Microsoft Office 365 is the most popular target and vector for email phishing attacks. Office 365 Security is Microsoft’s best — especially compared to its 30-year challenge to secure the Windows OS. They have spent billions of dollars and acquired some great companies.
Exchange Online Protection (EOP) is the default security for Office 365. Advanced Threat Protection (ATP) is an add-on service available for an additional cost, or included with higher-priced enterprise options, such as the E5 license package.
Pricing aside, Microsoft demonstrates a commitment to security across the collaboration suite by updating the artificial intelligence (AI) EOP with the threat signatures of attacks caught by ATP. ATP boasts all the standard security functionalities on the market, making it a one-stop-shop for many Chief Information Security Officers (CISOs).
Each of the 180 million Exchange Online corporate mailboxes protected by Microsoft has different security needs, communication patterns, sensitive data, and collaboration styles. Because of how large and diverse the Office 365 user base is, Microsoft must keep the false positive rate low to guarantee deliverability and business continuity.
Deciding if content is malicious has a statistical aspect to it. There are many obvious cases of phishing, but also many grey examples. As such, the default security in Microsoft (EOP) must prefer the risk of missing an attack — a false negative — over blocking a legitimate message or file — a false positive. This hedging approach is necessary to reliably secure the masses, but means that the threat protection can not be fully tailored to each organization using Office 365.
Avanan analysts have found that ATP only offers slightly more protection than EOP.
This analysis finds that ATP doesn't provide that much more protection than EOP. This jives with our 2020 ATP Report, which found a 40.7% catch rate for EOP and a 48.4% catch rate by ATP.
Microsoft Office 365 is both a security provider and the target of advanced cyber attacks. This complicated identity informs why ATP has certain weaknesses that require supplemental security.
To leverage ATP, it’s important to know about three strengths of its threat intelligence when compared to the market — specifically in the anti-phishing space.
The accessibility of Office 365 email security presents another problem.
With the world’s most talented engineers and a seemingly infinite budget, why does Microsoft email security fall victim to phishing attacks that get past ATP and Exchange Online Protection (EOP) for Office 365?
The reasons have nothing to do with any particular Microsoft failure, but much to do with the widespread adoption of Office 365 as an enterprise collaboration suite. Because Office 365 is the most used platform, it is also the most attacked. This creates strengths and weaknesses in ATP.
Organizations should use Microsoft as a primary email security provider and layer additional security solutions from third-parties, such as Avanan, that have more tailored AI, security that is invisible to hackers, and expansive reporting.
Knowing this ATP empowers Office 365 admins to use the platform responsibly and optimally.