LICOMPGUY
asked on
Safer for file transfers Teams or Dropbox with Sonicwall Cloud App Security?
I have a client that is using dropbox enterprise account with a product from Sonicwall called Cloud app security which scans all incoming files by as many as 30 scanning engines and can sandbox files 24x7x36
A client of mine is doing business with a company in india and they are PUSHING for using MS Teams for file transfer. I am thinking Dropbox with Cloud App Security is more secure. I have heard instances of viruses being transferred/malicous files via teams. Secondly, Microsoft is more of a target and their operating systems seem to be riddled with security issues.
I have very little teams experience - what do you guys think?
Thanks!
for a pairwise comparison, you likely need to have Teams with Defender compared with Dropbox with SW CAS. The former has slew of security capabilities as well beyond just scanning attachment. Can find out the list in https://docs.microsoft.com/en-us/microsoftteams/security-compliance-overview
Note that Teams is part of the Office 365 suite. For file transfer, you will likely be looking at Safe attachments. It is a feature in Microsoft Defender for Office 365 that uses a virtual environment to check attachments by anti-malware protection, but before delivery to recipients. More insight on Safe attachment - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mdo-for-spo-odb-and-teams?view=o365-worldwide
one caveat to note is Defender for Office 365 will not scan every single file in SharePoint Online, OneDrive for Business, or Microsoft Teams. This is by design. Files are scanned asynchronously. The process uses sharing and guest activity events along with smart heuristics and threat signals to identify malicious files. It is still too worst off.
good to find out the office plan that will come along with the teams, as it tends to come bundled with O365. may be an overkill if the intent is just using Teams. It may dwell down to cost.
For info on some FAQs - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-worldwide
Note that Teams is part of the Office 365 suite. For file transfer, you will likely be looking at Safe attachments. It is a feature in Microsoft Defender for Office 365 that uses a virtual environment to check attachments by anti-malware protection, but before delivery to recipients. More insight on Safe attachment - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mdo-for-spo-odb-and-teams?view=o365-worldwide
one caveat to note is Defender for Office 365 will not scan every single file in SharePoint Online, OneDrive for Business, or Microsoft Teams. This is by design. Files are scanned asynchronously. The process uses sharing and guest activity events along with smart heuristics and threat signals to identify malicious files. It is still too worst off.
good to find out the office plan that will come along with the teams, as it tends to come bundled with O365. may be an overkill if the intent is just using Teams. It may dwell down to cost.
Office 365 security builds on the core protections offered by EOP. EOP is present in any subscription where Exchange Online mailboxes can be found (remember, all the security products discussed here are Cloud-based).
You may be accustomed to seeing these three components discussed in this way:
| EOP | Microsoft Defender for Office 365 P1 | Microsoft Defender for Office 365 P2 |
|---|---|---|
| Prevents broad, volume-based, known attacks. | Protects email and collaboration from zero-day malware, phish, and business email compromise. | Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training). |
For info on some FAQs - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-worldwide
How often are the malware definitions updated?
Each server checks for new malware definitions from our anti-malware partners every hour.
How many anti-malware partners do you have? Can I choose which malware engines we use?
We have partnerships with multiple anti-malware technology providers, so messages are scanned with the Microsoft anti-malware engines, two added signature based engines, plus URL and file reputation scans from multiple sources. Our partners are subject to change, but EOP always uses anti-malware protection from multiple partners. You can't choose one anti-malware engine over another.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey David
Thanks - we are totally on the same page, and it would not be good to trust in this case. I really appreciate your response
Thank you!!
Thanks - we are totally on the same page, and it would not be good to trust in this case. I really appreciate your response
Thank you!!
ASKER
btan
Wow - thanks for all the info, I will go through it over the weekend. In this case it will be the Outside Vendors Teams so our client will be in the dark as to what is in place from a security perspective and if it is configured in the most secure manor. Not sure about you, but not blown away by what I am seeing from Microsoft in terms of their zero days, patch issues, and defender is still not that mature, coupled with the fact that I think they are a huge target. But will reivew all you took the time to assemble for me!
