​Achieving advanced threat protection for Office 365 deployments

David De Laine, Regional Managing Director, Australia and New Zealand, Check Point Software Technologies

Email remains a key tool for businesses of all sizes, however the ubiquitous communications channel is also a growing source of security problems.

Cyber criminals are increasingly using email as a way to infect IT infrastructures with malware. By sending staff emails containing infected attachments or links to malicious websites, attackers are able to circumvent many security systems and gain access to core applications and data.

Advanced social engineering and phishing techniques are making email an even more effective vector for attacks. Hackers can study an organisation and then tailor their emails so they look very authentic. For example, they might appear to be a legitimate invoice from a known supplier or to have come from a large customer.

According to recent research by Verizon, 30 per cent of all phishing messages are opened by the target recipient. The research also found that, in about 12 per cent of cases, people actually clicked on the attachment or link within the message. Worryingly, only 3 per cent subsequently alerted management to what had happened.

Increasing popularity of cloud-based services

The security issues around email are now changing as more organisations opt to shift from managing their own on-premise systems to using a cloud-based service such as Microsoft Office 365.

Industry research has found more than half of all organisations are making use of cloud-based email hosting services. They see it as a more flexible and cost-effective option to maintaining their own Exchange servers.

Of those surveyed by research firm SpiceWorks, 41 per cent said security was a key consideration when making this move. They recognised that, while it is relatively straightforward to put in place tools that can secure email when it is within an on-premise IT infrastructure, the task becomes more challenging when it shifts to the cloud.

The biggest issue for IT managers is that, once email is moved to Office 365, they lose control over its security. Rather than being able to physically protect, patch and manage their servers, this control is relinquished to a third party.

Some reassurance can be found in the fact that Office 365 comes with basic signature-based protection against known threats. This is helpful in protecting against malware that has been seen in the wild and identified.

However it can't keep up with the rapid growth of unknown malware and zero-day threats that continue to appear, the most recent one being the Cerber Ransomware specifically targeting Office 365. According to the Verizon report, 99 per cent of malware hashes are seen for less than a minute and most malware is only seen once. This reflects how quickly hackers are modifying their code to avoid detection and highlights the challenge of maintaining effective security.

The power of SandBlast Cloud

To overcome the challenge of maintaining effective protection against malware attacks when using Office 365, Check Point has developed SandBlast Cloud. This service offers multi-layer protection against both attachments and messages that may contain URLs linking to malicious sites. It effectively extends zero-day protection to the cloud-based Office 365 environment.

SandBlast Cloud uses APIs to link to Office 365 mailboxes and perform a variety of checks on all incoming emails including scanning and threat extraction.

All attachments are scanned for viruses and malware on arrival. If any are found in common document formats, they can be removed while still providing a view of the attachment to the user. This means workflows can continue without the threat of infection.

To protect against links within the bodies of emails that could take a user to a malicious site, SandBlast Cloud uses URL reputation checks to determine whether the linked site contains any threats. If so, access is prevented and the user is alerted.

For suspicious code found within attachments, SandBlast Cloud can undertake threat extraction and emulation. This involves the code within the attachments being opened in a sandbox environment for analysis to determine what it might be attempting to do. The code is opened in a secure virtual machine where it is unable to infect the wider IT infrastructure.

Clear business benefits

By linking SandBlast Cloud to an Office 365 environment, IT managers can be confident the security of incoming email can be maintained.

Processing is transparent to end users and completed quickly enough to ensure there is no disruption or delay to communications. A cloud-based management portal is also available so IT teams can see every event that occurs and the automated steps that were taken to overcome it.

Shifting email systems to a cloud-based service such as Office 365 can deliver significant benefits to a business, and now the security surrounding it can be just as effective as it is within traditional on-premise installations.

Join the CSO newsletter!

Error: Please check your email address.

Tags Office 365hackerscyber criminalsMicrosoftverizoncheck point softwareIT managementcyber security

More about AdvancedCheck PointMicrosoftVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David De Laine

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place