Yesterday Microsoft announced the the release of Threat Intelligence and Advanced Data Governance, plus significant updates to Advanced Threat Protection.
There seem to be many enhancements for customers with Office 365 E5 licenses. Including:
Threat Intelligence:
- Interactive tools to analyze prevalence and severity of threats in near real-time.
- Real-time and customisable threat alert notifications.
- Remediation capabilities for suspicious content.
- Expansion of Management API to include threat details—enabling integration with SIEM solutions.
Advanced Data Governance:
- Proactive policy recommendations and automatic data classifications.
- System default alerts to identify data governance risks.
- The ability to apply compliance controls to on-premises data by filtering and migrating that data to Office 365.
However, I think the most exciting upgrade is that of extending ATP Safe Links to Office 365 ProPlus desktop clients.
Microsoft made the statement:
“Later this month, we will enable ATP for Office 365 ProPlus desktop clients, a unique demonstration of the power of collaboration across the Microsoft ecosystem. As cyber criminals broaden the scope of attacks beyond email workloads, it’s necessary to extend security capabilities beyond email. The Safe Links feature in ATP protects customers from malicious links in email.
Safe Links is integrated across Outlook desktop, web and mobile to help protect a user’s inbox across devices. When a user clicks a link in an Office 365 client application (Word, Excel or PowerPoint), ATP will inspect the link to see if it is malicious. If the link is malicious, the user will be redirected to a warning page instead of the original target URL, protecting the user from compromise. This new capability will further integrate and expand security across Office 365. Our intent has always been to provide our customers with an end-to-end, unified and secure experience across all of Office 365, and this extended capability of Safe Links is an example of our continued step toward this goal.”
International Business Times and VentureBeat have both published the story with a focus that Microsoft will start blocking malicious links in Word, Excel, and PowerPoint programs, showing the significance of this capability in the marketplace.
In a world where cyber criminals target victims and make personal relationships with employees in order to establish trust; this looks to be a game changer in the security world for small to medium sized businesses. With small businesses having less than 100 employees their priorities may not be focused on security training. Cyber attackers can profit on this naivety and may use social engineering to send an employees a document (such as a CV) with an embedded malicious link.
This article by Sophos sums up the document-based threat nicely, the current prevention methods are to keep your software patched and disable editing/macro capabilities in your Office products; however we can see this will hardly be a prevention for such attacks in the future. We must develop our email scanning tools.
To quote Microsoft’s earlier statement “As cyber criminals broaden the scope of attacks beyond email workloads, it’s necessary to extend security capabilities beyond email,” – in the current climate it rings all to true.
Zoe Mackenzie 