Contact Us      General Enquiries: +44 (0) 1273 834 000   Support / Service Desk: +44 (0) 113 360 9696

PAV IT

  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance
CONTACT SALESsupport
  • Home
  • Our latest Blogs
  • Blog
  • Defence in Depth for Microsoft 365
June 25, 2022

Defence in Depth for Microsoft 365

Friday, 29 May 2020 / Published in Blog

Defence in Depth for Microsoft 365

Defence in Depth for Microsoft 365

Microsoft office 365 has some good email security features, but also some significant vulnerabilities. A defence in depth strategy can compensate for these weaknesses, and create a more secure email environment.

Key Points:

  • Microsoft offers several robust security tools for MS 365 and its email service.
  • Nonetheless, there are limitations that expose business email users to a number of different risks.
  • A defense-in-depth strategy that integrates third-party solutions with Microsoft’s native security allows companies to exercise greater control and security over their email environment.

Do you need a defence-in-depth strategy for Microsoft 365?

MS 365, the new name for Office 365, Microsoft’s cloud-based office productivity suite, serves more than three-quarters of the business email users in the U.S., according to analysts,[1] and with more employees telecommuting and conducting business from home due to the COVID-19 pandemic, corporate reliance on email is only going to grow.

It is this ubiquity, however, that also makes email the most frequent target for malicious actors and the starting point for 94 percent of all cyber attacks.[2] Not coincidentally, Microsoft is the no. 1 spoofed brand.[3]

Keenly aware of all this, Microsoft provides a robust set security tools for MS 365. So why should you consider investing in additional third-party tools to build out a defense-in-depth strategy for the office suite? The answer has to do with the inevitable gaps in Microsoft’s sprawling native defense system. I’ll describe some of those here—and you can find out more about MS 365 security gaps and how to close them at Mimecast’s Cyber Resilience Summit, which takes place online June 23-24, 2020. Register here.

Extensive Native Security

The security mechanisms built into MS 365 are extensive. In some cases, they exceed the security controls found at many companies on-premises data centers. Native threat protection for Microsoft Outlook, for instance, goes beyond spam, viruses and malware to include:

  • A feature called Safe Attachments, which uses sandboxing to provide protection against previously unidentified threats.
  • Real-time protection that identifies and blocks malicious URLS.
  • Robust URL tracking and reporting that lets organizations identify who in their ranks is being targeted by malware, which emails have been blocked due to a potential threat and the source of any malicious URLs.

Microsoft also helps businesses thwart man-in-the-middle attacks, wiretaps and other types of data interception by letting their users send and receive encrypted data. To limit the actions that users can perform when sharing company data, corporate security professionals can apply custom policies to the encryption. They do this via Microsoft Azure’s Rights Management Service (RMS), which is included with MS 365.

The potential snag here is that in order to use the cloud-oriented Azure RMS, Microsoft’s on-premises Active Directory RMS first needs to be migrated to Azure. This can be a roadblock for large enterprises that work with a lot of business partners, since in order to share encrypted files with these organizations, they must also migrate to Azure.

There are other limitations to MS Office’s security features that expose business users to a variety of different risks. Some of the more important ones include:

Limited app discovery and risk assessment. End-users tend to blindly grant permissions when prompted by third-party applications, without regard to the potential risk. Although Microsoft’s Cloud App Security function keeps tabs on and assesses the security risks associated with over 16,000 cloud apps, the version included in MS 365 only tracks around 750 of these.[4] Corporate IT remains blind to how users are utilizing and what data they’re sharing with any cloud apps that fall outside this relatively small assortment.

Limited DLP capabilities. Protecting customer data is a top priority at most businesses today. MS 365’s data-loss prevention solution, however, is only available to businesses with an E3 subscription and above. This leaves those—mostly smaller—businesses that have opted for a more affordable MS 365 subscription without data leak protection.

Limited threat and anomaly detection. In a similar vein, Microsoft only provides its advanced threat management services to MS 365 customers with an E5 subscription. Those with lower subscription levels only receive basic mail filtering and anti-malware tools.

