Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real World Advanced Threat Protection

Published byVictoria Bates Modified over 6 years ago

Similar presentations

Presentation on theme: "Real World Advanced Threat Protection"— Presentation transcript:

1 Real World Advanced Threat Protection
Brian Reid Microsoft Office Servers and Services MVP Exchange Server Microsoft Certified Master

2 Classifying Advanced Threats
General Spam and Malware / Viruses = Threats Zero-Day, Phishing, Spoofing, Unsafe Links = Advanced Threats This, for the purpose of this presentation, is everything that classic Antivirus cannot detect! We will look at zero-day attacks, spoofing and other threats that we need to protect against

3 Malware Threats The most common source for all threats to enter a company Threats are typically not the same variant of the virus repeated time and again (as that is easy to spot) but variations and tweaks on the malware so it continually evolves and is typically always “zero-day” Use sandboxing, attachment blocking and quarantine tools A quick demo of Office 365 Advanced Threat Protection Safe Attachments

4 Link Threats Links to suspect content in needs to be protected against Corporate proxies used to (still do) hold this role, but with the rise of mobile devices need something that can filter from anywhere Links in , links to executable content, and links in Office documents A quick demo of Office 365 Advanced Threat Protection Safe Links

5 Advanced Threat Analytics
Microsoft’s offering (there are others) which is licenced as part of Enterprise Mobility + Security (and standalone) Detection of the behaviours of the threat, rather than the threat itself as well as detection of advanced attacks and security risks For example, creds being passed around when this would not be expected; session enumeration; privilege escalation

6 Windows Defender ATP Not Office ATP
Part of Microsoft 365 Licence (Windows E5 product), previously called Secure Productive Enterprise Requires Windows 10 Creators Edition or later Reports on activity, sources and impacts from “code” running on Windows devices, and utilises the Security Graph of learned info from across the globe

7 Spoofing Threats We will take a look at a sample, and then look at the protection of the end user Spoofing and phishing can start with a compromised account, but it can also have nothing to do with a company account – though it looks like it does! Are you pawned? And have you ever phished your users intentionally?

8 SPF, DKIM and DMARC (Sender Policy Framework) is a list of allowed server sender SPF (DomainKeys Identified Mail) is encrypted headers done by authorized server DKIM (Domain Message Authentication Reporting & Conformance) is reporting and telling receivers what your quarantine policy is DMARC Why should I care and what can I do about implementing SPF and DMARC? And how easy is it to implement? That is the next session…

9 Safety Tips in Office 365 Notifications that are written into the (rather than the client) Admin portal for spoof rules and reports Get-PhishFilterPolicy to export 30 days of spoof info or the Protection UI

10 Failed Sender Authentication Warnings
Arriving now to Outlook Web App / Outlook.com s that fail authentication do not display the user photo or auto determined initials Implement SPF and/or DKIM to ensure your s are authenticated

11 Call To Action Spin up a demo Office 365 E5 tenant and enable Office 365 ATP A few 2000 and 10,000 seat deployments turned it on without issue Its not just part of Office 365 E5 – it is also available as a standalone licence Requires Exchange Online Protection (EOP) as your gateway

Download ppt "Real World Advanced Threat Protection"

Similar presentations

Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of servers Across dozens of.

Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of servers Across dozens of.
On-premises Exchange Online Protection Office 365 Directory Sync ADFS (optional) Single sign on Secure mail flow Existing email environment.

On-premises Exchange Online Protection Office 365 Directory Sync ADFS (optional) Single sign on Secure mail flow Existing environment.
 Troy Hopwood Program Manager Microsoft Corporation BB53.

 Troy Hopwood Program Manager Microsoft Corporation BB53.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of.

Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.
 2:00 pm - 2:15 p.m. ◦ Intro, Welcome and Overview of Agenda  2:15 p.m. - 3:00 p.m. – Admin Training ◦ Introduction to Live at EDU and roadmap.

 2:00 pm - 2:15 p.m. ◦ Intro, Welcome and Overview of Agenda  2:15 p.m. - 3:00 p.m. – Admin Training ◦ Introduction to Live at EDU and roadmap.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
“SaaS secure web and email gateways frequently provide efficiency and cost advantages, and a growing number of offerings are delivering an improved.

“SaaS secure web and gateways frequently provide efficiency and cost advantages, and a growing number of offerings are delivering an improved.
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
On-premises Exchange Online Protection Office 365 Directory Sync Secure mail flow Existing email environment.

On-premises Exchange Online Protection Office 365 Directory Sync Secure mail flow Existing environment.
Windows Tutorial 5 Protecting Your Computer

Windows Tutorial 5 Protecting Your Computer
Intro to the Office 365 Security & Compliance Center

Intro to the Office 365 Security & Compliance Center
Advanced Endpoint Security Data Connectors-Charlotte January 2016

Advanced Endpoint Security Data Connectors-Charlotte January 2016
BUILD SECURE PRODUCTS AND SERVICES

BUILD SECURE PRODUCTS AND SERVICES

Similar presentations

Ads by Google