Don’t Click That! Oops, too late.

All organizations have email.  Most organizations have heard of ransomware and zero-day malware. Did you know that 59% of the time, ransomware comes in via email?* Why did my organization let it in?

What should I know?

As our Ransomware Guide explains in detail, there are many people, process, and technology improvements that can be implemented to prevent ransomware.  On the technical side, an organization would be well inoculated by ensuring the following proactive solutions are in place:

  • A well-managed Backup and Restore system. (In our experience, only one-third are properly deployed.)
  • A Next Generation Firewall with active application control, URL filtering, and IPS – all fully managed.
  • Enhanced inbound email protection such as Microsoft Advanced Threat Protection (ATP).

We’ll focus on that last bullet point in this blog post.

What is the threat?

Today’s email contains a lot of information and surface area for attack, including 3 main vectors:

  • Phishing and/or spoofed emails
  • Attachments with Zero-Day malware
  • Links designed to trick or re-direct users to malicious sites

At its core, today’s solutions only have 2 paths to take – known (block) or unknown (assumed safe):

  • Known threats are relatively straightforward and often are set up to be blocked within hours of being discovered.
  • Unknown (Zero-Day) are malware that has not yet been defined by SPAM filters. Copy-cats and other evil doers are creating variants or clever new material known as “zero-day” malware. These variants and/or zero-day malware attacks have become commonplace and are not blocked by today’s modern anti-virus scanners.

How does ATP protect my organization?

To solve the problem of zero-day threats, Microsoft ATP sends emails with attachments and links through a due-diligence process where the email must prove it doesn’t contain anything malicious in an area aptly called the detonation chamber.

Manged ATP

If a link or attachment is deemed to be dangerous, the admin will be notified of a detected threat and the email will not be delivered to the end-user’s mailbox. If there is no threat detected, the mail will be delivered to the end-user, but the protection doesn’t stop there.

ATP continues to track the links in every email. Any time a user clicks a link, the destination will be evaluated to ensure that the link has not been redirected to a malicious site.

How do I try or get it?

To make this turnkey, organizations have turned to Peters & Associates Managed ATP offering.  For a monthly fee per user, we’ll prove the value, license, pilot, implement, train, onboard, report on and support the service from Microsoft.  For a free consultation with a security / compliance professional, email info@peters.com. We are happy to help.

*Osterman Research June 2016 Survey.

By |2018-12-18T12:15:16-05:00May 3rd, 2017|Security Solutions|Comments Off on Don’t Click That! Oops, too late.

About the Author:

Bruce is the Vice President of Business Strategy. In addition to client-facing roles, Bruce is responsible for operational excellence in areas such as marketing, product alignment, and vendor relations. Over the past 25 years, Bruce has always served in an advisory role for C-level executives, IT Directors and CISOs to ensure that business goals align with IT strategies and initiatives. Microsoft has recognized, trained and badged Bruce as an internal Microsoft resource to allow him full access to solution architecture, roadmaps and competitive guidance. Bruce has a focus on consultative education and helping organizations envision their future with justifiable rationale. He is sought after on speaking engagements including CIO roundtables, executive forums, and conferences. Bruce is a graduate from the University of Illinois (Secondary Ed.) and also holds an MBA from Keller Graduate School, with a credentialed security focus (CISM).