catching and cleaning phish (for office 365) - sector...over 30 microsoft certifications, including...
TRANSCRIPT
Copyright © New Signature 2019
Catching and Cleaning Phish(For Office 365)
Copyright © New Signature 2019
Today's Presenter: Jim Banach
NA Practice Group Lead, Modern Workplace
Has been with New Signature since 2005
Over 30 Microsoft Certifications, including
Microsoft Certified Systems Engineer, Microsoft
Certified IT Professional, Microsoft Certified
Technology Specialist, and Microsoft Certified
Systems Engineer: Security.
Copyright © New Signature 2019
Catching and Cleaning Phish
Copyright © New Signature 2019
Protect business critical dataMost security experts agree that email remains the #1 attack vector
emails analyzed every month in office 365
of all email traffic is spam (Mar ‘17)2
increase in ransomware-infected emails
(2016-2017)1
Copyright © New Signature 2019
• Protect leveraging Machine Learning Models identifying phish lures
Analyses
Millions of samples
ML Model
Model generation
Good - Inbox
Bad - Phish action
Applying what we learnedLearning from the good and bad
Base protection
Copyright © New Signature 2019
• Implicit Spoof Protection; DMARC; SPF
• Content based protection
• URL verification against known
phishing lists
• Safety Tips for mails detected as phish
• Inline Reporting
• Machine Learning Models
• Time of Click Protection (Safe links)
• Detonation of Content
• Users contact graph
Domain Spoof
• DMARC, DKIM
• SPF
• Intra Org spoof
• Cross domain
spoof
Compromised
• Compromised
account
Impersonation
• Look alike
domains
• Display name
tricks
Content
• Attachments
• URLs
• Text
Protect with Office 365 ATP enhanced Anti-phish Capabilities
Copyright © New Signature 2019
Office 365 Phish Protection Stack (Enhanced)7
Mail Flow Protection Post DeliveryProtection
ATP Safe link Time of clickProtection
ATP ZAP
Sender Authentication Checks
Implicit Intra Org Domain Spoof Detection
Soon: ATP Implicit External Domain Spoof Detection
Soon: ATP User mailbox Intelligence
Soon: ATP User Impersonation Detection
Soon: ATP Domain Impersonation Detection
AV Engine Scan
URL Reputation Scan
New: ATP Attachment Detonation for phishing
ATP Heuristic Clustering
Phish Content Analysis Heuristics/Rules
ATP Machine Learning Models
Multi factor Authentication for Office 365
New: Safe link for Internal MailNew: ATP block of
attachments with bad URLs
New: Windows 10 based Rep Scan Enhanced: Safe link for
Office Clients
ATP Safe link Time of clickProtection
ATP ZAP
Sender Authentication Checks
Implicit Intra Org Domain Spoof Detection
ATP Implicit External Domain Spoof Detection
ATP User Intelligence
ATP User Impersonation Detection
ATP Domain Impersonation Detection
AV Engine Scan
URL Reputation Scan
ATP Attachment Detonation for phishing
ATP Heuristic Clustering
Phish Content Analysis Heuristics/Rules
ATP Machine Learning Models
Multi factor Authentication for Office 365
Safe link for Internal MailATP block of attachments with bad URLs
Windows 10 based Rep Scan
Safe link for Office Clients
Client Tips for Suspicious Mails
Tenant Block URL for Safe links
Explore malicious submissions in Threat Explorer
Monitor for risky user/App activity
Threat Explorer
Rich Reports & Insights
Detect & Respond
Copyright © New Signature 2019
Protect your data• Advanced Threat Protection Safe Attachments: detonating malicious attachments
Detonation
Copyright © New Signature 2019
Protect: Admins can create enhanced Anti-impersonation settings
Copyright © New Signature 2019
Protect with Mailbox Intelligence
Copyright © New Signature 2019
Protect: Admins can apply internal safe links for intra-org emails
Copyright © New Signature 2019
Protect: Admins can apply sophisticated anti-spoof settings
Copyright © New Signature 2019
The User Experience
Copyright © New Signature 2019
Copyright © New Signature 2019
Investigating Phish in Office 365
Copyright © New Signature 2019
Automated Detection, Investigation & Remediation with Microsoft Threat Protection
Copyright © New Signature 2019
How can I possibly stay on top of this?Turing traditional Managed Security Services on their Side with New Signature
Copyright © New Signature 2019
NetSecOps – Traditional MSSP
Ingest Log Data
Put into Product (Splunk)
Do home grown smart
analysis
Send alerts to SOC
Apply business rules
Tell customer
So… what about the Internet?
Copyright © New Signature 2019
NetSecOps – New Signature
Ingest Log Data
Put into Product (Splunk)
Do home grown smart
analysis
Send alerts to SOC
Apply business rules
Tell customer
Microsoft Security
Operations
Thousands of people
AI / Machine Learning
6.5 Trillion Signals
Send email
Send incidents to SOC
Apply business rules
Collaborate with
Customer
Mitigate Incident N
ew
Sig
natu
re
Copyright © New Signature 2019
Azure Sentinel
Identity Advanced
SecurityEndpoint Advanced Security
Cloud Infrastructure
Advanced Security
Sentinel Data Connectors
• Azure Sentinel is Microsoft’s new cloud-native SIEM service that augments our security managed services. Sentinel integrates data from all available sources and applies machine learning and knowledge-based detections derived from the trillions of signals analyzed by Microsoft daily. Long term Log Analytics retention allow our analysts to detect latent threats and rapidly scope the impact of a breach, leading to faster remediation
Office 365 Advanced
Security
Datacenter Advanced
Security
Copyright © New Signature 2019
24x7 Operations Centre24x7 Help Desk
Service Integration and Management
Serv
ice D
eli
very
Man
ag
em
en
tNew Signature Managed Services Delivery Model
External Supported
Technologies
External Service
Towers
Customer Supported
Technologies
Customer Service
TowersNew Signature Service Towers
New Signature Supported Technologies
System
Center
Office
365
Azure Dynamics
Cloud
Copyright © New Signature 2019
New Signature Security Managed Services for Office 365
• Identity Advanced Security is a managed service that protects employee Azure Active Directory credentials from compromise by investigating risk events, flagged user accounts, and performing detection and risk audits. Our experts also provide proactive services using Identity Secure Score to determine gaps in identity security and provide reporting and ongoing recommendations.
• Office 365 Advanced Security protects your business from attack by monitoring and maintaining Office 365 Advanced Threat Protection (ATP) suite of software. We provide 24x7 phishing incident investigation and proactive security services to maintain and enhance your Office 365 tenant security over time.
Identity Advanced
Security
Comprehensive Microsoft
Identity Protection and
threat response
Office 365 Advanced
Security
Protection and threat
management for O365
workloads