Microsoft knows that Office 365's default security features are not enough to keep an organization protected, which is why they created Microsoft Advanced Threat Protection as an additional security measure. However, for approximately the same cost as ATP you can do much better. We break down Advanced Threat Protection's security features and compare them to the full-stack security provided by the Avanan platform.
Email is the #1 Threat
Over 90% of data breaches last year started with an email. Even if you don’t click on a malicious message, there is a 12% chance that someone in your organization might not be so lucky. You must assume that someday, somewhere, someone will click on the wrong email.
Not only do you need to keep spam, phishing emails, malicious attachments and the ever-constant risk of ransomware out of every inbox, you should be able to identify and defend against the inevitable breach.
Microsoft Advanced Threat Protection (ATP)
Microsoft offers its own spam and phishing filters for every Outlook.com account, including a signature-based malware scanner. For companies that need more than the default layers of security, Microsoft offers its Advanced Threat Protection for an additional $24 per user per year. It includes capabilities not available in the default Office 365/Outlook.com account:
- Safe Links: replaces each URL, checking the site before redirecting the users.
- Safe Attachments: scanning attachments for malware
- Spoof Intelligence: analyzes external emails that match your domain.
- Anti-phishing Filters: looks for signs of incoming phishing attacks.
These are the mimimum layers of security a modern organization should use to protect their corporate email. However, is it worth the additional cost? Is that money better spent elsewhere? (Read more about ATP's Features and Shortfalls.)
The Avanan Cloud Security Platform
Avanan protects data in any SaaS. Partnering with the industry's most trusted security vendors, Avanan offers cloud-native versions of the most advanced technology to protect against malware, phishing, ransomware, data leakage, insider threats and more. The cloud-based platform is completely out-of-band and can be deployed in one click.
Avanan's Office 365 Protection
Avanan integrates with Office 365 to protect the full Office 365 environment including Outlook.com, One Drive, Teams, Azure and the Office Apps in a way that is seamless to the user and combines policy control in a single place.
How Avanan Compares to Advanced Threat Protection
The most significant difference between Microsoft’s Advanced Threat Protection and Avanan’s Cloud Security Platform is the scope of coverage. While ATP was built as an add-on feature for Outlook, Avanan was designed to be a comprehensive security platform to orchestrate security information across multiple cloud applications.
Avanan Protects All Email: Microsoft’s security tools assume that the threat lies outside your domain, only scanning inbound email. Avanan monitors inbound, outbound and internal email to detect the insider threat before it spreads.
Avanan Protects All of Office 365 in One Window: Microsoft’s default security is limited to email. For a long time, ATP had the same limitation, but in a recent announcement, Microsoft has revealed its plan to eventually extend ATP to SharePoint Online, OneDrive for Business and Teams because the threats extend beyond email. Unfortunately, its administration will separately embedded within each application, requiring individual configuration and management. Avanan has always offered its protection across all of Office 365 as a single pane of glass for policy and reporting. (Learn about an attack from China that used Microsoft's inherent trust in Sharepoint.)
Avanan Offers Account-Takeover Protection: Microsoft offers very little protection after the breach. Because Avanan is so tightly integrated with the full Office 365 Suite, it can correlate login information, policy edits, file activity, data shares or other anomalous behavior across the entire suite, or even across multiple SaaS, identifying the insider threat and blocking malicious behavior before it happens.
Advanced Phishing Protection
Avanan’s Phishing Protection goes far beyond the metrics used by most security tools, analyzing over 200 unique factors to identify a malicious message.
Domain Spoofing is a Minimum: The simplest attacks attempt to spoof your domain but you have access to this protection only when you upgrade to Advanced Threat Protection. This is just one metric that Avanan monitors.
Brand Impersonation: Beyond spoofing your domain, attackers will attempt to spoof the domain of trusted brands like FedEx or Amazon. Avanan identifies email that might spoof the domain, images, the language or just the look and feel of the most likely spoofed companies on the internet.
User Impersonation: With its complete API integration, Avanan gets to know your employees by name and role, making it possible to identify messages that are attempting impersonate a real person.
Business Email Compromise: Using the multi-factor spoof detection data, advanced contextual analysis can identify messages that might exploit human nature to reveal confidential information or worse. Tight integration with the inbox makes it possible to interact with the user to second-guess suspicious conversations--”Do you trust this sender?”
Multi-layer Malware Detection
Avanan has partnered with over 60 of the industry’s most advanced security vendors to cloudify and containerize their most advanced detection tools. Each and every message is scanned in parallel so that additional security does not add additional latency.
Antivirus Signatures: Signature-based antivirus is still a quick and easy way to screen the most common attacks. Avanan works alongside Microsoft's default security to block what is misses. Because many AV solutions subscribe to the same real-time databases that Microsoft uses internally, Avanan seeks out vendors that offer results above and beyond those lists.
Malware Sandboxing: Emulation analysis has become the de facto minimum standard for security as zero-day malware bots can generate millions of unique versions to bypass signature-based tools. For Office 365 users, this requires an upgrade to ATP. On the Avanan platform, users are protected with advanced technology from companies like FireEye, Check Point, Palo Alto and Lastline. (See how Hexadecimal-encoded files bypass Microsoft filters.)
Active Content Analysis: The next generation of malware detection eliminates the delay that often prevents customers from deploying sandboxing tools. Vendors like Cylance and Solebit use machine learning and other algorithmic science to provide an instant evaluation.
Avanan uses all three categories of malware analysis in parallel, analyzing the results with a machine-learning supervisor that incorporates the threat score from each tool. This provides a detection rate that no single vendor can offer.
Most phishing attacks incorporate a link to a malicious web page, file or form, often hiding them behind legitimate sites or with redirects from trusted domains. They are the most difficult to identify because the malicious content is remote and under the control of the attackers.
Domain Reputation: By default, Microsoft analyzes the first part of the URL to determine if the domain is on a blacklist of malicious sites. With the addition of Advanced Threat Protection, Microsoft will follow the link, through redirects and other misdirections to determine if the target page is on a blacklisted site or leads to a file download. Avanan also actively follows redirected links and supplements the domain analysis with a variety of other blacklist databases. (See how ATP can be fooled by multiple redirects.)
Malicious File Analysis: If the link leads to a file download, Advanced Threat Protection will analyze it using its own AV and sandboxing tools. Similarly, Avanan analyzes each file with its suite of malware tools—AV, sandboxing, and advanced AI—to test a link before it reaches the inbox.
Page Emulation Analysis: Advanced Threat Protection does no analysis beyond domain reputation and file analysis. Avanan, however, will analyze the pathway and resulting pages to look for phishing design and behavior. (Read why ATP Safelinks can fool a user into clicking a malicious URL.)
Brand Spoof Analysis: In the same way Avanan identifies an email that pretends to be from a trusted brand, page emulation looks for logos and language that might fool a user into believing they are on a trusted site. A site that looks like eBay but isn’t eBay.com is suspicious.
Active Form Analysis: If the resulting page includes a form, Avanan will identify look-alike content and malicious code. If a page looks like a Microsoft login but the form posts to an unrelated site, it could fool a user into entering their credentials. Avanan prevents the link from even reaching the inbox.
Keeping Up with The Ever Changing Threat
The number and variety of phishing attacks grow every year. No single company can hope to keep up, especially when the attackers can create methods to specifically bypass a particular technology.
As phishing attacks become increasingly sophisticated, Avanan actively seeks out new technology from both large and niche vendors to keep up with the changing threat. Our goal is to bring the full force of the entire security industry to build the most complete, most effective defense-in-depth security stack for email; for Office 365; for the cloud.