Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite 2016 7/20/2018 8:09 AM BRK3023

Published byLouise Bridges Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite 2016 7/20/2018 8:09 AM BRK3023"— Presentation transcript:

1 Microsoft Ignite 2016 7/20/2018 8:09 AM BRK3023 Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam s Jason Rogers & Isabella Lubin Program Managers on O365 © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 E-Mail Threats – By the numbers
7/20/2018 8:09 AM Threats – By the numbers Your users’ productivity and security is more challenged than ever by different types of attacks. 80 Billion Inbound Messages to Office365 in 1 month – only 31% core business mails 55 Billion Spam and Bulk mails that could have crowded users’ mailboxes Malware  600% Volume of malware targeting O365 has increased 600% in the past year © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Multi-layered Protection
Microsoft Ignite 2016 7/20/2018 8:09 AM Live Now Multi-layered Protection Future E5/SA Feature ZAP Block or throttle using sender/URL reputation Content Clustering AV engines/Clustering Global ML Models (Content, Reputation, Comms, User Preferences) Tenant specific ML Models (Content & Comms) Polymorphic Malware Newsletter / Bulk Detection Analyst Rules Sender Auth & Spoof Detection ATP / Detonation / Safe Links Improved clustering, e.g. URLs, … Block coordinated botnet attacks Additional Phish Detection React Quickly Protect Tenant/User Outliers Catch Dangerous Phish/ Malware Block Small Spam Campaigns Block Medium/ Large Spam Campaigns Reject early © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Spam Protection Attackers are sending more spam than ever New Feature:
Microsoft Ignite 2016 7/20/2018 8:09 AM Spam Protection Attackers are sending more spam than ever New Feature: Zero-Hour Auto Purge moves spam identified after delivery from Inbox to junk for hosted users ZAP is enabled by default for all hosted mailboxes but can be disabled by admins. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Types of Phishing E-Mails
7/20/2018 8:09 AM Types of Phishing s Phishing relies on various forms of deception in an attempt to coerce adverse action from a recipient. Scams Brand Spoofing IT Phishing Spear Phishing Widespread Generic Value in aggregate Targeted user / org Customized / personalized High impact / value Content Analysis Client UX Anti-Spoofing ATP R&D Fingerprint clustering Content ML models URL reputation Safety Tips in OWA Safety Tips inserted directly into message authentication methods (SPF, DKIM, DMARC) EOP anti-spoofing protection Safe attachments Safe links Threat intelligence Leveraging communication history for signs of impersonation Implicit authentication © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Antispoofing Protection
Microsoft Ignite 2016 7/20/2018 8:09 AM Antispoofing Protection SMTP protocol allows one domain to send on behalf of another – this is called “Spoofing”: Spoofing is sometimes legitimate but can also be exploited for phishing Office 365 antispoofing protection detects fraudulent spoofing of customer domains even if the domains don’t have proper authentication configured. HELO MAIL FROM: RCPT TO: data From: “Satya Nadela" To: "Office 365 Customers" Subject: Office 365 Security& Compliance ... © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Demo: Anti-Spoof Protection and Safety Tips
Microsoft Ignite 2016 7/20/2018 8:09 AM Demo: Anti-Spoof Protection and Safety Tips © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Safety Tips Microsoft Ignite 2016 7/20/2018 8:09 AM
A red Safety Tip is used to warn about suspicious messages. A yellow Safety Tip indicates the message was marked as spam, but it is not determined to be suspicious or unsafe. A green Safety Tip indicates the message is from a trusted sender and that the message is safe. A gray Safety Tip indicates the message was not filtered for spam because the sender is considered safe by the organization or user. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Evolving Threat Space Malware volumes are on the rise.
Microsoft Ignite 2016 7/20/2018 8:09 AM Evolving Threat Space Malware volumes are on the rise. Most attacks in are Trojans with secondary payload downloaded later. Campaigns are highly morphed and use obfuscation and evasion techniques to avoid detection. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 ATP: built into Office 365 Edge Block AV Scanners Reputation Blocking
Microsoft Ignite 2016 7/20/2018 8:09 AM ATP: built into Office 365 Edge Block AV Scanners Reputation Blocking Heuristic Clustering ATP Safe Attachments Antispam Phish Spoof ATP Safe Links © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Preventing advanced attacks
Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks O365 Edge sender ip: sender: recipient: internal reputation: bad external reputation: bad Internet © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Preventing advanced attacks
Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks Signature AV Scans Reputation Block EXE © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Preventing advanced attacks
Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks Heuristic Clustering ATP Safe Attachments Sandbox memory scan registry obfuscation network evasion C2 server encryption file I/O © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Preventing advanced attacks
Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks Safe Links Server Anti-Spam/Phish/Spoof Filters Safe Links Fingerprinting Content Filters To: Check out this URL. Clustering Analyst Rules URL Reputation Spoof Detection Sender Rep Block Lists Target Server © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Preventing advanced attacks
Microsoft Ignite 2016 7/20/2018 8:09 AM Preventing advanced attacks ZAP Mailbox © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Defense in depth Anti-Malware Pipeline AV Engines Reputation Heuristic
Microsoft Ignite 2016 7/20/2018 8:09 AM Defense in depth Anti-Malware Pipeline AV Engines Reputation Heuristic Clustering ATP © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 The future of false positives/negatives
Microsoft Ignite 2016 7/20/2018 8:09 AM The future of false positives/negatives False Positives False Negatives Empower admins to block or allow specific URLs or files for their organization. Will provide an early signal to O365 that an FP or FN is impacting customers. Organization Allow / Block Release malware caught mail to the recipient or an admin mailbox for further investigation. Easily submit files, urls, or messages to O365 as spam, malware, phish, etc... Get admin feedback on the status of your submissions. Malware Quarantine O365 Submissions © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 ATP vs. 3rd Party Solutions
Microsoft Ignite 2016 7/20/2018 8:09 AM ATP vs. 3rd Party Solutions The EOP/ATP filtering pipeline offers world class malware protection. ATP is built in to EOP. Setup takes less than a minute. ATP will protect more than just . Microsoft is uniquely positioned to respond to the evolving threat space. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 SOLID PROTECTION DEMOS
Dynamic Delivery Receive every immediately. Safe Attachments scanning occurs in the background and attachments become automatically available when we know the attachments are safe. Linked Content Detonation Merging the technologies behind Safe Links and Safe Attachments to provide full sandbox protection for content pointed to by links in s.

