The Three Advanced Threat Protections of Microsoft & How They Keep You Safe

Written by: Jason Meilleur
Published: May 9, 2018



    [rt_reading_time label=”Reading Time:” postfix=”minutes” postfix_singular=”minute”]

    With more than half of businesses today working in some form of a virtual office, an emphasis on Advanced Threat Protection (ATP) is necessary in today’s cyber-security landscape. Because Cyber-Security is becoming one of the most globally-recognized pressures that organizations will face going forward, it’s important companies and employees alike take the proactive measures to ensure they are protected.

    Depending on which software solution you’re using, there’s a direct threat protection software in place to help safeguard your organization against malicious attacks. Below we have highlighted the three Advanced Threat Protection solutions powered by Microsoft and their top benefits, so you can ensure your business is making the right decisions when it comes to cyber-security threats.

    Related Article: The Growing Dangers of Cyber Attacks and the Need for Cloud Security

    1. Microsoft Office 365 Advanced Threat Protection

    Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection. It includes features to safeguard your organization from harmful links in real time.

    Traditional solutions like signature-based anti-virus might catch the known threats but cannot protect against unknown zero-day threats. This is where Advanced Threat Protection comes in to protect email.

    The Top Four Benefits of Office 365 ATP

    1. Safe Attachments: Using Safe Attachments, Office 365 ATP protects against unsafe attachments and provides you with a malware-free, cleaner inbox.
    2. Safe Links: Office 365 ATP blocks users from clicking on unsafe links. If a link they click on is unsafe, the user is either informed that the site’s been blocked, or warned not to visit it. The protection remains every time they click the link, as malicious links are dynamically blocked while good links can be accessed.
    3. Spoof intelligence: Threat intelligence detects when a sender appears to be sending mail on behalf of one or more user accounts within one of your organization’s domains, known as Spoofing. It enables you to review all senders who are spoofing your domain, and then choose to allow the sender to continue or block the sender. Threat intelligence is available in the Security & Compliance Center on the Anti-spam settings page.
    4. Quarantine: Anti-phishing protection checks messages identified by the Office 365 service as spam, bulk mail, phishing mail, containing malware, or because they matched a mail flow rule can be sent to quarantine. By default, Office 365 sends phishing messages and messages containing malware directly to quarantine. Authorized users can review, delete, or manage email messages sent to quarantine.



    2. Microsoft Azure Advanced Threat Protection

    Azure Advanced Threat Protection is a security solution that helps to detect and investigate advanced attacks and insider threats across on-premises, cloud, and hybrid environments, stopping attackers from gaining access to your system. Azure ATP takes information from multiple data-sources, such as logs and events in your network, to learn the behavior of users and other entities in the organization and build a behavioral profile about them.

    What Does Azure ATP Do?

    Azure ATP technology detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including:

    Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.

    Reconnaissance, during which attackers gather information on how the environment is built, what the different assets are, and which entities exist. They are generally building their plan for the next phases of the attack.

    Domain dominance (persistence), during which an attacker captures the information allowing them to resume their campaign using various sets of entry points, credentials, and techniques.

    Related Article: Microsoft Cloud App Security (MCAS)

    The Top Four Benefits of Azure ATP:

    1. Azure ATP helps you to identify and track any malicious activities in your environment, including Pass-the-Ticket, Pass-the-Hash, horizontal or vertical brute force attacks, DNS reconnaissance, unusual protocols, malicious service creation, and others.
    2. Azure ATP protects your organization from both known and unknown attack vectors before they cause damage to your organization.
    3. Azure ATP focuses on several phases of the cyber-attack kill chain, including reconnaissance, lateral movement cycle, and domain dominance, and detects advanced attacks and insider threats before they can cause damage to your organization.
    4. Azure ATP allows you to install decoy accounts that are set up for the sole purpose of identifying and tracking malicious activity – within your network.

    3. Windows Defender Advanced Threat Protection

    Windows Defender ATP integrates directly with Azure ATP to detect and protect against malicious activity, with its prime focus on the protection of end points – the actual devices being used. Because Cyber-attacks always remain a serious threat, Windows Defender ATP proactively detects network attacks and data breaches to gives you the insights and tools to close incidents quickly.

    The Top Five Benefits of Windows Defender ATP:

    1. Windows Defender ATP uses the power of the Microsoft Azure Cloud, behaviour analytics, and machine learning to spot attacks and zero-day exploits.
    2. Equipped with next-generation threat protection and post-breach detection built right into the Windows 10 Operating System, Windows ATP takes away the stress of installing a new agent.
    3. With access to your historical data, it can access up to 6 months of information to search and explore across endpoints.
    4. And with faster and more comprehensive monitoring tools, you can detect any abnormalities and respond to attacks as soon as they happen.
    5. Now you can visually investigate forensic evidence across your endpoints to easily uncover scope of breach, and steer users and devices clear of files and websites with malicious reputations with smart and connected threat protection.

    Microsoft 365 Business

    Microsoft 365 Business is an integrated solution, bringing together the best-in-class productivity of Office 365 with advanced security and device management capabilities to help safeguard your business. If your IT Security Team is not using Microsoft 365 Business, Advanced Threat Protection or just not sure how to use it to its full potential, give us a call and we’ll show you how to use Microsoft 365 Business, Office 365, Azure or Windows Defender Advanced Threat Protection in a smart way to ensure that you are protected against advanced attacks, malware threats and data breaches while taking advantage of the secure productivity suite in Office 365.

    Related Posts