​Achieving advanced threat protection for Office 365 deployments

David De Laine, Regional Managing Director, Australia and New Zealand, Check Point Software Technologies

Email remains a key tool for businesses of all sizes, however the ubiquitous communications channel is also a growing source of security problems.

Cyber criminals are increasingly using email as a way to infect IT infrastructures with malware. By sending staff emails containing infected attachments or links to malicious websites, attackers are able to circumvent many security systems and gain access to core applications and data.

Advanced social engineering and phishing techniques are making email an even more effective vector for attacks. Hackers can study an organisation and then tailor their emails so they look very authentic. For example, they might appear to be a legitimate invoice from a known supplier or to have come from a large customer.

According to recent research by Verizon, 30 per cent of all phishing messages are opened by the target recipient. The research also found that, in about 12 per cent of cases, people actually clicked on the attachment or link within the message. Worryingly, only 3 per cent subsequently alerted management to what had happened.

Increasing popularity of cloud-based services

The security issues around email are now changing as more organisations opt to shift from managing their own on-premise systems to using a cloud-based service such as Microsoft Office 365.

Industry research has found more than half of all organisations are making use of cloud-based email hosting services. They see it as a more flexible and cost-effective option to maintaining their own Exchange servers.

Of those surveyed by research firm SpiceWorks, 41 per cent said security was a key consideration when making this move. They recognised that, while it is relatively straightforward to put in place tools that can secure email when it is within an on-premise IT infrastructure, the task becomes more challenging when it shifts to the cloud.

The biggest issue for IT managers is that, once email is moved to Office 365, they lose control over its security. Rather than being able to physically protect, patch and manage their servers, this control is relinquished to a third party.

Some reassurance can be found in the fact that Office 365 comes with basic signature-based protection against known threats. This is helpful in protecting against malware that has been seen in the wild and identified.

However it can't keep up with the rapid growth of unknown malware and zero-day threats that continue to appear, the most recent one being the Cerber Ransomware specifically targeting Office 365. According to the Verizon report, 99 per cent of malware hashes are seen for less than a minute and most malware is only seen once. This reflects how quickly hackers are modifying their code to avoid detection and highlights the challenge of maintaining effective security.

The power of SandBlast Cloud

To overcome the challenge of maintaining effective protection against malware attacks when using Office 365, Check Point has developed SandBlast Cloud. This service offers multi-layer protection against both attachments and messages that may contain URLs linking to malicious sites. It effectively extends zero-day protection to the cloud-based Office 365 environment.

SandBlast Cloud uses APIs to link to Office 365 mailboxes and perform a variety of checks on all incoming emails including scanning and threat extraction.

All attachments are scanned for viruses and malware on arrival. If any are found in common document formats, they can be removed while still providing a view of the attachment to the user. This means workflows can continue without the threat of infection.

To protect against links within the bodies of emails that could take a user to a malicious site, SandBlast Cloud uses URL reputation checks to determine whether the linked site contains any threats. If so, access is prevented and the user is alerted.

For suspicious code found within attachments, SandBlast Cloud can undertake threat extraction and emulation. This involves the code within the attachments being opened in a sandbox environment for analysis to determine what it might be attempting to do. The code is opened in a secure virtual machine where it is unable to infect the wider IT infrastructure.

Clear business benefits

By linking SandBlast Cloud to an Office 365 environment, IT managers can be confident the security of incoming email can be maintained.

Processing is transparent to end users and completed quickly enough to ensure there is no disruption or delay to communications. A cloud-based management portal is also available so IT teams can see every event that occurs and the automated steps that were taken to overcome it.

Shifting email systems to a cloud-based service such as Office 365 can deliver significant benefits to a business, and now the security surrounding it can be just as effective as it is within traditional on-premise installations.

Tags IT managementMicrosoftcyber criminalscyber securityverizoncheck point softwareOffice 365

Show Comments