Hanover, Germany-based Hornetsecurity, a significant cybersecurity provider whose acquisition by Proofpoint was recently announced, has just made major enhancements to its Microsoft Teams Protection solution. Hornetsecurity has rolled out new functionality to address the increasing prevalence of Microsoft Teams as an attack vector, and thus help protect end users against the growing incidence of attacks through compromised accounts.
What exactly is new here? The new functionality gives administrators rapid response tools to remediate Microsoft Teams threats from directly within the platform. This significantly reduces security teams’ mean time to respond. Teams Protection also now has a new auto-remediation feature that addresses the fear of harmful content going undetected within Microsoft Teams. It warns users of malicious messages and empowers administrators to quickly address threats directly from a central, cloud-based Control Panel. It instantly detects malicious URLs shared via Microsoft Teams. It also gives administrators the visibility and power to immediately act on threats.
There was a time when Hornetsecurity’s Teams protection was limited, along with the rest of the cybersecurity industry.
“Our Teams protection was basically the same as everyone else,” said Alain Constantineau, Vice President, Sales in Canada. “It was just a feature in a product. That’s because Teams wasn’t a targeted vector like it is now, after it became too easy to impersonate. We all used to focus on endpoints – and we as an industry got very good at it. So the bad actors began to target Teams instead. There was no demand to protect Teams because there wasn’t much risk, since it wasn’t a vector if attacked.”
Constantineau said that the top players in cybersecurity are all pretty similar.
“There are 8-10 top companies that play in our sandbox, like Microsoft Defender and Sophos,” he stated. “We all do similar things, and we all do the same thing very well – but there will always some customers who look for the cheapest product.”
The Hornetsecurity Teams Protection solution is powered by its AI Cyber Assistant.
“Our AI Cyberassistant has a few different features,” Constantineau said. “Our security analyst feature identifies false positives, and we also have an LLM. The second feature reports bad emails, although the problem can usually be solved on its own. The third feature is AI Recipient Validation (AIRV), a Microsoft Outlook add-in that runs in the background to check emails for potential warnings before they are sent. This is not a DLP. It doesn’t stop you from doing things.”
As part of the AI Cyber Assistant, Teams Protection utilizes AI technology to provide optimal, ever-evolving protection. This includes smart patterns, which analyzes key features of URLs and pages to identify malicious content.
“Our AI looks at multiple levels of conversation, and looks at 1000 things, while a human can look at 10 things,” Constantineau indicated. “At the user level, everyone wants AI and they really shouldn’t.”
The Auto-Remediate feature is new. Administrators can delete entire conversations containing malicious messages and prevent their senders from logging into Teams, and automatically deletes chats where a malicious message has been found. The automatic remediation only works if the chat was created less than 10 minutes before the malicious message was sent, and the chat belongs to the customer’s Microsoft tenant. If the chat was started by an external user, the chat will not be deleted.
Teams Protection scans all Teams messages containing URLs and instantly issues a warning message in the conversation when it detects a suspicious link. Administrators then gain control, allowing them to manage all detected threats to their Teams tenant directly within the Control Panel.
“What differentiates us here from CyberAssistant or Auto-Remediate is our AI and its grouping of features, which don’t really overlap,” Constantineau noted. “There are three different products under our AI.MY AI Cyber Assistant umbrella. The security enhances our solutions with the latest AI and machine learning technology and automation.”
The new functionality provides administrators with rapid response tools to remediate Microsoft Teams threats directly within the platform.
“This is an agent, not a SOC,” Constantineau said. “We don’t offer a SOC. Some of our partners so, but it’s on the reseller side.”
Hornetsecurity’s machine learning algorithms analyze more than 47 characteristics of URLs and web pages.
“This is something else that is brand new,” Constantineau stated. “The machine learning adjusts to the user, and learns what the user does.”
The deep learning involves computer vision models analyzing images to extract relevant features used in phishing attacks, including brand logos, QR codes, and suspicious textual content embedded within images.
“It’s basically an advancement of machine learning, and will learn what I do,” Constantineau said.
The Auto-Remediate feature is new. Administrators can delete entire conversations containing malicious messages and prevent their senders from logging into Teams. They can also utilize the Auto-Remediate feature which automatically deletes chats where a malicious message has been found.
“What differentiates Teams Protection from CyberAssistant or Auto-Remediate is our AI and its grouping of features, which don’t really overlap,” Constantineau noted. “There are three different products under our AI.MY AI Cyber Assistant umbrella. The ultimate security enhances our solutions with the latest AI and machine learning technology and automation.”
The new functionality provides administrators with rapid response tools to remediate Microsoft Teams threats directly within the platform. Other key benefits include an automated way to detect suspicious Teams messages received by end-users, the ability for IT administrators to intervene in a conversation or even block a user to contain a threat, protection for end users by identifying suspicious URLs within Teams messages and warning them about this, and help for customers to better protect their tenant by warning of suspicious messages through a dedicated bot.
“Microsoft Teams is a high-value target for cyber attackers because it is so widely used as the key method of business communication and document sharing,” said Daniel Hofmann, CEO of Hornetsecurity. “Teams Protection helps bolster companies’ defence against bad actors who aim to exploit compromised accounts within a tenant. Rapid response tools are critical to ensuring business continuity, and this new release provides hands-on security support for administrators and end users, helping to streamline operations and ensure secure communication across the organization.”
What has become especially problematic, Hoffmann said, is that Teams is challenging email as a threat vector.
“Increasingly, we are seeing sensitive business being undertaken via Teams rather than traditional email, which creates a new vulnerability that modern businesses must be prepared for,” he stated. “Hornetsecurity is continually evolving its products to meet these emerging challenges head-on.”
The finalization of the purchase by Proofpoint is getting close, Constantineau said. It is also having an effect on the Canadian channel.
“Some partners are no longer transacting,” he noted. “Canada used to have 834 transacting partners, and it is-now just under 500.”