Advanced Threat Protection for Email

What is an Advanced Persistent Threat?

An Advanced Persistent Threat (APT)is a sophisticated and stealthy cyberattack where an unauthorized entity gains access to a network and remains undetected for an extended period.These attacks are often carried out by state-sponsored groups or highly skilled cybercriminals with specific objectives, such as stealing sensitive data, conducting espionage, or disrupting operations.

APTs typically involve multiple stages:

• Infiltration: Attackers gain initial access through methods like phishing or exploiting vulnerabilities.
• Expansion: Once inside, they move laterally within the network, gathering credentials and mapping the system.
• Exfiltration: Finally, they extract the targeted data or achieve their specific goals23.

The persistence and sophistication of APTs make them particularly challenging to detect and mitigate.

What can be done to protect against Advanced Persistent Threats?

The University’s Enterprise Spam and Virus Filter service (Exchange Online Protection) protects against general attempts to exploit security vulnerabilities through email. It utilizes a standard set of signature-based algorithms to detect harmful email content. But because advanced persistent threats are customized to attack a specific target (such as the University), general signature-based algorithms are less effective.

Microsoft Defender for Office 365 is designed to address this problem. It integrates with Exchange Online Protection to enhance security and help protect against advanced persistent threats.

We also need your help.  To protect against Advanced Persistent Threats (APTs), users should be cautious with emails and links, use strong, unique passwords, and enable multi-factor authentication. Regularly updating software, being aware of social engineering tactics, and monitoring accounts and devices for unusual activity are also crucial steps.

How does Microsoft Defender for Office 365 work?

Microsoft Defender for Office 365 includes two features that can help protect against targeted phishing attacks.

Safe Links

Safe Links evaluates the links in an email message in real time to determine whether they link to safe or harmful content. All links evaluated by Safe Links will be replaced by a longer URL that begins with https://na01.safelinks.protection.outlook.com, similar to the example shown below:

If the link is safe, you will be sent to the original address when you click on it. If the link is not safe, you will see a warning message indicating that the website you are trying to visit is harmful:

Safe Attachments

Safe Attachments is a feature that protects against harmful email attachments. It does not rely on signature-based algorithms, which are less effective against advanced persistent threats. Instead, Safe Attachments opens the attachments in a virtual environment and analyzes their behavior to determine whether they are harmful.

If the attachment is safe, it will be delivered to you along with the original email message. If the attachment is harmful, the email will be blocked and the message and attachment will not be delivered.

Please note that Safe Attachments does not analyze attachments in real time. This process may cause some minimal (measured in minutes) delay in delivery to you of email messages with attachments.

Frequently Asked Questions

Does Safe Links evaluate every link?

Safe Links evaluates links from internal and external email addresses.

Does Safe Attachments analyze an attachment every time I send it?

No. Safe Attachments will only analyze an attachment the first time that you send it. If you send the same attachment to someone later, it will not be analyzed a second time.

I want someone to be able to view my attachment right away. What can I do?

You can upload a file to OneDrive for Business and share a link to the file>.