nobeastsofierce - Fotolia
As businesses make greater use of Office 365 in the cloud, the Microsoft platform is likely to see increasing attacks from hackers. This means IT needs a multi-layered approach to security.
“Email is intolerant to aggressive security decisions, which means you may quarantine an important business file such as a purchase order or bank account transfer information, which all have legitimate uses, and if they are lost, the effect can cost companies a lot of money,” he said.
This means IT security professionals tend to strike a balance on email scanning to prevent false positives, where legitimate email messages are quarantined. In Norton’s experience, attackers can play between the gaps in a security policy arising as a result of security professionals needing to balance the needs of the business with a strong IT security stance.
“The old advice people were given, such as ringing to confirm the legitimacy of an email, is not good practice,” he said. In the past, IT security professionals looked at products that ran checks based on file attributes, such as blocking executable files. But this type of analysis can easily be mistaken.
Read more about Office 365
- Office 365 is a cornerstone of office work, but how should IT manage the platform for mobile users? Find strategies to manage the software effectively in the enterprise.
- Gain a better understanding of Microsoft Office 365 security and storage management features and how the popular cloud-based productivity and collaboration suite really works.
Rather than attempt to scan emails using malware signatures to identify known attack vectors, Norton said: “We should not rely on static analysis anymore. We need to dynamically analyse files.”
Norton has written a short paper, Malscape snapshot: Malicious activity in the Office 365 cloud, describing the risks in Office 365, which warns that signature-based static malware analysis is not sufficient to protect users.
The document states: “For a threat to get through the extensive checks deployed by Office 365, it must deploy a multitude of deceptive techniques. Any anti-malware solution relying on signatures must make a choice: either they choose to cover an extended hash (leading to more false positives) or cover a smaller and more specific hash, which creates the risk of introducing false negatives.”
As Office 365 becomes more of a collaboration platform, it presents a bigger threat area for would-be attackers to target. Norton said: “People need to apply dynamic analysis on everything that comes into the environment and go through behavioural analysis before a file is considered safe.
“Sophisticated actors know Microsoft has a number of security controls in place, so they don’t send out malware campaigns that will get blocked,” he said. “In the enterprise, you tend to adopt a best-of-breed approach to security. This needs to continue in the cloud.”