What is an Advanced Persistent Threat?

An advanced persistent threat is one of the newer threats faced by the University. It is characterized by a person who is actively trying to compromise a specific target or group of users. They may use a targeted email phishing attack customized specifically for the University of Pittsburgh. Or they may take advantage of brand new security vulnerabilities for which no security updates or patches are available. After gaining access, they attempt to escalate their access until they reach the systems or data they are seeking. The attackers also make every effort to remain undetected so that they can maintain access to their target.

What can be done to protect against Advanced Persistent Threats?

The University’s Enterprise Spam and Virus Filter service (Exchange Online Protection) protects against general attempts to exploit security vulnerabilities through email. It utilizes a standard set of signature-based algorithms to detect harmful email content. But because advanced persistent threats are customized to attack a specific target (such as the University), general signature-based algorithms are less effective.

Microsoft Advanced Threat Protection is designed to address this problem. It integrates with Exchange Online Protection to enhance security and help protect against advanced persistent threats.

How does Advanced Threat Protection work?

Advanced Threat Protection includes two features that can help protect against targeted phishing attacks.

Safe Links

Safe Links evaluates the links in an email message in real time to determine whether they link to safe or harmful content. All links evaluated by Safe Links will be replaced by a longer URL that begins with https://na01.safelinks.protection.outlook.com, similar to the example shown below:

If the link is safe, you will be sent to the original address when you click on it. If the link is not safe, you will see a warning message indicating that the website you are trying to visit is harmful:

Safe Attachments

Safe Attachments is a feature that protects against harmful email attachments. It does not rely on signature-based algorithms, which are less effective against advanced persistent threats. Instead, Safe Attachments opens the attachments in a virtual environment and analyzes their behavior to determine whether they are harmful.

If the attachment is safe, it will be delivered to you along with the original email message. If the attachment is harmful, the email will be blocked and the message and attachment will not be delivered.

Please note that Safe Attachments does not analyze attachments in real time. This process may cause some minimal (measured in minutes) delay in delivery to you of email messages with attachments.

Frequently Asked Questions

Does Safe Links evaluate every link?

No. Safe Links evaluates links from external email addresses. It does not evaluate links in email messages that have been sent from an @pitt.edu email address.

Does Safe Attachments analyze an attachment every time I send it?

No. Safe Attachments will only analyze an attachment the first time that you send it. If you send the same attachment to someone later, it will not be analyzed a second time.

I want someone to be able to view my attachment right away. What can I do?

You can upload the file to pitt.box.com and share a link to the file> in the body of your email message. You can also upload a file to OneDrive for Business and share a link to the file>.