Office 365 Anti-Phishing
Phishing has changed because email has changed.
Built-in security in Microsoft Office 365 isn’t doing enough to stop targeted phishing attacks like Business Email Compromise (BEC), that blend pin-hole vulnerabilities and social engineering to deceive and manipulate end-users. BEC is perhaps the strongest example of how Microsoft Exchange Online Protection (EOP) and even Advanced Threat Protection (ATP) fail to thwart sophisticated hacker methods.
Avanan deploys between the inbox and Microsoft’s native security for Office 365. It secures inbound, outbound, and internal email from phishing attacks that evade Advanced Threat Protection and Email Gateways. It works with these other solutions and doesn’t require any MX record changes that broadcast security protocols to hackers.
Artificial Intelligence (AI) and Indicators of Compromise (IoCs) used in the past train the Avanan platform for what to look for in complex zero-day phishing attacks. Avanan is designed to replace point solutions to deliver as a comprehensive solution for all types of phishing — even vector-less attacks.
“Avanan has reduced our phishing attempts and attacks by at least 80%”
Director of Cybersecurity, Education
A Different Approach to Office 365 Phishing
Avanan connects in a cloud-native manner, no proxy or agent. It’s patented API-enabled, in-line security provides many advantages over conventional solutions — such as Secure Email Gateways (SEGs) or Office 365 Advanced Threat Protection.
With Avanan, Security Operations and IT professionals can more easily investigate, detect, and respond to email-based threats. Using sandbox detonation, zero-day protection, anti-spoofing technology, and URL scanning, the AI inspects every part of the email to uncover threats that others miss.
These continual monitoring capabilities help security professionals in Office 365 understand the state of the inbox, user, and organization.
Internal-to-Internal Phishing Protection
Legacy solutions designed when on-premises email was the standard are ill-suited to the cloud. As with any technological shift, the transition was complicated. This resulted in an awkward end-user and administrator experience for Office 365 customers opting for third party security, like secure email gateways.
SEGs, or Mail Transfer Agents (MTAs) as they were called, sit outside the cloud, scanning incoming emails. This is useful for inbound attacks but falls short for filtering and blocking internal emails. These are the source of many sophisticated phishing attacks that stem from account compromise and insider threats to the organization.
Avanan secures each individual Office 365 inbox, protecting against phishing attacks from external as well as internal emails.
With this strategy, Avanan takes a modern approach to email security. Moving beyond the perimeter-based philosophy of security that was established in the 1990s, Avanan leverages identity to secure the entire environment beyond just the perimeter.
AI trained on phishing that evades Office 365 security
According to the 2019 Global Phish Report, 25% of phishing attacks bypass Office 365’s default security. Microsoft has gone to great lengths to develop their anti-phishing and anti-malware offerings, from the standard protection of EOP to the advanced, multi-layer security available in ATP. And yet, hackers consistently innovate methods designed to bypass both security solutions.
Because Office 365 is deployed at thousands of organizations, many of them large Fortune 100 companies, they cannot afford false-positive detections. If important emails are being consistently quarantined, the disruption to the business — and loss of profits — would be intolerable. Knowing this, Microsoft builds its security to a specific threshold.
Avanan knows this because we integrate with EOP and ATP for Office 365. Our anti-phishing algorithm runs/deploys between these security solutions and the inbox. This enables the AI to train itself specifically on the sophisticated attacks that were designed to evade default security and Office 365 Advanced Threat Protection, without hindering existing security’s ability to filter out spam and low-level phishing attacks.
At the same time, Avanan learns from the cyberattacks missed by other security vendors who also integrate with the Office 365 environment — most notably, secure email gateways and API-based solutions that are similar to Avanan, but lack pre-inbox threat detection. The AI is tuned to what other anti-phishing solutions miss.
These unique features combine to give Avanan a threat intelligence database that is unparalleled on the email security market.
The most Complete Anti-Phishing Tool on the Market for Office 365
Security engineers familiar with Office 365 know that even with ATP’s Threat Intelligence Dashboard, cleaning up post-attack isn’t as easy as it should be. Having to write PowerShell scripts from within a consolidated reporting dashboard with limited drill-down capabilities feels redundant and frustrating.
Avanan customers can manage all their Office 365 anti-phishing requirements for security and compliance from a single dashboard. They can easily set phishing workflows that automate security administration and threat monitoring.
Review Threats with Mail Explorer and Custom Queries
See every threat caught by Avanan, the email subject, content, and why it was determined to be phishing based on the 300+ indicators Avanan looks at in every email. Phishing indicators are explained in plain English, so it’s easy to assess the potential impact of an attack.
The simplified view in Mail Explorer allows admin to quarantine advanced threats across inboxes by searching:
- email subject
- sender email address
- sender IP
- sender name
- sender domain
With the click of a button, Avanan quarantines all emails that match these parameters to isolate the threat.
Using Queries, security engineers in Office 365 can customize the components of their search beyond the options available in Mail Explorer. After identifying advanced persistent threats in the query tool, security professionals can:
- Add to exceptions
- Exclude selected
- Report to Syslog
- Send email report
- Generate a security event
- Move to junk
- Add phishing alert
Create Universal Policies
The Avanan policy wizard enables the creation of granular policies that apply across Office 365 email to the rest of the collaboration suite.
There are three modes of protection available for email:
Provides visibility into cloud-hosted email and leverages publicly available APIs from Office 365. Manual and automated query-based quarantines are available after delivery to the email.
Detect and Prevent
Provides an increased level of protection that scans email that’s already arrived in the user’s inbox. This mode adds an automated policy action to quarantine malware, phishing attacks, etc. based on the results of the best-of-breed security stack. In this mode user notifications and release workflows are available.
Provides the highest level of protection and scans email prior to delivery to the end user’s inbox. Scanning and quarantining take place before the email is delivered to the user’s inbox. This ensures that threats are detected and remediated before the user has access to the email.
From any of these modes, the security orchestration admin can choose what happens to the malicious email, and whether or not to involve the user.
- We are able to customize sensitivity based upon groups, in addition to the alerts we would receive.
- Would be good to be able to lower risk thresholds for some of the detections based on sender patterns, since we have special considerations with Icelandic emails.