20 Expanding Advanced Threat Protection
Microsoft Ignite 2016 7/20/2018 8:09 AM Expanding Advanced Threat Protection Outlook SharePoint Exchange ATP PowerPoint Word Yammer Skype for Business Excel © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 FULL SUITE SOLUTION DEMOS
Safe Attachments in SharePoint Online Extending the protection of Safe Attachments to files stored in SharePoint Online. Safe Links in Office Clients Native integration of Safe Links in Office 2016 clients will provide time of click protection, even inside of documents.

22 Office 365 Information Protection Sessions
CODE SESSION THR2190 Secure your sensitive with Office 365 message encryption THR1003 Take control of your security and compliance with Office 365 THR2007 Fight back with Office 365 Advanced Threat Protection and Threat Intel BRK3018 THR3007 Protect your sensitive information with Office 365 Data Loss Prevention BRK3249 Gain visibility and control with Office 365 Advanced Security Management BRK3016 Take control of your data with intelligent data governance in Office 365 BRK2035 Learn about Office 365 Advanced Threat Protection BRK3021 THR2006 Get an edge over attackers – what you need to know about threats BRK4001 Customize and tune Microsoft Office 365 Data Loss Prevention BRK3015 Reduce costs and challenges with Office 365 eDiscovery and Analytics THR3009 Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam s BRK3017 Monitor and investigate actions taken on your data with Office 365 Auditing and Insights THR3008 BRK3023 BRK3024 Build security and compliance solutions using Office 365 security and compliance APIs

23 Deploy, ramp-up on new services and onboard new users with Microsoft FastTrack:

24 Join the Microsoft Tech Community to collaborate, share, and learn from the experts:

25 Deploy, ramp-up on new services and onboard new users with Microsoft FastTrack:

26 Join the Microsoft Tech Community to collaborate, share, and learn from the experts:

27 Please evaluate this session
7/20/2018 8:09 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 7/20/2018 8:09 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite 2016 7/20/2018 8:09 AM BRK3023"

Similar presentations

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of servers Across dozens of.

Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of servers Across dozens of.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of.

Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
On-premises Exchange Online Protection Office 365 Directory Sync Secure mail flow Existing email environment.

On-premises Exchange Online Protection Office 365 Directory Sync Secure mail flow Existing environment.
Understanding Office MAC: What Windows Admins need to know

Understanding Office MAC: What Windows Admins need to know
Protect your endpoints from malware threats with Windows Defender

Protect your endpoints from malware threats with Windows Defender
Exchange Online Advanced Threat Protection

Exchange Online Advanced Threat Protection
Collaborate outside the firewall with Office 365 Groups

Collaborate outside the firewall with Office 365 Groups
Office Add-ins: Make your solution a native part of Office

Office Add-ins: Make your solution a native part of Office
Understand Office 365 Advanced eDiscovery in the Real-world

Understand Office 365 Advanced eDiscovery in the Real-world
Managing and Deploying Office Add-ins and Office 365 Apps

Managing and Deploying Office Add-ins and Office 365 Apps
Manage Office 365 more effectively: what’s new in Office 365 admin?

Manage Office 365 more effectively: what’s new in Office 365 admin?
Microsoft Ignite 2016 5/16/2018 3:12 PM BRK2119

Microsoft Ignite /16/2018 3:12 PM BRK2119
Data governance in Office 365

Data governance in Office 365
Building Custom Application With Office Add-Ins for OneNote

Building Custom Application With Office Add-Ins for OneNote
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap

Similar presentations

Ads by Google