Update on new Microsoft Cloud Technology

Size: px

Start display at page:

Download "Update on new Microsoft Cloud Technology"

Antonia Elliott
5 years ago
Views:

1 Update on new Microsoft Cloud Technology

2 Advanced Threat Protection Thomas Collier Technical Pre-Sales

4 OFFICE 365 PHISH PROTECTION STACK Protect during Mail Flow Protect Post Delivery Detect & Respond Sender Authentication Checks AV Engine Scan ATP Machine Learning Models ATP Safe links Time of click Protection Client Tips for Suspicious Mails Implicit Intra Org Domain Spoof Detection URL Reputation Scan Phish Content Analysis Heuristics/Rules ATP Heuristic Clustering & Detonation ATP Link content Detonation ATP ZAP Safe links for Office Clients Multi factor Authentication for Office 365 Tenant Block URL for Safe links Monitor for risky user/app activity Search/Remediate mails in Threat Explorer

5 ROADMAP OFFICE 365 PHISH PROTECTION STACK Mail Flow Protection Post Delivery Protection Detect & Respond Sender Authentication Checks Implicit Intra Org Domain Implicit Spoof Intra Detection Org Domain Spoof Detection Soon: ATP Implicit External Soon: Domain ATP Spoof Implicit Detection External Domain Spoof Detection Soon: Soon: ATP ATP User User Intelligence mailbox Intelligence Soon: ATP User Soon: ATP User Impersonation Detection Impersonation Detection Soon: ATP Domain Impersonation Soon: ATP Domain Detection Impersonation Detection AV Engine Scan URL Reputation Scan URL Reputation Scan Phish Content Analysis Phish Heuristics/Rules Content Analysis Heuristics/Rules New: Windows 10 based New: Windows Rep Scan 10 based Rep Scan ATP Machine Learning Models ATP Heuristic Clustering New: ATP block of attachments with bad URLs New: ATP Attachment Detonation for phishing ATP Safe link Time of click Protection ATP ZAP New: Safe link for Internal Mail Multi factor Authentication for Office 365 Enhanced: Safe link for Office Clients Enhanced: Client Tips for Suspicious Mails Tenant Block URL for Safe links Monitor for risky user/app activity Enhanced:Threat Explorer New: Rich Reports & Insights New: Explore malicious submissions in Threat Explorer

6 Apply heuristics Leverage signals Collaboration signals anonymous links companywide sharing explicit sharing guest user activity file activity In Teams Threat feeds malware in + SPO Windows Defender Windows Defender ATP suspicious logins risky IP addresses Files in SharePoint Online, OneDrive for Business, Microsoft Teams 1 st and 3 rd party reputation Multiple AV engines Sandboxing Improves your security against zero-day attacks by directly integrating into OneDrive for Business, SharePoint Online, and Teams Protect your users from malicious links within shared documents in OneDrive for Business, SharePoint Online, and Teams Safeguard your environment by blocking malicious content identified by ATP Activity watch lists users IPs On-demand patterns (e.g. WannaCry, Petra)

7 ATTACK LURES/PAYLOADS Scams Brand Phising IT+SaaS Phising Spear Fishing Text Lures Domain Spoof Phishing Attachments Credential Phishing Links User Impersonation Domain Impersonation Link to fake SaaS Apps

8 PROTECT MAIL FLOW Edge block Authentication Implicit intra-org DMARC AV Engines Block before allowing in Standards SPF, DMARC, DKIM DKIM default signing Messages from one of your domains to one of your domains Acts like DMARC, based on Intelligence Multiple engines scan mail for known malicious content

9 Detonation Chambers Safe Attachment detonation Link Content detonation in Safe links Heuristic clustering Reputation data File hash and URLs from detonation URL feeds from 1 st and 3 rd parties Linked Content Detonation Heuristic Clustering Safe Attachments URL Reputations 1 st and 3 rd party Reputation Blocking

directly into Office clients Zero hour Auto purge (ZAP)

10 PROTECT POST DELIVERY Safe links provides Time of click protection Client Agnostic Location agnostic Integrated directly into Office clients Zero hour Auto purge (ZAP) Zero-Hour Auto-purge Safe Links for Office Clients Safe Links

11 Manage your users report on their phish experience with a plugin Integrate with Cloud App Security for IP Blocking REPORT FISH ATTEMPTS

12 URL SAFE LINKS EXAMPLE

13 INTELLIGENT CLIENT TIPS

14 BLOCK LIST

15 NEW: ATTACK SIMULATOR

16 Integration with Windows 10 Edge SmartScreen Mail flow and Safe links Enhanced ATP Detonation Phish in attachments URLs in attachments Safe link support for internal messages Implicit DMARC for external domains Domain impersonation Your domains and your partners Ćóntoso.com = Contoso.com Contoso Account <contoso.com> user@fabrikam.com = contoso.com User impersonation List of names to protect User level intelligence Intelligence built around who you communicate with Understanding relationship strengths Detection of new contacts/impersonation of existing contact NEW FUNCTIONALITY (ROADMAP)

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office