Threat landscape
People go remote, files go to cloud
Files are on the move. On-premise file servers are disappearing, being replaced by cloud storage services. One of the major services providing cloud storage is Microsoft 365, in use by many organizations globally. Cloud collaboration services such as OneDrive have become more and more critical in getting the job done in a remote everything world.
Microsoft OneDrive (part of Microsoft 365) lets you access, share, and collaborate on your files from anywhere. OneDrive keeps you connected to your collaborators and connects your files across Microsoft 365 cloud services such as Teams and SharePoint.
Why is protecting OneDrive critical?
Cloud collaboration services can be open doors to your data
While OneDrive allows for easy file sharing, it also makes for an essential attack vector. Especially because the service’s popularity makes it a prime target for cyber criminals looking for a way in – to access your precious data or to spread malicious content like malware or ransomware.
When you add a preventive layer of protection to OneDrive, you reduce risk at an early stage of a cyber attack. When you block malicious content from entering your cloud file service, you ensure they don’t end up on your devices, and stop them from spreading from one user to the others either by the attackers hand or due to a human error. This is preventive cyber security in its most cost-effective form.
WithSecure™ Elements Collaboration Protection empowers your hybrid workforce to collaborate securely on OneDrive. It scans and analyzes files in your users’ personal OneDrive folders continuously for malicious content. OneDrive Protection capability wields a multi-stage content analysis to detect even the stealthiest zeroday malware that slips past Microsoft’s built-in filters through Teams chats or direct uploads. Autonomous and continuous scans analyze files on OneDrive when they are uploaded and whenever they are modified or new algorithms are applied.
In alignment with Microsoft 365’s integrated ecosystem, WithSecure™ Elements Collaboration Protection secures file sharing across OneDrive, Teams and SharePoint in an efficiently unified way. When a malicious file is detected in one service, the file is immediately quarantined across Sharepoint and OneDrive, minimizing risk and manual efforts for you.
What does OneDrive Protection do?
Keep malware and ransomware out of your OneDrive
WithSecure™ Elements Collaboration Protection uses the WithSecure™ Security Cloud for all its scanning and detection actions. The Security Cloud is the cornerstone of our security capabilities, and gathers real-time threat intelligence from tens of millions of security sensors across the globe and applies it almost instantly. Security Cloud’s threat intelligence evolves as new threats emerge, keeping you on top of the threat landscape. Data is collected from endpoints, pushed back to the global database, analyzed and correlated, and applied on devices across the globe. Our top analysts fine-tune detection logic relentlessly to provide you with high fidelity detections.
You can find more details in our Security Cloud whitepaper.
Whenever users share files in private or group Teams chats, they are stored in the user’s personal OneDrive folder. WithSecure™ Elements Collaboration Protection will then submit this to Security Cloud for analysis. If the file is considered a high-risk type, for example an executable program, the Security Cloud will perform additional deeper analysis. This may include executing it in an isolated environment, with no risk to the end user.
The Security Cloud will inform WithSecure™ Elements Collaboration Protection if it considers the file to be harmful. If it is, depending on how Elements Collaboration Protection is configured, it will be moved to Quarantine, alerted, or simply deleted. Quarantined files are not available via OneDrive or Teams chats.
The administrator can then review the items in Quarantine, and decide if they are harmful or not. If they wish to release the items from quarantine, they can do so, and they will immediately become available to OneDrive and Teams.
Actionable insights
OneDrive Protection handles files stored by your organization’s users, but files uploaded by an external contact remain on their own organization’s OneDrive.
To ensure the best possible security posture, we recommend using full WithSecure™ Elements suite. Your users will be protected by endpoint security capabilities when opening files shared from other organizations.
How do I take OneDrive Protection into use?
Hassle free deployment
If you have already configured WithSecure™ Collaboration Protection for your domain, it’s quick and easy to enable OneDrive Protection.
- Select Cloud services on the sidebar.
- In the row of the new connection, select Configure protection in the OneDrive column.
- In the page that opens, do the following:
- From the list of drives, select the drives that you want to protect.
- Note: You can filter the list by selecting one of the options from the drop-down menu: All, Protected, Unprotected, Unavailable, or Error.
- To add protection for an existing unprotected drive in your organization, select the drive from the list, and at the bottom of the page, select Turn on protection.
- The status of the site changes to "Protected".
Feature availability
You can enable your OneDrive Protection via WithSecure™ Elements Security Center today
OneDrive Protection is now available globally at no extra charge to our existing WithSecure™ Elements Collaboration Protection customers.
If you are not already a customer for WithSecure™ Elements Collaboration Protection, you can find out more about this product on our website.