News

Microsoft Releases Office 365 Attack Simulation Training Capability

Certain subscribers to the Microsoft Defender for Office 365 service can now access a new "attack simulation training" feature, Microsoft announced this week.

Microsoft first introduced the feature ahead of last year's RSA Conference, but now it's at the general availability stage. The feature uses Terranova Security's tools to ward off phishing attacks. It shows up in the Microsoft 365 Security and Compliance Center management portal for IT pros.

Microsoft also has an Attack Simulator in Office 365 tool. However, the integration of Terranova's approach into the Microsoft Defender for Office 365 service appears to be an advancement since it includes end user training capabilities.

The idea behind the attack simulation training feature is for IT departments to set up the delivery of simulated phishing e-mails in an organization and get information on end user responses to them. Users get sent a somewhat friendly message when they get phished by this system, which points out what was overlooked. Terranova's solution includes a follow-up training aspect for these "compromised" end users so that they can be better aware of phishing and its attack methods.

The process of delivering simulated attacks and the subsequent training for end users is mostly automated. The IT department just selects the "payloads" to be delivered, which can be targeted to individuals or groups. The payloads, or phishing e-mails, are said to be generated based on the actual phishing e-emails that got sent to the organization. These e-mails get automatically collected by a so-called "payload harvester" that "neutralizes phish emails."  IT pros can further customize these payloads, if wanted.

Payloads can be created from scratch by IT pros, but Terranova's approach offers payloads designed to test specific phishing attack methods. There are payload options to test things like credential harvesting, malware attachments and malevolent links, for instance.

The attack simulation training feature provides statistics, as well. It offers a percentage on how successful an attack is predicted to be for a particular end user. That estimated number then gets compared against the actual success rate of the simulated attack. These aspects of the feature, and more, are described in this Microsoft Ignite session.

Microsoft previously indicated that "attack simulation training is a premium feature available to Microsoft Defender for Office 365 P2, Microsoft 365 E5 and Microsoft Security E5 license holders." Microsoft 365 E3 users only have access to a limited "trial" version of the attack simulation training feature.

The E3 trial version just showcases credential harvesting and the "ISA Phishing and Mass Market Phishing" training experiences. It doesn't include "any other phishing techniques, automated simulation creation and management, conditional payload harvesting, and the complete catalog of Terranova Security trainings," Microsoft's announcement indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

comments powered by Disqus