Posted by: kurtsh | April 9, 2015

ANNOUNCEMENT: Exchange Online Advanced Threat Protection

imageWe just announced “Exchange Online Advanced Threat Protection” (available this summer), a separate service from Exchange Online Protection & what is available within Office 365 E3/E4.

What’s the difference?

  • Exchange Online Protection is essentially designed to protect against known threats. (SPAM, viruses, malware)
  • Exchange Online Advanced Threat Protection is designed to protect against unknown threats & zero-day attacks.

I know what you’re thinking:

“We don’t care about whether the threats are known or unknown.  We want to be protected against ALL threats.  Why is this a separate charge?”

As I understand it, the reason this is a separate optional service, is that it’s not computationally cheap.

  • HYPERVISOR ISOLATION & CLOUD-COMPUTE MACHINE LEARNING
    The kind of resources that this sort of message protection requires involves leveraging a hypervisor-based environment per “unknown” where the threat can be analyzed.  Additionally, it leverages cloud-based machine learning & scale-out behavioral analysis techniques that are otherwise not available to typical on-premise services or online filtering services.  This isn’t just some service that gets loaded on a server with downloadable malware/spam definition catalogs:  It is fully dependent on Microsoft’s massive cloud compute farm for virtualization and machine learning compute services.
  • JUST-IN-TIME URL ANALYSIS
    To add to the workload complexity of this “unknown threat analysis”, every link in an email is followed through to its source at the time of the user’s click.  You’ve seen redirected links that redirect to other links, etc. to mask the source URL that would otherwise be detected by “known bad URL” filtering services like EOP.  These redirected links are individually followed to their final source URL at the time of the user’s click and evaluated for safety.  “At the time of the user’s click” is important because criminals will often change the destination of the redirected URL to something malicious after an email has passed a company’s SPAM filters.  This is a computationally expensive exercise (think of how many links your emails have that are redirected, if not by bit.ly or tinyurl, but by the service’s own redirection service)

Read more about Exchange Online Advanced Threat Protection at the announcement page:


Categories

%d bloggers like this: