In September Microsoft announced that it has made two categories within its Automated Incident Response in Office 365 Advanced Threat Protection (ATP) generally available to all of its enterprise customers.
According to Thiani Naicker, Microsoft Practice Business Lead at Westcon-Comstor Sub-Saharan Africa, the addition of these security features allows a business to better contain potential security threats.
“These automated incident response features are available to companies who run Office 365 ATP Plan 2 and Office 365 Enterprise E5 tier at a nominal cost per user, and greatly increases the security of Office files passing through a business,” adds Naicker.
The first category includes “automatic investigations” a feature that kicks in, in response to new threat alerts. An example of which is when a user reports a phishing email, or when they click on a link the software deems malicious – the software will immediately take action. It also extends to malware detection and phishing emails that have made their way into a user’s inbox.
The second category includes what the vendor calls “manually initiated investigations”. These ‘investigations’ use Microsoft’s ‘automated playbook’ sequences for different security scenarios and attack types. These security playbooks assist in identifying user reports of phishing email and a weaponised URL playbook for malicious URLs. By launching these investigations in Microsoft’s Threat Explorer tool, a security practitioner can help to track and squash potential threats before they breach a perimeter.
The playbooks are particularly useful to create the connections between repetitive or similar attacks. Allowing the security team to predetermine opportunistic attacks and flag suspicious behaviour on user accounts.
“Office 365 ATP is proving to be a powerful tool in the fight against cyber-attacks and the extension of these two features to enterprise customers, ensures that attacks can be contained quickly by locking down accounts and devices, and asking for multi-factor authentication when removing a threat. With its continued investment and focus on security, Microsoft is fast becoming a serious player in the race towards ensuring that security is intrinsic in all its applications,” says Naicker.
Looking ahead, Microsoft has also announced that it will include Safe Links in Office 365 Advanced Threat Protection, a feature that has been protecting links in Office clients on Windows, Mac, iOS and Android, to Office Online in the very near future.