Article provided by Westcon
It seems hardly a day goes by without companies encountering a new threat to safeguard against. As businesses continue migrating to the cloud with collaborative solutions that better analyse their data, they are potentially opening their systems to more sophisticated attacks. This requires advanced threat protection (ATP) to help mitigate the risk of compromise.
ATP refers to the category of security solutions that defend against malware or hacking-based attacks targeting sensitive data. While ATP solutions differ in what they offer, most include a combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralised management console. Essentially, this, therefore, focuses on protecting every entry point into the corporate network.
“This, more comprehensive security solution, introduces an element of automation to defend against both known and unknown attacks proactively. It does so by leveraging the high-performance computing capabilities of cloud-based data centres to inject ATP with artificial intelligence (AI) capabilities. These learn from previous incidents and can detect patterns for potential future ones,” says Prebashini Reddy, Microsoft Cloud Solution Provider (CSP) Product Manager at Westcon-Comstor Sub-Saharan Africa.
Using AI, ATP dynamically adapts to the evolving threat landscape without requiring any user intervention. IT teams can even install the software on top of existing hardware solutions to further enhance their defensive capabilities.
“Advanced threats target specific weaknesses in the company network. Unlike more generalised attacks, these are built around trying to find specific data in a business using very niche weak points. While spam can constitute a broad attack, things like spear phishing are geared towards a specific individual inside the company. These attacks require a fundamentally different approach to cybersecurity and one that can only be delivered through ATP,” says Pete Hill, executive director at Greendata.
Attack best form of defence
Solutions such as the Microsoft Office 365 ATP cloud-based email filtering service is an example of vendors looking at providing zero-day protection. This means it can help protect against vulnerabilities that have either not been discovered yet or are still waiting to be patched.
“The Office 365 ATP is not limited to Exchange in the cloud but can be configured to work with on-premise Exchange servers. Therefore, those companies who might have migrated other components of their business to the cloud, but prefer to manage email on-site, can now receive the same level of protection. Additionally, the filtering service manages malicious links in real-time and sends alerts to administrators to provide insights into the attacks happening against the company,” adds Reddy.
Research shows that an attack occurs every 39 seconds. So, using a solution such as Office 365 ATP that offers visibility about spam, malware, viruses, phishing attempts, malicious links, and other threats become an invaluable tool in the company’s ongoing battle to keep its data safe.
“Protection is just one part of the solution. Being able to access reports and understand why ATP flagged a threat and the users targeted can become an invaluable ally to spot trends and identify where action must be taken,” says Hill.
For example, the solution lets the business identify high-risk and abnormal usage within its Office 365 environment. This provides administrators with the control to set up even more detailed anomaly-detection polices. A spin-off to this is how the tool can be used to uncover Shadow IT of cloud apps in the company.
“Shadow IT typically revolves around the systems and apps used inside the company without explicit approval. Just think about all those consumer-friendly apps employees download on their corporate devices and the potential risks they bring into the company. Having ATP in place means the company can quickly identify these and take up the matter with the employees involved,” continues Reddy.
A big part of the ATP approach entails having integrated threat protection services in the business. More than just anti-virus and firewalls, this encompasses all aspects of the company infrastructure, including its data.
“In many respects, ATP is bringing about the introduction of the concept of intrinsic security. This means that the entire infrastructure of the organisation has cybersecurity built into it. It is also not only limited to new solutions but can be incorporated into existing ones as well. This reduces the complexity of managing cybersecurity while still giving the company the flexibility to remain innovative and analyse data stored in the cloud,” says Hill.
Furthermore, ATP protects against malicious hyperlinks embedded in email messages. So, even though company education might make employees aware to not open links sent to them from people they do not know, not everyone will do this and avoid phishing attacks. ATP either automatically rewrites the links to be safe or the system takes users to a warning page before allowing them to access the link.
“To be truly effective, ATP must form part of an ongoing review and assessment of the cybersecurity policies of the organisation. Even though it automates many elements around data protection, ATP is not bulletproof. Machine learning and deep analysis offer protection against sophisticated attacks. Still, if the solutions are not implemented properly and tie into continual user training, it will count for nothing,” says Reddy.
ATP significantly reduces the attack surface of businesses. This eliminates risky or even unnecessary attack vectors and restricts dangerous code from running. For example, if a company relies on the Internet of Things and has several connected devices feeding data back to the business, ATP can stop any malicious attacks that compromise the end devices from permeating through the network.
“We live at a time where next-generation protection will become part of standard operating procedure. This offers real-time, behaviour-based protection using AI and deep analysis to block a myriad of threats. Management must be willing to take the next step and embrace these solutions to better protect themselves against the increasingly sophisticated risks inherent to being connected round the clock. It simply requires making the decision to shore up cybersecurity further and become more sophisticated in the process,” concludes Hill.