All organizations have email. Most organizations have heard of ransomware and zero-day malware. Did you know that 59% of the time, ransomware comes in via email?* Why did my organization let it in?
What should I know?
As our Ransomware Guide explains in detail, there are many people, process, and technology improvements that can be implemented to prevent ransomware. On the technical side, an organization would be well inoculated by ensuring the following proactive solutions are in place:
- A well-managed Backup and Restore system. (In our experience, only one-third are properly deployed.)
- A Next Generation Firewall with active application control, URL filtering, and IPS – all fully managed.
- Enhanced inbound email protection such as Microsoft Advanced Threat Protection (ATP).
We’ll focus on that last bullet point in this blog post.
What is the threat?
Today’s email contains a lot of information and surface area for attack, including 3 main vectors:
- Phishing and/or spoofed emails
- Attachments with Zero-Day malware
- Links designed to trick or re-direct users to malicious sites
At its core, today’s solutions only have 2 paths to take – known (block) or unknown (assumed safe):
- Known threats are relatively straightforward and often are set up to be blocked within hours of being discovered.
- Unknown (Zero-Day) are malware that has not yet been defined by SPAM filters. Copy-cats and other evil doers are creating variants or clever new material known as “zero-day” malware. These variants and/or zero-day malware attacks have become commonplace and are not blocked by today’s modern anti-virus scanners.
How does ATP protect my organization?
To solve the problem of zero-day threats, Microsoft ATP sends emails with attachments and links through a due-diligence process where the email must prove it doesn’t contain anything malicious in an area aptly called the detonation chamber.
If a link or attachment is deemed to be dangerous, the admin will be notified of a detected threat and the email will not be delivered to the end-user’s mailbox. If there is no threat detected, the mail will be delivered to the end-user, but the protection doesn’t stop there.
ATP continues to track the links in every email. Any time a user clicks a link, the destination will be evaluated to ensure that the link has not been redirected to a malicious site.
How do I try or get it?
To make this turnkey, organizations have turned to Peters & Associates Managed ATP offering. For a monthly fee per user, we’ll prove the value, license, pilot, implement, train, onboard, report on and support the service from Microsoft. For a free consultation with a security / compliance professional, email firstname.lastname@example.org. We are happy to help.
*Osterman Research June 2016 Survey.