DID YOU KNOW?
Malicious URLs consistently bypass ATP.
Attackers use automation to make small,
random modifications to existing malware
signatures and use transformation techniques
to bypass these native O365 security tools.
Office O365 ATP was developed as an overlay
security architecture for Exchange Online
Protection (EOP), which is the native security
tool for O365 mail. Though ATP offers good
baseline features against inbound threats
such as malware and spam, it lacks the depth
of functionality for customers looking to build
a comprehensive email security strategy.
Microsoft uses ML to detect suspicious
patterns of data access. However, a lot of its
anti-phishing capabilities are dependent on
EOP’s policy-based filters and ML is limited
to the cloud. As with any other data-driven
tool, ATP relies on historical knowledge of
cyberattacks to detect new ones.
For missed phishing emails, it puts the onus on
the trained user to identify phishing attacks
and report them back to Microsoft. While
it does offer some situational education,
organizations still spend time and effort in
training end users.
Microsoft acts as an outsourced SOC team by
analyzing threats internally, and offers little
transparency to its customers in the detailed
reporting of threats. The forensics reporting
features are at a high level and lack depth.
But, Here’s the Problem...
Email attacks have mutated to become more sophisticated and targeted, and
hackers exploit user behavior to launch targeted and highly damaging campaigns
on people and organizations. Attackers use automation to make small, random
modifications to existing malware signatures and use transformation techniques
to bypass these native O365 security tools. Unsuspecting - and often untrained -
users fall prey to socially engineered attacks that mimic O365 protocols, domains,
notifications, and more.
This is an email impersonation attack. The hacker has crafted a believable email,
prompting the user to update his or her security controls. But, the link won’t lead the
user to a genuine page. Instead, they will be led to a look-a-like page where hackers
may gain unauthorized access to the user’s account. This is often a credential
harvesting page. Stolen credentials can then be used to gain access to the account.
It is because such loopholes exist in O365 email security that Microsoft continues to
be one of the most impersonated brands in the world.
What are the consequences of a compromised account?
With approximately 180 million O365 active email accounts, organizations could find
themselves at risk of a data loss or a breach, which means revenue loss, damaged
reputation, customer churn, disrupted productivity, regulatory fines, and penalties
for non-compliance. This means they need to quickly move beyond relying on largely
rule and reputation-based O365 email filters to more dynamic ways of detecting and
mitigating email-originated risks.
How Tessian Enhances O365 Email Security
By dynamically analyzing current and historical data, communication styles,
language patterns, and employee project relationships both within and outside the
organization, Tessian generates contextual employee relationship graphs to establish
a baseline normal behavior. By doing this, Tessian turns both your employees and
the email data into an organization’s biggest defenses against inbound and outbound
email threats.
Conventional tools focus on just securing the machine layer – the network,
applications, and devices. By uniquely focusing on the human layer, Tessian
can make clear distinctions between legitimate and malicious email interactions and
warn users in real-time to reinforce training and policies to promote safer behavior.
Often, customers ask us which approach is better: the conventional, rule-based
approach of Microsoft's native tools, or Tessian’s powered by machine learning. The
answer is, each has their unique place in building a comprehensive email security
strategy for O365. But, no organization that deals with sensitive, critical, and
personal data can afford to overlook the benefits of an approach based on machine
learning and behavioral analysis.
A layered approach that leverages the tools offered by O365 for high-volume attacks,
reinforced with next-gen tools for detecting the unknown and evasive ones, would
be your best bet. A very short implementation time coupled with the algorithm’s
ability to ‘learn’ from historical email data over the last year - all within 24 hours
of deployment - means Tessian could give O365 users just the edge they need to
combat modern day email threats.
Solution Highlights
THREAT DETECTION
Tessian Defender can detect and stop a
variety of inbound threats such as services,
brand, vendor, internal, and executive
impersonations, preventing a broad spectrum
of fraudulent activities (invoice/wire/crypto
frauds), thefts (credentials/IP/PII), gift card
and bribery attacks, and system compromise
(servers, databases, control systems, etc).
EDUCATION AND AWARENESS
The Tessian HLS platform provides contextual,
in-the-moment warnings. In addition, you
have the ability to automatically warn and
educate users on unusual looking emails with
configuration options.
FORENSIC TOOLS
Historical analysis shows what threats were
received in the past year that got past existing
defenses. Tessian’s machine learning acquires
significant behavioral inputs within 24 hours
of deployment.
TESSIAN HUMAN LAYER SECURITY FOR MICROSOFT OFFICE 365