Office 365 Security Solutions

Many organizations that have adopted Office 365 find the level of protection provided by Microsoft’s Exchange Online Protection (EOP) and Advanced Threat Protection (APT) packages is not sufficient and many threats are still delivered to inboxes. To improve protection, Office 365 security solutions are purchased from third party cybersecurity vendors. These email security solutions build on the protection provided by Microsoft and ensure a greater number of threats are blocked and Office 365 environments are better secured.

Microsoft Office 365 Security Options

EOP is provided with Office 365 licenses as standard and offers a basic level of protection for Office 365 email. Spam accounts for around 45% of email volume and EOP will block around 99% of these unwanted, productivity-draining messages. EOP uses multiple anti-malware engines to ensure Office 365 inboxes are kept free of known malware threats – Malware that has previously been identified by anti-virus solutions and a unique string of bits – the malware signature – has been added to the virus definition lists.

This basic level of protection will not be sufficient for most organizations, as a significant number of threats will bypass EOP and will reach end users’ inboxes. Microsoft offers enhanced Office 365 security through its Advanced Threat Protection (APT) offering, which is an add-on Office 365 security solution that must be paid for in addition to the Office 365 license cost. APT can be purchased for around $2 per user, per month, although it is provided with an Office 365 E5 subscription for a cost.

APT includes a host of features to keep Office 365 protected from email-based threats. While EOP provides protection against file attachments containing known malware, APT Safe Attachments provides protection against zero-day (unknown) malware and viruses. If an attachment is determined to be malware-free by EOP, it is routed to Safe Attachments where machine learning and analysis techniques are used to determine if the attachment is malicious.

APT Safe Links provides protection against malicious hyperlinks in the message body and in Office documents attached to emails. APT Anti-Phishing scans all inbound emails and machine learning models are used to search for common signatures of phishing. APT Spoof Intelligence provides protection against email impersonation attacks and uses SPF, DKIM and DMARC to check to make sure emails have been sent from authorized users of a particular domain.

Third Party Office 365 Security Solutions

IT professionals may mistakenly believe the level of protection provided by Microsoft through its EOP and APT offerings is good, at least initially when first migrating to Office 365. However, the reality is that the difference between Microsoft’s security features and the protection provided by top Office 365 security solutions from third party cybersecurity companies is considerable. Independent tests of Microsoft protections against malware and phishing by SE Labs confirmed this. SE Labs rated Office 365 as only providing a low- to mid-market level of protection.

In order to block sophisticated malware threats, spear phishing attacks, and business email compromise attacks, third party Office 365 security solutions are required. Office 365 security solutions are offered by many cybersecurity vendors and integrate seamlessly with Microsoft Office 365 to enhance protection for Office 365 environments.

The purpose of Office 365 security solutions is not to replace the protections provided by Microsoft, but to augment them and add even more layers of protection. Considering email is the main attack vector and more than 90% of data breaches start with a phishing email, these additional protections for Office 365 are important.

The cost of these Office 365 security solutions will be far less that the cost of mitigating phishing and malware attacks. Paying for a third-party Office 365 security solution is likely to work out much cheaper in the long run and will give you peace of mind that your Office 365 environment is well protected.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news