Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Advanced Threat Protection Looking for Reviews

Iron Contributor

We are looking at possibly adding Advanced Threat Protection. It sounds as though it is free for our students if we add it for our faculty/staff. Does it do a good job of blocking spam, phishing, etc.? We are reviewing other products such as Barracuda. Trying to find something that can protect our customers from the many phishing attempts that come through. Those are are using ATP, do you like it and would you recommend it to others?

 

Thank you!

 

John

 

14 Replies

We have the ability to use it for a couple of days. You can set it up first for a group of users. So you can see what is is doing. After that you can deploy it for al your users.

 

The results that I see that it is activly scanning all mails and links in the mails. I am waiting for scam mail to see it will protect me.

 

Maurits

Maurits,

 

Thank you! Yes, we did notice it could be set up for a trial period of 30 days. We are waiting on pricing as I believe it is free for students and then trying to figure out if FTE is based on Microsoft formula used for campus agreement or if it is another count. One way it will possibly be affordable for us and the other way it will likely not be affordable.

 

So you are still in evaluation period at this time? Are you comparing it to any other products? I know we are also comparing with Proof Point. We might have to go ahead and start the evaluation on ATP so we can see how it works. We watched a demo on Proof Point. Then with Barracuda we use to have their product years ago and it seemed fairly solid.

 

John

 

Hi John,

 

No, I am not on a trial period. We have the licsence for our school (Netherlands) But before implementing it organisation wide I am tryig it on a couple of accounts. I want to see what people will see when we implement it. Delay's in delevering.

ATP has worked pretty well for us. We added it mostly to combat zero-day malware and ransomware, which has been effective (no ransomware since enabled). I don't think ATP does anything for other spam or junkmail though. It is just a sandbox service that detects (and removes) malicious attachments / weaponized documents, etc.

We activated the trial for ATP. We targeted some accounts that have been repeat offenders and then our accounts too. So far no issues. I have noticed my junk mail has dropped considerably. I typically would have 10 - 15 messages in my junk folder each day and since implementing ATP on Tuesday or Wednesday this week, that number is more like 2 - 3 a day. Have not checked logs to see if it is filtering or archiving more messages, but so far liking what I am seeing.

John

 

What about E-mail delays? Have you tested average time with ATP with safe attachments ON?

How does the Safe link feature works for you? now that Microsoft rewrites the links and you cannot hover over to see what it is?

 

Thanks,

Javier

Safe Attachments - as with any sandboxing solution, there is a delay with email delivery when attachments are present. For us, its been anywhere up to a minute or two at the most. ATP's performance has improved quite a bit over the past few years, so no complaints on that here.

For Safe Links - I honestly have not really noticed much from it. While it may help and block access to malicious or compromised sites at some point, its not something I have seen in action over the past few years as I have Safe Attachments. Right now, the biggest thing I have to contend with on Safe Links is that the rewritten URL can make it difficult for end users to spot a spammed link. 

We happen to use KnowBe4 for security awareness training efforts, and their material (as most other material I have seen in this arena) talks about how to spot spammed or spoofed email - and hovering over links to see where they actually point is always recommended. With Safe Links rewriting the URL's, it makes it harder to spot the target.

best response confirmed by Deleted
Solution

Thanks David. I also think that with the spoof intelligence feature and low false positive quarantine feature I read in another posts, ATP has improved from beginning of last year.

There is another solution Mimecast that i am evaluating and i find it superior but the cost is also higher (3.5x) compared with Microsoft ATP. I also wondering if having another vendor solution in the middle would make us be hybrid and not officially supported by Microsoft if we ever face an issue with e-mails. 

Javier,
For sure one of the main reasons we chose to use ATP was for its low cost... it was a very valuable addition to our protection and the low cost made it an easy sell to management. We looked at Mimecast and others, but stuck with ATP for that reason. I would not use more than one "network based" (for lack of a better term) sandboxing solution at a time... but we did add additional protections to our endpoints (desktops, laptops, etc.) using Check Point's SandBlast Agent. This way, if a zero-day threat does make its way through ATP, we have another layer of protection at the endpoint itself. We also wanted to account for other points of entry, like USB drives, or if a user accesses their personal email and opens a malicious attachment or link from there.
Good Luck!

Javier,

 

We have not tested average time with ATP set up. I know I have noticed there is a slight delay, but I would say no more than a minute or two extra. As you mentioned, it does change the URL in email messages to a Microsoft site. No issues with that process either.

 

Sorry, I was away from forums for a bit and catching up....

 

John

 

@John Haverty 

What did you decide in the end? Office 365 ATP?

A recent report...

https://selabs.uk/download/enterprise/essp/2018/dec-2018-essp.pdf

...and

https://www.reddit.com/r/Office365/comments/9m4bhg/barracuda_security_essentials_mimecast_or_atp/

...makes me unsure about Office 365 ATP.

My organisation is in a quite similar situation to yourself - ATP [includes students for no additional cost] or something else.

 

@anwarmahmood2380We have not made a decision. We are looking at implementing SPF by the end of July which should help. I have not been involved in the conversation of SPF, but from what I am told, it would help with many of the spoofing and issues we are seeing with email.

 

We did decide to not use ATP from Microsoft. If I recall correctly, it worked, but was pricey. Been a little while, so I do not recall for sure.

 

@anwarmahmood2380@John Haverty 

It is CND$2.60/user/month and main features to configure are "Safe links" and "safe attachments" where you can build policies. This extends not just Exchange online but also Sharepoint, One Drive and Teams.

We've been using it for more than a year with good results. Keep in mind that user training and other defense in depth approach should be also part of your security strategy.

@Javier Urdanivia, good to know. Thank you! I do not recall why we did not go with it. I know our security officer evaluated and determined it was not a good fit for us. I will see if I can check with him why it did not fit. I thought it was cost, but might have been for other reasons.

 

1 best response

Accepted Solutions
best response confirmed by Deleted
Solution

Thanks David. I also think that with the spoof intelligence feature and low false positive quarantine feature I read in another posts, ATP has improved from beginning of last year.

There is another solution Mimecast that i am evaluating and i find it superior but the cost is also higher (3.5x) compared with Microsoft ATP. I also wondering if having another vendor solution in the middle would make us be hybrid and not officially supported by Microsoft if we ever face an issue with e-mails. 

View solution in original post