Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including...
Transcript of Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including...
![Page 1: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/1.jpg)
Copyright © New Signature 2019
Catching and Cleaning Phish(For Office 365)
![Page 2: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/2.jpg)
Copyright © New Signature 2019
Today's Presenter: Jim Banach
NA Practice Group Lead, Modern Workplace
Has been with New Signature since 2005
Over 30 Microsoft Certifications, including
Microsoft Certified Systems Engineer, Microsoft
Certified IT Professional, Microsoft Certified
Technology Specialist, and Microsoft Certified
Systems Engineer: Security.
![Page 3: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/3.jpg)
Copyright © New Signature 2019
Catching and Cleaning Phish
![Page 4: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/4.jpg)
Copyright © New Signature 2019
Protect business critical dataMost security experts agree that email remains the #1 attack vector
emails analyzed every month in office 365
of all email traffic is spam (Mar ‘17)2
increase in ransomware-infected emails
(2016-2017)1
![Page 5: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/5.jpg)
Copyright © New Signature 2019
• Protect leveraging Machine Learning Models identifying phish lures
Analyses
Millions of samples
ML Model
Model generation
Good - Inbox
Bad - Phish action
Applying what we learnedLearning from the good and bad
Base protection
![Page 6: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/6.jpg)
Copyright © New Signature 2019
• Implicit Spoof Protection; DMARC; SPF
• Content based protection
• URL verification against known
phishing lists
• Safety Tips for mails detected as phish
• Inline Reporting
• Machine Learning Models
• Time of Click Protection (Safe links)
• Detonation of Content
• Users contact graph
Domain Spoof
• DMARC, DKIM
• SPF
• Intra Org spoof
• Cross domain
spoof
Compromised
• Compromised
account
Impersonation
• Look alike
domains
• Display name
tricks
Content
• Attachments
• URLs
• Text
Protect with Office 365 ATP enhanced Anti-phish Capabilities
![Page 7: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/7.jpg)
Copyright © New Signature 2019
Office 365 Phish Protection Stack (Enhanced)7
Mail Flow Protection Post DeliveryProtection
ATP Safe link Time of clickProtection
ATP ZAP
Sender Authentication Checks
Implicit Intra Org Domain Spoof Detection
Soon: ATP Implicit External Domain Spoof Detection
Soon: ATP User mailbox Intelligence
Soon: ATP User Impersonation Detection
Soon: ATP Domain Impersonation Detection
AV Engine Scan
URL Reputation Scan
New: ATP Attachment Detonation for phishing
ATP Heuristic Clustering
Phish Content Analysis Heuristics/Rules
ATP Machine Learning Models
Multi factor Authentication for Office 365
New: Safe link for Internal MailNew: ATP block of
attachments with bad URLs
New: Windows 10 based Rep Scan Enhanced: Safe link for
Office Clients
ATP Safe link Time of clickProtection
ATP ZAP
Sender Authentication Checks
Implicit Intra Org Domain Spoof Detection
ATP Implicit External Domain Spoof Detection
ATP User Intelligence
ATP User Impersonation Detection
ATP Domain Impersonation Detection
AV Engine Scan
URL Reputation Scan
ATP Attachment Detonation for phishing
ATP Heuristic Clustering
Phish Content Analysis Heuristics/Rules
ATP Machine Learning Models
Multi factor Authentication for Office 365
Safe link for Internal MailATP block of attachments with bad URLs
Windows 10 based Rep Scan
Safe link for Office Clients
Client Tips for Suspicious Mails
Tenant Block URL for Safe links
Explore malicious submissions in Threat Explorer
Monitor for risky user/App activity
Threat Explorer
Rich Reports & Insights
Detect & Respond
![Page 8: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/8.jpg)
Copyright © New Signature 2019
Protect your data• Advanced Threat Protection Safe Attachments: detonating malicious attachments
Detonation
![Page 9: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/9.jpg)
Copyright © New Signature 2019
Protect: Admins can create enhanced Anti-impersonation settings
![Page 10: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/10.jpg)
Copyright © New Signature 2019
Protect with Mailbox Intelligence
![Page 11: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/11.jpg)
Copyright © New Signature 2019
Protect: Admins can apply internal safe links for intra-org emails
![Page 12: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/12.jpg)
Copyright © New Signature 2019
Protect: Admins can apply sophisticated anti-spoof settings
![Page 13: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/13.jpg)
Copyright © New Signature 2019
The User Experience
![Page 14: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/14.jpg)
Copyright © New Signature 2019
![Page 15: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/15.jpg)
![Page 16: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/16.jpg)
![Page 17: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/17.jpg)
Copyright © New Signature 2019
Investigating Phish in Office 365
![Page 18: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/18.jpg)
![Page 19: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/19.jpg)
