Why you need Microsoft 365 Advanced Threat Protection

By 12th Aug 2020Sep 14th, 2020Security
Microsoft 365 Advanced Threat Protection - Turrito

If you find yourself wondering why you need Microsoft 365 Advanced Threat Protection, ask yourself the following questions. If you answer yes to any of them, then read further down as to why you need ATP.

  • Would you be interested in finding more effective ways to be compliant and secure?
  • Has your company or have other companies in your industry been compromised due to zero-day malware attacks or phishing attacks?
  • Are your top executives routinely getting emails that appear to be internal, requesting information or that they click on a link?
  • Would you like administrators to have visibility into compromised users?
  • Would you like to easily see Office 365 usage that’s out of the norm for your users and
    your organization?
  • Would you like to know what other applications like Office 365 are being used in your organization?

Hackers around the globe launch increasingly sophisticated attacks.Organizations need tools that provide advanced protection.Advanced Threat Protection provides additional protection against advanced threats. 

Main Features of Microsoft 365 Advanced Threat Protection

Protection Against Unknown Malware/Viruses

  • Behavioral analysis with machine learning
  • Admin alerts

Time-of-click protection

  • Real-time protection against malicious URLs
  • Growing URL coverage 

Rich reporting and tracing

  • Built-in URL trace
  • Reports for advanced threats

New Advanced Threat Protection enhancements

  • Dynamic delivery of safe attachments
  • URL detonation
  • ATP enhanced reporting
  • ATP across Office 365

New Exchange Online Protection enhancements

  • Enhanced phishing protection
  • Zero-hour Auto Purge (ZAP)  
  • Safety tips in Outlook on the web
  • Filtering for common malicious attachment types
  • Phish reporting
  • Protection against insider spoofing

Still deciding whether you should add on Microsoft 365 Advanced Threat Protection? We answer your burning questions below:

With Microsoft 365 Advanced Threat Protection, who has access to my data and where is it stored?

Turrito engineers do not have standing access to any customer data. Turrito doesn’t mine your data for advertising purposes. You can request where your data is located and understand which data centre region your data is stored in with our public data maps.

What is Turrito’s SLA (service level agreement) on virus and spam detection?

Turrito’s service level agreement (SLA) on known viruses is 100%, with a spam effectiveness SLA of greater than 90%, a false positive ratio SLA of 1:250,000, and a monthly uptime SLA of 99.9%. Turrito also keeps continuously updated lists of malicious URLs that are checked approximately every 20 minutes.

Will Microsoft 365 Advanced Threat Protection catch 100% of malicious attacks?

No. In fact, no advanced threat protection product can catch 100% of malicious attacks, despite claims to the contrary. The notion of 100% protection is a misperception that is driven by the marketing and sales messages of some vendors in this industry.

Additional Security Features

Safe Attachments

Microsoft 365 Advanced Threat Protection comes with a feature called Safe Attachments. Safe Attachments helps to protect against zero-day exploits in email attachments by blocking messages that could be malicious. Safe Attachments leverages sandboxing technology to identify suspicious activity. Attachments that don’t have a known malware signature are
sandboxed and not released until a behaviour analysis is performed and the attachments are determined to be safe. It is designed to detect malicious attachments even before antivirus signatures are available.

This may cause a delay in receiving emails. The delay time varies depending on the file type with the average time being 2-4 minutes. However, as attackers become more sophisticated, they have built-in delays of several minutes before activation in an effort to trick the sandboxing environment and evade detection. Office 365 ATP safeguards organizations against delayed malware activation by conducting thorough scanning, which may result in a delivery delay of up to 30 minutes for some mail evaluated by Safe Attachments.

Dynamic Delivery, however, a feature of Advanced Threat Protection, eliminates email delays by sending the body of the email with a placeholder attachment, while the actual, suspicious attachment undergoes the Safe Attachments scan. Recipients can then read and respond to the message, having been notified that the original attachment is being analyzed. If the attachment
is cleared, it replaces the placeholder; if not, the admin can filter out the unwanted and potentially malicious attachment.

What will I experience when I receive a message with a blocked attachment?

The blocked attachment will be superimposed with a red warning sign. If you click on the attachment, you will receive a warning advising you that the attachment has been blocked

Safe Links

Safe Links provides real-time, time-of-click protection against phishing and malicious web sites by warning you when you click a link in an email that has been determined to be unsafe. Safe Links adds very little delay to load the target web page. If the link points to a potentially malicious web site, then you will be routed to a warning page and may click through (if click-through is enabled) to continue on to the site,

What will I experience when I receive a message with a potentially malicious link?
  • • The first thing you may notice when clicking the link is the URL being rewritten so that it points to one of our web servers for analysis.
  • If the link points to a malicious web site, then you will be routed to a warning page.
  • If the link points to a potentially malicious file that is being scanned, you will be redirected to an informational page.

For more information on Microsoft 365 Advanced Threat Protection or to add the service to your Microsft 365 package, contact Turrito.

Leave a Reply