Microsoft Ignite 2016 7/20/2018 8:09 AM BRK3023 Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam emails Jason Rogers & Isabella Lubin Program Managers on O365 © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
E-Mail Threats – By the numbers 7/20/2018 8:09 AM E-Mail Threats – By the numbers Your users’ productivity and security is more challenged than ever by different types of attacks. 80 Billion Inbound Messages to Office365 in 1 month – only 31% core business mails 55 Billion Spam and Bulk mails that could have crowded users’ mailboxes Malware 600% Volume of malware targeting O365 has increased 600% in the past year © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Multi-layered Protection Microsoft Ignite 2016 7/20/2018 8:09 AM Live Now Multi-layered Protection Future E5/SA Feature ZAP Block or throttle using sender/URL reputation Content Clustering AV engines/Clustering Global ML Models (Content, Reputation, Comms, User Preferences) Tenant specific ML Models (Content & Comms) Polymorphic Malware Newsletter / Bulk Detection Analyst Rules Sender Auth & Spoof Detection ATP / Detonation / Safe Links Improved clustering, e.g. URLs, … Block coordinated botnet attacks Additional Phish Detection React Quickly Protect Tenant/User Outliers Catch Dangerous Phish/ Malware Block Small Spam Campaigns Block Medium/ Large Spam Campaigns Reject early © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Spam Protection Attackers are sending more spam than ever New Feature: Microsoft Ignite 2016 7/20/2018 8:09 AM Spam Protection Attackers are sending more spam than ever New Feature: Zero-Hour Auto Purge moves spam identified after delivery from Inbox to junk for hosted users ZAP is enabled by default for all hosted mailboxes but can be disabled by admins. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Types of Phishing E-Mails 7/20/2018 8:09 AM Types of Phishing E-Mails Phishing relies on various forms of deception in an attempt to coerce adverse action from a recipient. Scams Brand Spoofing IT Phishing Spear Phishing Widespread Generic Value in aggregate Targeted user / org Customized / personalized High impact / value Content Analysis Client UX Anti-Spoofing ATP R&D Fingerprint clustering Content ML models URL reputation Safety Tips in OWA Safety Tips inserted directly into message Email authentication methods (SPF, DKIM, DMARC) EOP anti-spoofing protection Safe attachments Safe links Threat intelligence Leveraging communication history for signs of impersonation Implicit authentication © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Antispoofing Protection Microsoft Ignite 2016 7/20/2018 8:09 AM Antispoofing Protection SMTP protocol allows one domain to send on behalf of another – this is called “Spoofing”: Spoofing is sometimes legitimate but can also be exploited for phishing Office 365 antispoofing protection detects fraudulent spoofing of customer domains even if the domains don’t have proper authentication configured. HELO MAIL FROM: mailer@o365marketing.com RCPT TO: customers@o365marketing.com data From: “Satya Nadela" <satyan@microsoft.com> To: "Office 365 Customers" Subject: Office 365 Security& Compliance ... © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Demo: Anti-Spoof Protection and Safety Tips Microsoft Ignite 2016 7/20/2018 8:09 AM Demo: Anti-Spoof Protection and Safety Tips © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Safety Tips Microsoft Ignite 2016 7/20/2018 8:09 AM A red Safety Tip is used to warn about suspicious messages. A yellow Safety Tip indicates the message was marked as spam, but it is not determined to be suspicious or unsafe. A green Safety Tip indicates the message is from a trusted sender and that the message is safe. A gray Safety Tip indicates the message was not filtered for spam because the sender is considered safe by the organization or user. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Evolving Threat Space Malware volumes are on the rise. Microsoft Ignite 2016 7/20/2018 8:09 AM Evolving Threat Space Malware volumes are on the rise. Most attacks in email are Trojans with secondary payload downloaded later. Campaigns are highly morphed and use obfuscation and evasion techniques to avoid detection. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ATP: built into Office 365 Edge Block AV Scanners Reputation Blocking Microsoft Ignite 2016 7/20/2018 8:09 AM ATP: built into Office 365 Edge Block AV Scanners Reputation Blocking Heuristic Clustering ATP Safe Attachments Antispam Phish Spoof ATP Safe Links © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Preventing advanced attacks Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks O365 Edge sender ip: 10.2.1.1 sender: badguy@malicious.com recipient: goodguy@contoso.com internal reputation: bad external reputation: bad Internet © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Preventing advanced attacks Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks Signature AV Scans Reputation