Measuring cloud-based anti-malware protection for office 365 user accounts

Abstract

Microsoft Office 365 user accounts were tested for the efficacy of anti-malware protection provided as part of the cloud-based components of Office 365 productivity software-as-aservice: Exchange, OneDrive, and SharePoint. Multiple threat types (malware binaries, infected documents, malicious hyperlinks) were applied through multiple attack vectors (e-mail, file transfers, social media posts). Cloud-based third party enhanced anti-malware protection is compared to the cloud-based self-protection provided by Microsoft Office 365. While the cloud-based user account self-protection provides protection comparable to endpoint-based anti-malware, the 3rd party protection is shown to provide significantly enhanced protection for file transfers to cloud-drives and for malicious links for all attack vectors.