Coming Soon: Microsoft Defender for Office 365 Changes

Microsoft is updating Defender for Office 365 soon to help protect customers from embedded email threats while they are previewing quarantined emails. Microsoft is rolling out more quarantine management features that will help allow IT professionals and end users to better investigate quarantined emails:

• Quarantine folder policy and user release request workflow
• Customer organization branding
• Streamlined email submission from the quarantine portal
• Robust release of bulk quarantined emails
• Secured preview of quarantined emails
• Quarantine support for shared mailboxes

Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection) provides world-class protection for enterprise email accounts against  threats that include business email compromise and credential phishing. They even have some features that help with automated attack remediation.

These new enhancements should help limit risk to unwanted or malicious content by providing additional security controls to help block embedded threats to help prevent threat actors from knowing their intended victim has loaded an image or other embedded content in the quarantine preview.

“We’re changing the way users preview quarantined messages to provide additional security against embedded threats,” Microsoft explains on the Microsoft 365 roadmap. The idea is to provide some additional controls when previewing an email to make sure the threats are contained and the sender is less likely to know you have contained the suspicious email. With this change some components in quarantined messages will be distorted and not displayed by default. To see the full contents of the message, users can choose to reveal the full message.”

Other new features will allow for more control over quarantine items, release workflow options, corporate branding, and support for shared mailboxes.

Microsoft also plans on adding more intelligence around what kinds of attacks are targeting your business and options around how to deal with ongoing threats.

Understanding Internet Threat Maps

You usually see threat attack maps as background images on wall mounted televisions behind a talking head giving an interview to explain the internet is a dangerous place. Some people don’t take these types of displays seriously, usually because people don’t understand their limitations or because people put too much stock in what the simple display is attempting to visualize.

While threat maps can be entertaining, as with all information generated for non-technical people, the data is often too complex to be complete on one display.  While a threat map is mostly eye candy with limited context and almost no usable intelligence, there are some very creative ways they can be used to great effect.

One interesting way to use an animated threat map is in your SOC (Security Operations Center) to provide some context to the the global image of constant attacks and how the SOC is tasked with preventing a successful attack in your business. Many non-technical people don’t understand the volume and intensity of attacks, and this will help them understand the size of the cyber-security problem facing your business today.

Continue reading “Understanding Internet Threat Maps”