Jan 31 2018
07:45 PM
- last edited on
May 24 2021
02:02 PM
by
TechCommunityAP
Jan 31 2018
07:45 PM
- last edited on
May 24 2021
02:02 PM
by
TechCommunityAP
We are looking at possibly adding Advanced Threat Protection. It sounds as though it is free for our students if we add it for our faculty/staff. Does it do a good job of blocking spam, phishing, etc.? We are reviewing other products such as Barracuda. Trying to find something that can protect our customers from the many phishing attempts that come through. Those are are using ATP, do you like it and would you recommend it to others?
Thank you!
John
Feb 01 2018 12:09 PM
We have the ability to use it for a couple of days. You can set it up first for a group of users. So you can see what is is doing. After that you can deploy it for al your users.
The results that I see that it is activly scanning all mails and links in the mails. I am waiting for scam mail to see it will protect me.
Maurits
Feb 01 2018 12:17 PM
Maurits,
Thank you! Yes, we did notice it could be set up for a trial period of 30 days. We are waiting on pricing as I believe it is free for students and then trying to figure out if FTE is based on Microsoft formula used for campus agreement or if it is another count. One way it will possibly be affordable for us and the other way it will likely not be affordable.
So you are still in evaluation period at this time? Are you comparing it to any other products? I know we are also comparing with Proof Point. We might have to go ahead and start the evaluation on ATP so we can see how it works. We watched a demo on Proof Point. Then with Barracuda we use to have their product years ago and it seemed fairly solid.
John
Feb 01 2018 12:22 PM
Hi John,
No, I am not on a trial period. We have the licsence for our school (Netherlands) But before implementing it organisation wide I am tryig it on a couple of accounts. I want to see what people will see when we implement it. Delay's in delevering.
Feb 09 2018 10:36 AM
ATP has worked pretty well for us. We added it mostly to combat zero-day malware and ransomware, which has been effective (no ransomware since enabled). I don't think ATP does anything for other spam or junkmail though. It is just a sandbox service that detects (and removes) malicious attachments / weaponized documents, etc.
Feb 09 2018 06:38 PM
Mar 28 2018 07:17 AM
What about E-mail delays? Have you tested average time with ATP with safe attachments ON?
How does the Safe link feature works for you? now that Microsoft rewrites the links and you cannot hover over to see what it is?
Thanks,
Javier
Mar 28 2018 07:56 AM
Safe Attachments - as with any sandboxing solution, there is a delay with email delivery when attachments are present. For us, its been anywhere up to a minute or two at the most. ATP's performance has improved quite a bit over the past few years, so no complaints on that here.
For Safe Links - I honestly have not really noticed much from it. While it may help and block access to malicious or compromised sites at some point, its not something I have seen in action over the past few years as I have Safe Attachments. Right now, the biggest thing I have to contend with on Safe Links is that the rewritten URL can make it difficult for end users to spot a spammed link.
We happen to use KnowBe4 for security awareness training efforts, and their material (as most other material I have seen in this arena) talks about how to spot spammed or spoofed email - and hovering over links to see where they actually point is always recommended. With Safe Links rewriting the URL's, it makes it harder to spot the target.
Mar 28 2018 08:17 AM
SolutionThanks David. I also think that with the spoof intelligence feature and low false positive quarantine feature I read in another posts, ATP has improved from beginning of last year.
There is another solution Mimecast that i am evaluating and i find it superior but the cost is also higher (3.5x) compared with Microsoft ATP. I also wondering if having another vendor solution in the middle would make us be hybrid and not officially supported by Microsoft if we ever face an issue with e-mails.
Mar 28 2018 08:52 AM
Apr 10 2018 09:43 AM
Javier,
We have not tested average time with ATP set up. I know I have noticed there is a slight delay, but I would say no more than a minute or two extra. As you mentioned, it does change the URL in email messages to a Microsoft site. No issues with that process either.
Sorry, I was away from forums for a bit and catching up....
John
Jul 09 2019 09:02 AM
What did you decide in the end? Office 365 ATP?
A recent report...
https://selabs.uk/download/enterprise/essp/2018/dec-2018-essp.pdf
...and
https://www.reddit.com/r/Office365/comments/9m4bhg/barracuda_security_essentials_mimecast_or_atp/
...makes me unsure about Office 365 ATP.
My organisation is in a quite similar situation to yourself - ATP [includes students for no additional cost] or something else.
Jul 09 2019 11:30 AM
@anwarmahmood2380We have not made a decision. We are looking at implementing SPF by the end of July which should help. I have not been involved in the conversation of SPF, but from what I am told, it would help with many of the spoofing and issues we are seeing with email.
We did decide to not use ATP from Microsoft. If I recall correctly, it worked, but was pricey. Been a little while, so I do not recall for sure.
Jul 09 2019 11:40 AM
@anwarmahmood2380@John Haverty
It is CND$2.60/user/month and main features to configure are "Safe links" and "safe attachments" where you can build policies. This extends not just Exchange online but also Sharepoint, One Drive and Teams.
We've been using it for more than a year with good results. Keep in mind that user training and other defense in depth approach should be also part of your security strategy.
Jul 09 2019 11:47 AM
@Javier Urdanivia, good to know. Thank you! I do not recall why we did not go with it. I know our security officer evaluated and determined it was not a good fit for us. I will see if I can check with him why it did not fit. I thought it was cost, but might have been for other reasons.
Mar 28 2018 08:17 AM
SolutionThanks David. I also think that with the spoof intelligence feature and low false positive quarantine feature I read in another posts, ATP has improved from beginning of last year.
There is another solution Mimecast that i am evaluating and i find it superior but the cost is also higher (3.5x) compared with Microsoft ATP. I also wondering if having another vendor solution in the middle would make us be hybrid and not officially supported by Microsoft if we ever face an issue with e-mails.