Posted On 23 Jul 2019
Given its world-leading status, it’s unsurprising that Microsoft Office 365 is the prime target for hackers and phishers. Microsoft has made incredible efforts to defend against as many attackers as possible. Office 365 uses Exchange Online Protection (EOP) as its default security, but users can pay extra for Advanced Threat Protection (ATP).
In order for their software to work effectively, it is essential that Microsoft has the lowest possible level of false positives, i.e. it has to try and get as many legitimate messages through to its users without blocking them. This priority means that the company has to accept a certain level of false negatives, i.e. missing attacks. Having such wide coverage and needing to provide the best possible offering to the largest number of customers, Microsoft is not in the best position to offer customized defenses against cyber-attack. This means it is important for users to be aware of the pros and cons of using ATP.
– The Safe Links feature in ATP, when active, rewrites all URLs that are clicked on by users and reroutes them through a protected area, checking they are not blacklisted, before allowing the user through to the end website.
– The Safe Attachments feature in ATP isolates malware and dismantles it to test its behaviors, so all users can benefit from the lessons learned.
– ATP benefits from seamless integration into Office 365; a simple click turns it on and there is none of the extended deployment and testing time involved in deploying third-party solutions.
– For very little outlay, all hackers can create their own Office 365 accounts and develop workarounds for its security features.
– ATP has only been running for four years, and it has reached nowhere near the level of sophistication some other companies have developed by working over a much longer time span.
– ATP does not have the best reporting mechanisms, obtaining detailed reports often being time-consuming or impossible. This limits the user’s ability to forensically investigate problems and add new protections.
Because Office 365 ATP is so widely used, it will inevitably have weaknesses, as detailed above. It is important for administrators to recognize those weaknesses so that, while taking advantage of its strengths, they can add extra security as necessary for additional protection.