![Page 20: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/20.jpg)
![Page 21: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/21.jpg)
![Page 22: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/22.jpg)
![Page 23: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/23.jpg)
![Page 24: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/24.jpg)
![Page 25: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/25.jpg)
![Page 26: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/26.jpg)
![Page 27: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/27.jpg)
![Page 28: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/28.jpg)
Copyright © New Signature 2019
Automated Detection, Investigation & Remediation with Microsoft Threat Protection
![Page 29: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/29.jpg)
![Page 30: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/30.jpg)
![Page 31: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/31.jpg)
![Page 32: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/32.jpg)
![Page 33: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/33.jpg)
![Page 34: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/34.jpg)
![Page 35: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/35.jpg)
![Page 36: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/36.jpg)
![Page 37: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/37.jpg)
![Page 38: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/38.jpg)
![Page 39: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/39.jpg)
![Page 40: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/40.jpg)
![Page 41: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/41.jpg)
![Page 42: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/42.jpg)
![Page 43: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/43.jpg)
![Page 44: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/44.jpg)
![Page 45: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/45.jpg)
Copyright © New Signature 2019
How can I possibly stay on top of this?Turing traditional Managed Security Services on their Side with New Signature
![Page 46: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/46.jpg)
Copyright © New Signature 2019
NetSecOps – Traditional MSSP
Ingest Log Data
Put into Product (Splunk)
Do home grown smart
analysis
Send alerts to SOC
Apply business rules
Tell customer
So… what about the Internet?
![Page 47: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/47.jpg)
Copyright © New Signature 2019
NetSecOps – New Signature
Ingest Log Data
Put into Product (Splunk)
Do home grown smart
analysis
Send alerts to SOC
Apply business rules
Tell customer
Microsoft Security
Operations
Thousands of people
AI / Machine Learning
6.5 Trillion Signals
Send email
Send incidents to SOC
Apply business rules
Collaborate with
Customer
Mitigate Incident N
ew
Sig
natu
re
![Page 48: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/48.jpg)
Copyright © New Signature 2019
Azure Sentinel
Identity Advanced
SecurityEndpoint Advanced Security
Cloud Infrastructure
Advanced Security
Sentinel Data Connectors
• Azure Sentinel is Microsoft’s new cloud-native SIEM service that augments our security managed services. Sentinel integrates data from all available sources and applies machine learning and knowledge-based detections derived from the trillions of signals analyzed by Microsoft daily. Long term Log Analytics retention allow our analysts to detect latent threats and rapidly scope the impact of a breach, leading to faster remediation
Office 365 Advanced
Security
Datacenter Advanced
Security
![Page 49: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/49.jpg)
Copyright © New Signature 2019
24x7 Operations Centre24x7 Help Desk
Service Integration and Management
Serv
ice D
eli
very
Man
ag
em
en
tNew Signature Managed Services Delivery Model
External Supported
Technologies
External Service
Towers
Customer Supported
Technologies
Customer Service
TowersNew Signature Service Towers
New Signature Supported Technologies
System
Center
Office
365
Azure Dynamics
Cloud
![Page 50: Catching and Cleaning Phish (For Office 365) - SecTor...Over 30 Microsoft Certifications, including Microsoft Certified Systems Engineer, Microsoft Certified IT Professional, Microsoft](https://reader034.fdocuments.us/reader034/viewer/2022050416/5f8c54967b8690254835e2d7/html5/thumbnails/50.jpg)
Copyright © New Signature 2019
New Signature Security Managed Services for Office 365
• Identity Advanced Security is a managed service that protects employee Azure Active Directory credentials from compromise by investigating risk events, flagged user accounts, and performing detection and risk audits. Our experts also provide proactive services using Identity Secure Score to determine gaps in identity security and provide reporting and ongoing recommendations.
• Office 365 Advanced Security protects your business from attack by monitoring and maintaining Office 365 Advanced Threat Protection (ATP) suite of software. We provide 24x7 phishing incident investigation and proactive security services to maintain and enhance your Office 365 tenant security over time.
Identity Advanced
Security
Comprehensive Microsoft
Identity Protection and
threat response
Office 365 Advanced
Security
Protection and threat
management for O365
workloads