University tackles malware with Office 365 Advanced Threat Protection

Today’s post was written by Ren Flot, chief information security officer and director of cyber security at Georgia State University.

georgia-state-university-tackles-malware-pro-pixAs the chief information security officer at Georgia State University, my job is focused on balancing the needs of an academic community—where faculty and students value broad access and flexibility in online research—with the security requirements of a large enterprise. Advancing both these requirements calls for a proactive approach to combating malware. In a threat landscape that is constantly changing, I look for products that can deliver effective protection, while helping us make efficient use of our cyber security team’s time and resources. To meet these needs, we acquired Office 365 Advanced Threat Protection to increase email security for our more than 55,000 students and more than 6,000 faculty and staff.

The cyber security team at Georgia State University had noticed a steady uptick in malware attacks, particularly phishing, and it felt like we were fighting fires every day. The security of our university community in digital spaces is an important priority, so we aimed to get ahead of the problem. It was clear that an additional layer of security was needed. To address the issue, we selected Advanced Threat Protection, because detection and protection against malware attacks would be handled within a Microsoft cloud environment, freeing up time for us to focus on other security and IT tasks.

After deploying the solution to a pilot group, we saw a significant reduction in the number of malicious emails reaching our users, and by the time we completed our implementation, we had reduced the number of emails that got through with malicious content by more than 2,000 messages over a five-month period. Today, Advanced Threat Protection has become an important part of the toolset that is helping us take a proactive stance against malware. This hosted email filtering solution also interoperates very smoothly with our Office 365 email system, providing a highly secure productivity platform.

And implementation was accomplished quickly and easily, with support from Microsoft FastTrack. Our team has also found the management controls and user-based settings available within the solution to be very configurable, an advantage given the range of user groups—faculty, staff and students—that we have to consider in the higher education environment. The Safe Links feature has been particularly useful in our environment, because students share a lot of links while working on projects, and it has performed well at helping prevent inadvertent access to malware through links and attachments. The solution is seamless from a user experience perspective, and the product is unobtrusive, working efficiently in the background.

Georgia State University’s security profile has been significantly enhanced as it relates to email through use of Advanced Threat Protection. Today, we have a solution that is nearly invisible, while providing staff and students a safer environment in which to work and study.

—Ren Flot