Microsoft ATP - What is it? And why do I need it?

Today we are going to take a look at the Microsoft 365 Advanced Threat Protection package, and why we're encouraging all 365 users to get it.

In short, the internet can be a dangerous place.  Cyber attacks are incredibly lucrative, and these attacks are getting more sophisticated each day.  In the US, 2019 saw losses of over $1.7 billion USD from Business Email Compromise (BEC) attacks alone.  This is only one of many attack types.

Among our own clients we have seen a significant increase in phishing attacks.  You may be familiar with the saying; "Never let a good catastrophe go to waste".  If you're not, cybercriminals certainly are.  We're seeing many COVID-19 related phishing attacks and would like to remind all our readers to be diligent in keeping an eye out for those.  With many of us working from home, it's not as simple to get a colleague's feedback on if something seems suspicious or not.  As always, any Sentrian client is welcome to forward any suspicious email over to us and we will inspect it for you.

As we have said many times before, MFA is no longer optional, it's a must.  However, there are many attack types that cybercriminals will use, and with the increase in use of MFA those other attacks are becoming more sophisticated and more common.  Impersonation attacks have been around for some time, but we have seen a clear increase in these over the last few months.  Attackers will often purchase a domain which looks incredibly similar to a known, legitimate domain, so a quick glance will certainly give the appearance that the email has come from the claimed source.

  • funnydomain.com
  • fumydomain.com
  •  

The example above is a common one whereby they will replace a double n with a single m, but there are many.

This is one of the main reasons we have been adding Microsoft ATP to several of our client's 365 tenancies.  By using powerful machine learning, ATP knows what to look for with your email, and can detect these impersonation attempts.

Another great feature is the "Safe Attachment" facility.  This sees ATP analyse every incoming attachment before it gets to your end user.  It will take that attachment and access it in a "detonation chamber" keeping it separate from your own.  ATP will then look for suspicious behavior in real time, and then deal with the attachment accordingly.

To get around this facility, attackers will often simply provide a web link for a user to click on.  When the user does click on this, it takes them to a site that has malicious code built in.  ATP will inspect these links and if they are suspected to be unsafe, the user is presented with a warning page notifying them of the threat.

When ATP does detect nefarious emails, it won't simply just delete them and risk losing something that was actually legitimate, but rather it will move it off to quarantine and notify you that it has done so.  Then Sentrian on your behalf, or someone in your own business who is authorised to do so, can further inspect this mail and release it to its intended recipient should they deem it safe to do so.

While I have chosen to focus on the email portion of ATP, the fact is it offers a great deal of protection for the Sharepoint and OneDrive services too.  This ensures that malicious files or attacks that try to take advantage of these services are also minimised.

In short, MFA and ATP combined will give you and your staff the best chance of avoiding these attacks.  And with ATP boasting a huge 99.9% catch rate of all malware it seems like a simple decision to add this to your defenses.  Of course, you need to consider the costs vs the risk.  At the time of writing this, plans start from as little as $2.70 per user per month, and this plan will suit 90% of people.  You can see some more details on the plan comparison here, or quite a detailed explanation of the ATP features here.

As always, please speak to your Client Services Manager if you want to know more.

Latest Articles

Sentrian is an ISO27001 certified organisation

As a Managed Services Provider, Sentrian must maintain high levels of security internally to protect our customers and their data. In addition to the many controls that we have implemented, Sentrian are also ISO 27001 Information Security certified to give our customers the certainty that they require to know that our organisation follows international best practice.

What to Look for in an IT Service Provider for Healthcare Organisations

The healthcare industry in Australia relies heavily on technology to deliver efficient patient care while maintaining the security of sensitive data. Whether you're running a small clinic or a larger healthcare facility, finding the right IT partner is vital...

Enhancing Cybersecurity with Desktop as a Service: A Guide for Business Owners

Azure Virtual Desktop, Microsoft's flagship hosted Windows 10 platform, provides a huge number of benefits including low cost, high performance, flexibility and security.

Subscribe to our Newsletter.