Forum Discussion
Advanced Threat Protection Looking for Reviews
Thanks David. I also think that with the spoof intelligence feature and low false positive quarantine feature I read in another posts, ATP has improved from beginning of last year.
There is another solution Mimecast that i am evaluating and i find it superior but the cost is also higher (3.5x) compared with Microsoft ATP. I also wondering if having another vendor solution in the middle would make us be hybrid and not officially supported by Microsoft if we ever face an issue with e-mails.
John
What about E-mail delays? Have you tested average time with ATP with safe attachments ON?
How does the Safe link feature works for you? now that Microsoft rewrites the links and you cannot hover over to see what it is?
Thanks,
Javier
Javier,
We have not tested average time with ATP set up. I know I have noticed there is a slight delay, but I would say no more than a minute or two extra. As you mentioned, it does change the URL in email messages to a Microsoft site. No issues with that process either.
Sorry, I was away from forums for a bit and catching up....
John
Safe Attachments - as with any sandboxing solution, there is a delay with email delivery when attachments are present. For us, its been anywhere up to a minute or two at the most. ATP's performance has improved quite a bit over the past few years, so no complaints on that here.
For Safe Links - I honestly have not really noticed much from it. While it may help and block access to malicious or compromised sites at some point, its not something I have seen in action over the past few years as I have Safe Attachments. Right now, the biggest thing I have to contend with on Safe Links is that the rewritten URL can make it difficult for end users to spot a spammed link.
We happen to use KnowBe4 for security awareness training efforts, and their material (as most other material I have seen in this arena) talks about how to spot spammed or spoofed email - and hovering over links to see where they actually point is always recommended. With Safe Links rewriting the URL's, it makes it harder to spot the target.
Thanks David. I also think that with the spoof intelligence feature and low false positive quarantine feature I read in another posts, ATP has improved from beginning of last year.
There is another solution Mimecast that i am evaluating and i find it superior but the cost is also higher (3.5x) compared with Microsoft ATP. I also wondering if having another vendor solution in the middle would make us be hybrid and not officially supported by Microsoft if we ever face an issue with e-mails.
- Javier,
For sure one of the main reasons we chose to use ATP was for its low cost... it was a very valuable addition to our protection and the low cost made it an easy sell to management. We looked at Mimecast and others, but stuck with ATP for that reason. I would not use more than one "network based" (for lack of a better term) sandboxing solution at a time... but we did add additional protections to our endpoints (desktops, laptops, etc.) using Check Point's SandBlast Agent. This way, if a zero-day threat does make its way through ATP, we have another layer of protection at the endpoint itself. We also wanted to account for other points of entry, like USB drives, or if a user accesses their personal email and opens a malicious attachment or link from there.
Good Luck!
