Embed Size (px)
Citation preview
Update on new Microsoft Cloud Technology
Thomas CollierTechnical Pre-Sales
Advanced Threat Protection
OFFICE 365 PHISH PROTECTION STACK
ATP Safe links Time of clickProtection
ATP ZAP
Sender Authentication Checks
Implicit Intra Org Domain Spoof Detection
AV Engine Scan
URL Reputation ScanATP Heuristic Clustering &
Detonation
Phish Content Analysis Heuristics/Rules
ATP Machine Learning Models
Multi factor Authentication for Office 365
Protect during Mail Flow Protect Post Delivery
Safe links for Office Clients
ATP Link content Detonation
Client Tips for Suspicious Mails
Tenant Block URL for Safe links
Detect & Respond
Monitor for risky user/App activity
Search/Remediate mails in Threat Explorer
ROADMAP OFFICE 365 PHISH PROTECTION STACK
Mail Flow Protection Post DeliveryProtection
ATP Safe link Time of clickProtection
ATP ZAP
Sender Authentication Checks
Implicit Intra Org Domain Spoof Detection
Soon: ATP Implicit External Domain Spoof Detection
Soon: ATP User mailbox Intelligence
Soon: ATP User Impersonation Detection
Soon: ATP Domain Impersonation Detection
AV Engine Scan
URL Reputation Scan
New: ATP Attachment Detonation for phishing
ATP Heuristic Clustering
Phish Content Analysis Heuristics/Rules
ATP Machine Learning Models
Multi factor Authentication for Office 365
New: Safe link for Internal MailNew: ATP block of
attachments with bad URLs
New: Windows 10 based Rep Scan Enhanced: Safe link for
Office Clients
ATP Safe link Time of clickProtection
ATP ZAP
Sender Authentication Checks
Implicit Intra Org Domain Spoof Detection
Soon: ATP Implicit External Domain Spoof Detection
Soon: ATP User Intelligence
Soon: ATP User Impersonation Detection
Soon: ATP Domain Impersonation Detection
AV Engine Scan
URL Reputation Scan
New: ATP Attachment Detonation for phishing
ATP Heuristic Clustering
Phish Content Analysis Heuristics/Rules
ATP Machine Learning Models
Multi factor Authentication for Office 365
New: Safe link for Internal Mail
New: ATP block of attachments with bad URLs
New: Windows 10 based Rep Scan
Enhanced: Safe link for Office Clients
Enhanced: Client Tips for Suspicious Mails
Tenant Block URL for Safe links
New: Explore malicious submissions in Threat Explorer
Monitor for risky user/App activity
Enhanced:Threat Explorer
New: Rich Reports & Insights
Detect & Respond
Sandboxing
Multiple AV engines
1st and 3rd
party
reputation• anonymous links
• companywide sharing
• explicit sharing
• guest user activity
• file activity In Teams
Collaboration signals
• malware in email + SPO
• Windows Defender
• Windows Defender ATP
• suspicious logins
• risky IP addresses
Threat feeds
• users
• IPs
• On-demand patterns (e.g. WannaCry, Petra)
Activity watch lists
Leve
rag
e
sig
nals
Files in
SharePoint Online,
OneDrive for Business,
Microsoft Teams
Ap
ply
heu
rist
ics
Improves your security against zero-day attacks by directly integrating into OneDrive for Business, SharePoint Online, and Teams
Safeguard your environment by blocking malicious content identified by ATP
Protect your users from malicious links within shared documents in OneDrive for Business, SharePoint Online, and Teams
ATTACK LURES/PAYLOADS
Domain Spoof
Text Lures
Credential Phishing Links
Phishing Attachments
Domain Impersonation
User Impersonation
Link to fake SaaS Apps
Scams Brand Phising IT+SaaS Phising Spear Fishing
PROTECT MAIL FLOW
Edge block
• Block before allowing in
Authentication
• Standards SPF, DMARC, DKIM
• DKIM default signing
Implicit intra-Org DMARC
• Messages from one of your domains to one of your domains
• Acts like DMARC, based on Intelligence
AV Engines
• Multiple engines scan mail for known malicious content
Detonation Chambers• Safe Attachment detonation• Link Content detonation in Safe links• Heuristic clustering
Reputation data• File hash and URLs from detonation• URL feeds from 1st and 3rd parties
Safe
AttachmentsLinked Content
Detonation
Reputation
Blocking
Heuristic
Clustering
URL Reputations
1st and 3rd party
PROTECT POST DELIVERY
Safe links provides Time of click protection• Client Agnostic • Location agnostic
Integrated directly into Office clientsZero hour Auto purge (ZAP)
Safe
Links
Safe Links for
Office ClientsZero-Hour
Auto-purge
REPORT FISH ATTEMPTS
• Manage your users’ report on their phish
experience with a plugin
• Integrate with Cloud App Security for IP
Blocking
URL SAFE LINKS EXAMPLE
INTELLIGENT CLIENT TIPS
BLOCK LIST
NEW: ATTACK SIMULATOR
NEW FUNCTIONALITY (ROADMAP)
• Integration with Windows 10 Edge SmartScreen• Mail flow and Safe links
• Enhanced ATP Detonation• Phish in attachments• URLs in attachments
• Safe link support for internal messages• Implicit DMARC for external domains• Domain impersonation
• Your domains and your partners• Ćóntoso.com = Contoso.com• Contoso Account <contoso.com> [email protected] = contoso.com
• User impersonation• List of names to protect
• User level intelligence• Intelligence built around who you communicate with• Understanding relationship strengths• Detection of new contacts/impersonation of existing contact
