Attachments that are unknown to the MS Graph are detonated in a sandboxed environment and analyzed for malicious code before being delivered (or rejected). We have URL wrapping for known malicious links, with options to bypass for legitimate business apps that appear less than savory to scanning engines. We can also impose specific restrictions to prevent the user getting to the link at all, or to allow it and notify an admin.

Those protections now go beyond the point of the initial click, though. Microsoft has added outbound proxying of links embedded in Office files to ensure malicious code doesn’t sneak in through embedded links, and just this week they announced on-going scanning of files already in your Office 365 tenancy, whether they’re in SharePoint Online, Skype for Business, or Teams.

Office 365 Advanced Threat Protection is a great tool in the battle for your IP, but even if you’re not pursuing that path, we strongly urge Office 365 customers to enable multi-factor authentication for global administrators (this is free for all license levels), use the Office 365 Secure Score functionality to find low-hanging fruit in your organization, block auto-forwarding rules, and flag all incoming mail to make it obvious as originating from outside your organization.

The goal should not be to make your users part-time IT detectives. The goal should be to enable their productivity while protecting them in an ever-changing threat landscape. Join me for my upcoming January webinar to explore Office 365 Advanced Threat Protection and how it can help secure your organization, even if the bad guys are already in.