Automated Incident Response capabilities are now available for the Microsoft Office 365 Advanced Threat Protection (ATP) cloud-based email filtering service. Security teams can apply these capabilities to investigation and response workflows.
Two categories of Office 365 ATP Automated Incident Response capabilities are available:
- Automatic: Triggered when an end user reports a phishing email or clicks a malicious link, malware is detected after an email is delivered or a phishing email is identified when it reaches a user's inbox.
- Manual: Triggered from within Office 365 APT's Threat Explorer tool at any time for any email and related content (attachments or URLs).
Office 365 ATP Automated Incident Response is available via Office 365 ATP Plan 2, Office 365 E5 and Microsoft 365 E5 Security.
Barracuda: Office 365 Account-Takeover Attacks Among Fastest-Growing Email Security Threats
Office 365 account-takeover attacks represent “one of the fastest growing email security threats," according to an analysis of account-takeover attacks conducted by application delivery, data protection and security solutions provider Barracuda Networks.
The Barracuda analysis showed 29 percent of organizations had their Office 365 accounts compromised by hackers in March. It also revealed more than 1.5 million malicious and spam emails were sent from hacked Office 365 accounts.
DHS Offers Office 365 Security Recommendations
The U.S. Department of Homeland Security (DHS) recently offered the following recommendations to help organizations guard against Office 365 attacks:
- Use multi-factor authentication.
- Leverage unified audit logging.
- Activate mailbox auditing.
- Ensure Azure AD password sync is planned for and configured correctly.
- Disable legacy email protocols if not required or limit their use to specific users.
MSSPs also can provide security services to address Office 365 attacks. That way, MSSPs can protect organizations against phishing attacks and other email security threats.