Limited backup and recovery. Using OneDrive for Business, MS 365 customers can restore damaged files, but only for up to 30 days and only for files that were stored on OneDrive. Other MS 365 services are not covered by even this limited recovery capability.

Defence in Depth

Which brings us to defence in depth, a layered approach to cyber security that, when used in conjunction with MS 365’s already robust native security components, can plug holes and compensate (to a degree) for end-user negligence when conducting business via email.

Under a DiD strategy, if one defense fails, another is used to fill the breach. By integrating different protective mechanisms from different vendors, the DiD model eliminates security gaps that threats can fall through.

Some of the more important elements of a defence in depth strategy include:

Network security controls are the first line of defence when securing a network is analyzing its traffic. Firewalls block access based on a set of security rules derived in part from this analysis. Intrusion protection systems can work in tandem with a firewall to identify potential threats, also based on this analysis.

Anti-malware guards against viruses and other forms of malware. The best of these programs go beyond signature-based detection and include heuristic features that scan for suspicious patterns and activity.

Data integrity analysis software uses a file’s checksum to verify its source and frequency of use, in order to spot any discrepancies. Incoming files that are completely unique to the system can be flagged as suspicious. Likewise, data integrity solutions can also check the source IP address to ensure that it is both known and trusted.

Behavioral analysis software is the belt to the DiD suspenders. When the firewall or intrusion protection solutions have failed, behavioral analysis picks up the slack and can either send alerts or execute automatic controls to halt a breach in progress. But for behavioral analysis to work effectively, organizations need to establish a baseline for “normal” behavior.

The Bottom Line

MS 365 offers businesses a powerful set of productivity apps, including a user-friendly email platform with some good security features. Businesses, however, should be aware of the gaps in the security coverage provided by Microsoft and compensate accordingly. A comprehensive way to do this is by adopting a defense-in-depth security strategy and employing a range of trusted third-party security solutions.

[1] “Understanding Office 365 Security Concerns,” Osterman Research

[2] “2019 Data Breach Investigations Report,” Verizon

[3] “Phishing Activity Trends Report,” AntiPhishing Working Group

[4] “What are the differences between Microsoft Cloud App Security and Office 365 Cloud App Security?,” Microsoft

by ELLIOT KASS

Original article can be found HERE

What you can read next

watchguard_graph
5 Reasons to make the switch from Sonicwall to Watchguard
Baiting: How Cybercriminals Exploit Human Nature
Baiting: How Cybercriminals Exploit Human Nature
Cisco Blog Hybrid Working
Why Hybrid Work Is Driving SMB Digital Transformation

Recent Posts

  • Sophos Event Blog Header

    Better cyber protection doesn’t have to cost you more

    Most campaigns that vendors / resellers run is ...
  • Cyber Insurance Blog

    Cyber insurance: there’s bad news and there’s good news

    The threat environment is more challenging than...
  • Evolving Cyberattacks header

    How Common Types of Cyberattacks are Evolving

    Cyberattacks are ever changing. Read about cybe...
  • Watchguard MFA Header

    Protecting User Identity and Securing Business Trust with Multi-Factor Authentication

    THE EVOLUTION OF AUTHENTICATION – HOW WE GOT HE...
  • CRN Nomination 2022 Header

    CRN Best Company to Work For Nomination 2022

    Why is your company such a great place to work?...

Categories

  • Applications
  • Blog
  • Cisco
  • Commvault
  • Events
  • Legal
  • Manufacturing
  • Microsoft
  • Mimecast
  • Networking
  • News
  • Newsletters
  • Other News
  • Retail
  • Sophos
  • Watchguard

pavilion logo small

A leading IT infrastructure solution and support provider that has been delivering flexible and modular solutions and consultancy to businesses across the UK since 1988.

GET IN TOUCH

  • General Enquiries: +44 (0)1273 834 000
  • Support Desk: +44 (0)1273 834 433
  • Email: info@pav.co.uk
  • PAV I.T. Services
  • The Old Corn Mill, Bullhouse Mill
  • Lee Lane, Millhouse Green
  • Sheffield S36 9NN
  • View on Google Maps
  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance

Pav IT © 2022 All rights reserved.

  • GET SOCIAL
TOP