Office 365 Anti-Phishing
Phishing has changed because email has changed.
Built-in security in Microsoft Office 365 isn’t doing enough to stop targeted phishing attacks like Business Email Compromise (BEC), that blend pin-hole vulnerabilities and social engineering to deceive and manipulate end-users. BEC is perhaps the strongest example of how Microsoft Exchange Online Protection (EOP) and even Advanced Threat Protection (ATP) fail to thwart sophisticated hacker methods.
Avanan deploys between the inbox and Microsoft’s native security for Office 365. It secures inbound, outbound, and internal email from phishing attacks that evade Advanced Threat Protection and Email Gateways. It works with these other solutions and doesn’t require any MX record changes that broadcast security protocols to hackers.
Artificial Intelligence (AI) and Indicators of Compromise (IoCs) used in the past train the Avanan platform for what to look for in complex zero-day phishing attacks. Avanan is designed to replace point solutions to deliver as a comprehensive solution for all types of phishing — even vector-less attacks.
A Different Approach to Office 365 Phishing
Avanan connects in a cloud-native manner, no proxy or agent. It’s patented API-enabled, in-line security provides many advantages over conventional solutions — such as Secure Email Gateways (SEGs) or Office 365 Advanced Threat Protection.
With Avanan, Security Operations and IT professionals can more easily investigate, detect, and respond to email-based threats. Using sandbox detonation, zero-day protection, anti-spoofing technology, and URL scanning, the AI inspects every part of the email to uncover threats that others miss.
These continual monitoring capabilities help security professionals in Office 365 understand the state of the inbox, user, and organisation.
Internal-to-Internal Phishing Protection
Legacy solutions designed when on-premises email was the standard are ill-suited to the cloud. As with any technological shift, the transition was complicated. This resulted in an awkward end-user and administrator experience for Office 365 customers opting for third party security, like secure email gateways.
SEGs, or Mail Transfer Agents (MTAs) as they were called, sit outside the cloud, scanning incoming emails. This is useful for inbound attacks but falls short for filtering and blocking internal emails. These are the source of many sophisticated phishing attacks that stem from account compromise and insider threats to the organization.
Avanan secures each individual Office 365 inbox, protecting against phishing attacks from external as well as internal emails.
With this strategy, Avanan takes a modern approach to email security. Moving beyond the perimeter-based philosophy of security that was established in the 1990s, Avanan leverages identity to secure the entire environment beyond just the perimeter.
AI trained on phishing that evades Office 365 security
According to the 2019 Global Phish Report, 25% of phishing attacks bypass Office 365’s default security. Microsoft has gone to great lengths to develop their anti-phishing and anti-malware offerings, from the standard protection of EOP to the advanced, multi-layer security available in ATP. And yet, hackers consistently innovate methods designed to bypass both security solutions.
Because Office 365 is deployed at thousands of organizations, many of them large Fortune 100 companies, they cannot afford false-positive detections. If important emails are being consistently quarantined, the disruption to the business — and loss of profits — would be intolerable. Knowing this, Microsoft builds its security to a specific threshold.
Avanan knows this because we integrate with EOP and ATP for Office 365. Our anti-phishing algorithm runs/deploys between these security solutions and the inbox. This enables the AI to train itself specifically on the sophisticated attacks that were designed to evade default security and Office 365 Advanced Threat Protection, without hindering existing security’s ability to filter out spam and low-level phishing attacks.
At the same time, Avanan learns from the cyberattacks missed by other security vendors who also integrate with the Office 365 environment — most notably, secure email gateways and API-based solutions that are similar to Avanan, but lack pre-inbox threat detection. The AI is tuned to what other anti-phishing solutions miss.
These unique features combine to give Avanan a threat intelligence database that is unparalleled on the email security market.
Get in touch with our technical specialists.