Advanced Threat Protection for Office 365
Advanced Threat Protection (ATP) for Office 365 helps safeguard your Middlebury account from online criminals who want to use your credentials to launch cyber attacks from Middlebury’s own technology services and/or steal sensitive and confidential information.
ATP for Office 365 was enabled for all ITS accounts on Monday, March 27, 2017.
The new ATP service includes several important features that help protect our accounts:
- Protection against unknown malware and viruses -- Exchange Online Protection (EOP) employs a robust and layered anti-virus protection powered with three different engines against known malware and viruses. ATP extends this protection through a feature called Safe Attachments, which protects against unknown malware and viruses, and provides better zero-day protection to safeguard our messaging system. All messages and attachments that don’t have a known virus/malware signature are routed to a special environment where a behavior analysis is performed using a variety of machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is released for delivery to the mailbox.
- Real time, time-of-click protection against malicious URLs -- EOP already scans each message in transit in Office 365 and provides time of delivery protection, blocking any malicious hyperlinks in a message. But attackers sometimes try to hide malicious URLs with seemingly safe links that are redirected to unsafe sites by a forwarding service after the message has been received. ATP’s Safe Links feature proactively protects our clients if they click such a link. That protection remains every time they click the link, as malicious links are dynamically blocked while good links can be accessed.
- Rich reporting and URL trace capabilities -- ATP also offers rich reporting and tracking capabilities, so we can gain critical insights into who is getting targeted in our organization and the category of attacks that we are facing. Reporting and message tracing will allow us to investigate messages that have been blocked due to an unknown virus or malware, while the URL trace capability will allow us to track individual malicious links in the messages that have been clicked.