Forum Discussion

John Haverty's avatar
John Haverty
Iron Contributor
Jan 31, 2018
Solved

Advanced Threat Protection Looking for Reviews

We are looking at possibly adding Advanced Threat Protection. It sounds as though it is free for our students if we add it for our faculty/staff. Does it do a good job of blocking spam, phishing, etc...
microsoft 365
security
  • Javier Urdanivia's avatar
    Javier Urdanivia
    Mar 28, 2018

    Thanks David. I also think that with the spoof intelligence feature and low false positive quarantine feature I read in another posts, ATP has improved from beginning of last year.

    There is another solution Mimecast that i am evaluating and i find it superior but the cost is also higher (3.5x) compared with Microsoft ATP. I also wondering if having another vendor solution in the middle would make us be hybrid and not officially supported by Microsoft if we ever face an issue with e-mails. 

David Levine's avatar
David Levine
Brass Contributor
Mar 28, 2018

Safe Attachments - as with any sandboxing solution, there is a delay with email delivery when attachments are present. For us, its been anywhere up to a minute or two at the most. ATP's performance has improved quite a bit over the past few years, so no complaints on that here.

For Safe Links - I honestly have not really noticed much from it. While it may help and block access to malicious or compromised sites at some point, its not something I have seen in action over the past few years as I have Safe Attachments. Right now, the biggest thing I have to contend with on Safe Links is that the rewritten URL can make it difficult for end users to spot a spammed link. 

We happen to use KnowBe4 for security awareness training efforts, and their material (as most other material I have seen in this arena) talks about how to spot spammed or spoofed email - and hovering over links to see where they actually point is always recommended. With Safe Links rewriting the URL's, it makes it harder to spot the target.

Javier Urdanivia's avatar
Javier Urdanivia
Copper Contributor
Mar 28, 2018

Thanks David. I also think that with the spoof intelligence feature and low false positive quarantine feature I read in another posts, ATP has improved from beginning of last year.

There is another solution Mimecast that i am evaluating and i find it superior but the cost is also higher (3.5x) compared with Microsoft ATP. I also wondering if having another vendor solution in the middle would make us be hybrid and not officially supported by Microsoft if we ever face an issue with e-mails. 

  • David Levine's avatar
    David Levine
    Brass Contributor
    Mar 28, 2018
    Javier,
    For sure one of the main reasons we chose to use ATP was for its low cost... it was a very valuable addition to our protection and the low cost made it an easy sell to management. We looked at Mimecast and others, but stuck with ATP for that reason. I would not use more than one "network based" (for lack of a better term) sandboxing solution at a time... but we did add additional protections to our endpoints (desktops, laptops, etc.) using Check Point's SandBlast Agent. This way, if a zero-day threat does make its way through ATP, we have another layer of protection at the endpoint itself. We also wanted to account for other points of entry, like USB drives, or if a user accesses their personal email and opens a malicious attachment or link from there.
    Good Luck!