Rutgers Connect: Advanced Threat Protection Deployment

As part of our commitment to provide better and more secure email to our community, OIT will soon deploy a new layer of email security for Rutgers Connect.   This product is named Office 365 Advanced Threat Protection (ATP) and acts as a second layer of protection for attachments and links included in email messages. This product has been in use and tested for the past two months by all the members of the Office of Information Technology as well as a number of IT professionals from other departments.

Starting on Monday, July 10th, 2017, all Rutgers Connect accounts will be covered by ATP technology, which adds two additional features to the existing layers of spam and malware filtering.

First, each attachment never seen before by Rutgers Connect is thoroughly checked for any possible malware components. The current malware and virus scanners analyze incoming attachments for known malware signatures. ATP adds a “zero day” protection against new and unknown threats; it captures the unknown attachment in a virtual environment and executes and interacts with its components just as a user might. This is done not only for all executables but also for Office files and all other file types likely to contain harmful macros, scripts, and other types of possible harmful data. For most users, this interaction will be transparent, although some messages may be delayed for a few seconds or minutes.  All attachments never before seen by Rutgers Connect will be scanned, including those attached to external and internal email messages. If ATP detects a malicious attachment, it will remove the attachment and deliver the email with a note regarding the removed attachment.

The second component of ATP will scan and follow all web addresses (URLs) arriving from outside Rutgers Connect for known malicious content, including both malware and phishing sites.  Additionally, all URLs will be wrapped in a redirecting layer. This will be the most visible change for most users. The benefit of this feature is that a phishing campaign or link containing harmful content that does not get identified at the time of delivery but gets marked as malicious at a later time can still be blocked if a user clicks on it in the future.  HTML-formatted mail hides the redirecting layer, but links viewed in plain text mail, or in HTML mail read in a text-only client, will be rewritten to link first to a safelinks.protection.outlook.com address and will likely be longer than the original URL. Non-harmful links will act normally when clicked on, while links identified as harmful will redirect the user to a warning page.

This second feature only applies, at this time, to messages sent from outside Rutgers Connect, although at some point in the future it may also apply to URLs contained in messages originating from inside Rutgers Connect. Also, particular links may be completely excluded from this feature, eliminating the link wrapping and rewrite for selected URLs.

The protections afforded by ATP also extends to Office 2016 ProPlus desktop applications. Harmful links found in Office documents will be protected by the same webpage-scanning and link-blocking technologies described above, adding a layer of protection to the desktop environment. In addition, if an attachment is found to be harmful, its signature is added to the regular antivirus scans of data stored in OneDrive for Business and SharePoint site hosted by Rutgers Connect.

While we recognize that some users may find the re-written URLs somewhat confusing, the technology behind ATP is a significant state of the art layer of protection that should greatly enhance the security of our users and systems.