The actions are the part where things get interesting. We are yet to see which actions will be available in production, but when Microsoft first spoke about the feature they were considering not only the “Move to Junk”, but also Soft and Hard Delete actions. At this point ZAP will be able to re-act upon the message, taking the appropriate action and putting it away from the user’s reach. You use the new feature to report the phishing messages, and few hours later all the bright lads at Microsoft come up with a certain way to detect and correctly mark those messages as spam/malware. While there are some action you can take to try and stop this attack, in this case you are simply being outwitted by the baddies. Being the smart guy he is, one of the users (Johny) detects something phishy about that message and reports it to your service desk or the administrative staff. Using the latest and greatest techniques, some bad person crafted up a very convincing message that is bypassing all the built-in protections in the service and hitting up the mailboxes of your users. So how exactly does it work? Imagine the following scenario: your company suddenly gets targeted by some phishing campaign. Once EOP identifies a new threat, it will now have the power to ‘creep back in’ to the user’s mailbox and change the status of the bad message that made it through the scans the first time around. Even the most advanced heuristics cannot keep up with all the different new types, and even though Microsoft uses several different engines to increase the chances of detection bad mail can still reach the end user. It’s no secret that no Malware or anti-spam engine is perfect – with the amount of new threats generated daily, false negatives (and positives) are bound to happen every now and then.
ZAP basically extends the malware scanning process to cover messages that have already made it through the EOP pipeline.
The most interesting feature we have seen in a while however is the Zero-hour Auto Purge, or ZAP. The Safety Tips, Phishing reporting and the option to block file attachments directly on the EOP level are also nice. Dynamic delivery of safe attachments will surely be welcomed by organizations that have enrolled Advanced Threat Protection, as one of the biggest complains they have is the delay in message delivery (or the occasional timeouts). Yesterday, Microsoft’s Shobhit Sahay announced some new and interesting features that will soon start rolling out for Exchange Online (Protection) customers.
0 kommentar(er)
