In today’s open digital infrastructure, businesses, governments and individuals are all connected together by the Internet. This provides great benefits, but unfortunately, also means that cyber threats loom over the global digital landscape. Some of the most common threats today include:
- Advanced Persistent Threats (APTs): The goal of an APT is to infiltrate a sensitive system, remain undetected for as long as possible, and leave little trace of its success. APTs have become a favorite approach of those conducting cyber-espionage.
- Distributed Denial of Service (DDoS): These attacks allow hackers to disable or slow down victim sites rather than stealing information from them. Although a DDoS is less technically challenging than others, its effectiveness should not be underestimated.
- Cross-Platform Malware (CPM): Malware is no longer exclusive to the Windows operating system. The economic incentive to build cross-platform malware for cybercriminals has risen with the growing number of systems using different operating systems, such as iOS.
- Metamorphic and Polymorphic Malware: This malware keeps changing its code so each succeeding version is different from the previous one. These pose the single biggest threats to organizations across the world because they evade detection via conventional anti-malware programs.
- Phishing: This vector generally operates via email and involves trying to gain sensitive information from victims through trickery. People generally expect to be contacted by those they recognize, so they are unlikely to filter out well-designed forgeries, which will steal any data they provide.
Many other types of attacks have happened and many more are likely to occur in the future. And one reason why these threats are possible is outdated or unpatched applications and systems, as well as unauthorized apps.
When choosing a cloud service for storing your data, you need to have the best security tools available to protect against these threats. Microsoft Windows Azure and Office 365 are the best places for your content, especially with the Threat Management capabilities built into the native service.
Microsoft Threat Management Tools
Microsoft’s threat management tools include protection from both malicious software and attacks against systems and networks.
Microsoft products and services, like Microsoft Azure, Office 365, Enterprise Mobility + Security, and Windows 10, have built-in protection features. These security technologies apply best-in-class machine and human analysis to detect advanced threats (known exploits, zero days, suspicious actors) when a user is under attack, detect compromised systems (malware and persistent implants, other indicators of compromise, new threats) and to respond when a user is vulnerable.
Threat Management Access
You have direct access to the tools to manage Threat Management within the Security & Compliance Center. To access it, go to the Office 365 Administration Center, click on Admin centers and select the Security & Compliance link.
Threat Management Features
Once launched, expand the Threat management menu to see all available options. Some features may be available to you while others may not. Here is the core set of services:
Device management
Opens the Mobile Device Management (MDM) for Office 365 page, where you can set up policies and rules to help you secure and manage your users’ iPhones, iPads, Android devices and Windows phones. With MDM for Office 365, users enroll their devices and you create device security policies to help secure data and manage the devices. For example, you can remotely wipe a device and view detailed device reports.
Device security policies
Helps you protect your organization’s information in Office 365 from unauthorized access. You can apply policies to any mobile device in your organization where the user of the device has an applicable Office 365 license and has enrolled the device in Mobile Device Management (MDM) for Office 365.
Data loss prevention
Lets you create policies that help you identify, monitor, and automatically protect sensitive information across Office 365.
Mail filtering
Allows you to fine-tune and monitor settings that help prevent spam in Office 365. You can create allow and block lists, determine who is spoofing your domain and why, and configure and view spam filter policies.
Anti-malware
Protects against viruses and spyware traveling to or from your organization in Office 365.
DKIM
Intended for more advanced Office 365 administrators, but available to all Office 365 customers, Domain Keys Identified Mail (DKIM) helps ensure that other email systems trust messages that you send from Office 365. DKIM adds a unique digital signature to email messages that you send from your organization. Email systems that receive email from you can use this digital signature to help determine if the email is legitimate.
The details of how this works may seem complicated, but the default in Office 365 should work for most organizations. If you do not set up DKIM yourself, Office 365 uses its default policy and keys that it creates to enable DKIM for your domain. If you disable DKIM signing, after a period of time Office 365 automatically enables the Office 365 default policy for your domain.
You can view this page in the Security & Compliance Center to see if DKIM signatures are currently enabled for your domain, and view the last time the encryption keys used by Office 365 were rotated. You can also manually rotate the keys.
Safe Attachments
This is part of Advanced Threat Protection. When enabled, email attachments are opened in a special, isolated environment separate from Office 365 before they are sent to recipient inboxes. The Safe Attachments feature is designed to help detect malicious attachments even before anti-virus signatures for them are available.
Safe Links
This feature is also part of Advanced Threat Protection. It helps prevent users from following links in email or Office documents that point to web sites that are recognized as malicious.
Threat Management Dashboard
A new dashboard is available that displays the following information:
- Weekly threat detections for your tenant
- Malware families detected
- Malware trends
- Catch rate
- Security trends
- Alert policies you have created
- The origin of messages containing malware
- Top targeted users within your organization
- Global weekly threat detections
All of this gives you an effective way to get an overall view of how your organization is handling malware and other global threats.
Threat Management Explorer
Microsoft has also provided a Threat Explorer that allows you to drill deeper into any issues that your tenant may have faced. The explorer allows you to look specifically at malware or email by selecting the option from the dropdown in the explorer page.
Once you have selected an option, you can then select the Sender options, from basic to advanced, allowing you to filter the results and inspect all analytics data.
Comma-separated email addresses can be added to the search. Once you have selected your criteria you can run the report. You can choose to export the results as chart data, as an email list, or even connect to Windows Defender ATP.
This adds an extra layer to your overall organizational security and threat management. To learn more about this option, click here.
Other Threat Management Features
Other services are available as part of Threat management to allow you to control mail flow, attachments, links, and application permissions, and also quarantine if needed. Because the main entry point for most threats is email, this should always be configured. For example, the anti-spam settings are enabled by default, but should be modified to fit your organization’s needs.
Custom settings can be added or updated. Once the Threat Dashboard and Threat Explorer are displaying data, you are able to create secure policies that limit your exposure to attack and help protect your organization from threats.
Do you use any Threat Management Tools? What features do you value most for keeping your ecosystem secure?
The post What Is Office 365 Threat Management? (And Why You Should Use It) appeared first on SherWeb.