Thank you
Wow - thanks for all the info, I will go through it over the weekend. In this case it will be the Outside Vendors Teams so our client will be in the dark as to what is in place from a security perspective and if it is configured in the most secure manor. Not sure about you, but not blown away by what I am seeing from Microsoft in terms of their zero days, patch issues, and defender is still not that mature, coupled with the fact that I think they are a huge target. But will reivew all you took the time to assemble for me!
Thank you
ASKER
Hey Jian
Thank you also so VERY much for taking the time for your detailed analysis and response. I thought Sonicwall also had Cloud App Security which you confirmed for Teams, and if it were my Clients Teams implementation - we can go that way, but it is the pushy outside vender that wants to use their teams, which again we would be blind to what if anything they have in place for security.
I guess an option would be for our client to consider implementing teams for file transfer, but they have already been using Dropbox Enterprise., and all the employees are familiar with it already.
I should say I dont have a ton of teams experience, not sure if that matters, other than I can't make the call if in some respects it is easier or more robust for file transfer etc..
Sure Teams is great for calls etc., but I guess I don't see/know why or IF it would be better if we already have Dropbox Enterprise in place with Cloud App Sec.
What I am thinking is they continue using Drop Box with CAS for file transfers and Teams for all other functions. You agree?
Thank you so much for your response it is appreciated!
Thank you also so VERY much for taking the time for your detailed analysis and response. I thought Sonicwall also had Cloud App Security which you confirmed for Teams, and if it were my Clients Teams implementation - we can go that way, but it is the pushy outside vender that wants to use their teams, which again we would be blind to what if anything they have in place for security.
I guess an option would be for our client to consider implementing teams for file transfer, but they have already been using Dropbox Enterprise., and all the employees are familiar with it already.
I should say I dont have a ton of teams experience, not sure if that matters, other than I can't make the call if in some respects it is easier or more robust for file transfer etc..
Sure Teams is great for calls etc., but I guess I don't see/know why or IF it would be better if we already have Dropbox Enterprise in place with Cloud App Sec.
What I am thinking is they continue using Drop Box with CAS for file transfers and Teams for all other functions. You agree?
Thank you so much for your response it is appreciated!
I don't know where you're getting your information re: windows defender as it is always in the top 5 AV products except for sites that are paid to promote a product like totalav .. it either rates the highest or simply doesn't show up at all. Norton has purchased Avast (unfortunately)
As for 0 day's no major vendor is immune. intel, amd, arm, apple, cisco, vmware .. Some are easy to fix others are either hard or can't be fixed.
As for 0 day's no major vendor is immune. intel, amd, arm, apple, cisco, vmware .. Some are easy to fix others are either hard or can't be fixed.
ASKER
Hey David
It has been doing well in test results/comparisons. You are right, didn't mean to knock it, To clarify - we simply wouldn't know how things are configured when done by an Outside vendor, and I guess lately not as trusting with what I have seen released from Microsoft at times.
Thank you.
It has been doing well in test results/comparisons. You are right, didn't mean to knock it, To clarify - we simply wouldn't know how things are configured when done by an Outside vendor, and I guess lately not as trusting with what I have seen released from Microsoft at times.
Thank you.
I will say there is no silver bullet. In fact, solution been targeted does means there is need to keep up with such attention. It is a chase for the industry.
That is why we go for defense in depth with layers of control. It is not just CASB that we are relying on. You have to take an architectural view and review the design of the setup from end user to end services.
No matter what, customer should recognise they are all SaaS and there are risk acceptance whichever was chosen.
Not taking any sides on the solutioning end, we just need to be pragmatic and security should remain as the enabler and not the driver. There are other consideration for the people competency, process rigor over SaaS and technology readiness in upkeeping with operations... eventually the cost and business value in longer run.
That is why we go for defense in depth with layers of control. It is not just CASB that we are relying on. You have to take an architectural view and review the design of the setup from end user to end services.
No matter what, customer should recognise they are all SaaS and there are risk acceptance whichever was chosen.
Not taking any sides on the solutioning end, we just need to be pragmatic and security should remain as the enabler and not the driver. There are other consideration for the people competency, process rigor over SaaS and technology readiness in upkeeping with operations... eventually the cost and business value in longer run.
ASKER
Super helpful info - thanks so much for all your help!!!
Using teams requires trust of the user sending the files.