Block 10010101100010101011110101010110101 11010101010101010101101010101010101 00101011011010010101011010101101011 1001101010111011010101010100101010 01010101010101100110001101010101010 10010101110101010011111010101001101 EXE © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Preventing advanced attacks Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks Heuristic Clustering ATP Safe Attachments Sandbox memory scan registry obfuscation network evasion C2 server encryption file I/O © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Preventing advanced attacks Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks Safe Links Server Anti-Spam/Phish/Spoof Filters Safe Links Fingerprinting Content Filters To: gopi@contoso.com Check out this URL. Clustering Analyst Rules URL Reputation Spoof Detection Sender Rep Block Lists Target Server © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Preventing advanced attacks Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks ZAP Mailbox © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Defense in depth Anti-Malware Pipeline AV Engines Reputation Heuristic Microsoft Ignite 2016 7/20/2018 8:09 AM Defense in depth Anti-Malware Pipeline AV Engines Reputation Heuristic Clustering ATP © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
The future of false positives/negatives Microsoft Ignite 2016 7/20/2018 8:09 AM The future of false positives/negatives False Positives False Negatives Empower admins to block or allow specific URLs or files for their organization. Will provide an early signal to O365 that an FP or FN is impacting customers. Organization Allow / Block Release malware caught mail to the recipient or an admin mailbox for further investigation. Easily submit files, urls, or messages to O365 as spam, malware, phish, etc... Get admin feedback on the status of your submissions. Malware Quarantine O365 Submissions © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ATP vs. 3rd Party Solutions Microsoft Ignite 2016 7/20/2018 8:09 AM ATP vs. 3rd Party Solutions The EOP/ATP filtering pipeline offers world class malware protection. ATP is built in to EOP. Setup takes less than a minute. ATP will protect more than just email. Microsoft is uniquely positioned to respond to the evolving threat space. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
SOLID PROTECTION DEMOS Dynamic Email Delivery Receive every email immediately. Safe Attachments scanning occurs in the background and email attachments become automatically available when we know the attachments are safe. Linked Content Detonation Merging the technologies behind Safe Links and Safe Attachments to provide full sandbox protection for content pointed to by links in emails.
Expanding Advanced Threat Protection Microsoft Ignite 2016 7/20/2018 8:09 AM Expanding Advanced Threat Protection Outlook SharePoint Exchange ATP PowerPoint Word Yammer Skype for Business Excel © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
FULL SUITE SOLUTION DEMOS Safe Attachments in SharePoint Online Extending the protection of Safe Attachments to files stored in SharePoint Online. Safe Links in Office Clients Native integration of Safe Links in Office 2016 clients will provide time of click protection, even inside of documents.
Office 365 Information Protection Sessions CODE SESSION THR2190 Secure your sensitive email with Office 365 message encryption THR1003 Take control of your security and compliance with Office 365 THR2007 Fight back with Office 365 Advanced Threat Protection and Threat Intel BRK3018 THR3007 Protect your sensitive information with Office 365 Data Loss Prevention BRK3249 Gain visibility and control with Office 365 Advanced Security Management BRK3016 Take control of your data with intelligent data governance in Office 365 BRK2035 Learn about Office 365 Advanced Threat Protection BRK3021 THR2006 Get an edge over attackers – what you need to know about email threats BRK4001 Customize and tune Microsoft Office 365 Data Loss Prevention BRK3015 Reduce costs and challenges with Office 365 eDiscovery and Analytics THR3009 Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam emails BRK3017 Monitor and investigate actions taken on your data with Office 365 Auditing and Insights THR3008 BRK3023 BRK3024 Build security and compliance solutions using Office 365 security and compliance APIs
Deploy, ramp-up on new services and onboard new users with Microsoft FastTrack: http://fasttrack.microsoft.com/
Join the Microsoft Tech Community to collaborate, share, and learn from the experts: http://techcommunity.microsoft.com
Deploy, ramp-up on new services and onboard new users with Microsoft FastTrack: http://fasttrack.microsoft.com/
Join the Microsoft Tech Community to collaborate, share, and learn from the experts: http://techcommunity.microsoft.com
Please evaluate this session 7/20/2018 8:09 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
7/20/2018 8:09 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.