Microsoft Adds New Features to Office 365 Advanced Threat Protection
Microsoft announced that a couple of new features have been added to its Office 365 Advanced Threat Protection e-mail security service.
One new feature, called "URL Detonation," is at the "general availability" stage as of this week, meaning that it is deemed ready by Microsoft for use in production environments. The URL Detonation service scans links in e-mails and checks for potential "malicious behavior" associated with those links. The URL scanning starts when a user receives an e-mail. If the service is still scanning a link when the user clicks on it, then there will be a message to the user stating that "This link is being scanned." Users will see a warning message if the scan flags the link as malicious.
The other new feature, "Dynamic Delivery," is at the preview stage for testing. It delivers e-mail to users so that they can read the contents, but the attachments are removed for scanning. The user just sees placeholders for the attachments until the actual files get scanned. Users who click on these placeholders will get a message showing the scan's progress. If a scan completes without finding malware in the attachments, then the documents then will get reattached to the e-mail, permitting user access. Malicious attachments will get excluded.
IT pros can turn on both of these security features using the Office 365 management portal settings. URL Detonation gets turned by checking a box labeled, "Use Safe Attachments to scan downloadable content." The Dynamic Delivery preview is an option that can be found in the "Safe Attachments admin control window," Microsoft's announcement explained.
E-Mail Security Options
Office 365 Advanced Threat Protection is an optional service for Office 365 Exchange Online users, priced at $2 per user per month and offered through various Office 365 subscription plans, as listed here. The top-of-the-line Office 365 E5 subscription plan, which is available as a free trial, actually includes the Office 365 Advanced Threat Protection Service at no additional cost. The features included in the Office 365 Advanced Threat Protection service include a Safe Attachments service that checks e-mail attachments before delivering them to users, a Safe Links service that scans e-mail links in "real time," and a tracing capability for investigating blocked e-mails.
Microsoft sees Office 365 Advanced Threat Protection as complementary to Exchange Online Protection, which is an e-mail filtering service that screens for malware and spam messages. Exchange Online Protection is also an optional service, priced at $1 per user per month.
The two options -- Office 365 Advanced Threat Protection and Exchange Online Protection -- have some similar sounding security features, but there are nuances. Exchange Online Protection will scan URLs in e-mails using a reputation-checking service, whereas the Safe Links scanning feature of Office 365 Advanced Threat Protection "expands on this by protecting your environment when users click a link." In other words, the Safe Links feature appears to be the protective sandbox mechanism of the security scheme, with notifications for end users.
Network and Client Security Options
Microsoft has other security products with similar sounding names. There's a more general threat-detection software product that gets deployed in an organization's infrastructure called "Microsoft Advanced Threat Analytics." It checks for behavioral abnormalities, weak protocols and broken trust issues, along with pass-the-hash and pass-the-ticket vulnerabilities, in a network.
There's also a Windows Defender Advanced Threat Protection service, a post-breach analysis service that works with some Windows 10 clients (except for the Home edition). It's not the same thing as Windows Defender, which is free antimalware solution that comes with Windows 10.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.