Increase Cyber Security for Office 365
11th July 2019
Reading Time: 2 minutes
Improve Office 365 Cyber Security with Real time monitoring
As Office 365 and other cloud services extend the security perimeter to the individual user, it’s a challenge to identify intruders moving across the on premise, cloud, and mobile sections of your network ecosystem. By using stolen credentials, the number one attack vector behind breaches, attackers can remain undetected for months. Today’s monitoring solutions have no way to detect malicious lateral movement and data ex-filtration.
Our CYBERSHIELD platform integrates into the new Office 365 Management Activity API with its intruder analytics solution.
CYBERSHIELD builds a baseline understanding of a user’s behaviour in order to identify changes that would indicate suspicious activity and immediately alerts our Security Operations Centre. By collecting, correlating, and analysing data across all users and assets, including cloud applications, CYBERSHIELD automatically identifies suspicious behaviour.
Some examples of potential threats that can now be detected within Office 365:
- Advanced attacks: CYBERSHIELD automatically correlates user activity across network, cloud, and mobile environments. CYBERSHIELD can detect advanced attacks such as lateral movement from the endpoint to the cloud, including Office 365.
- Privileged user monitoring: Privileged users are often the ultimate target for intruders. CYBERSHIELD monitors Office 365 administrator accounts and alerts our security team of suspicious activity.
- Geographically impossible access: A key to protecting the environment is to be able to unify network, mobile, and cloud environments. For example, a customer would receive an alert if an employee’s cell phone synchronises email via Office 365 from Brazil within an hour of the same user connecting to the corporate VPN from Paris, clearly one of the connections cannot be legitimate.
- Account use after termination: CYBERSHIELD detects when a suspended or terminated employee accesses their Office 365 account, helping to stop stolen intellectual property and other business-critical information.
- Access to Office 365 from an anonymiser service: CYBERSHIELD correlates a constantly-updated list of proxy sites and TOR nodes with an organisation’s Office 365 activity, detecting attackers that are trying to mask their identity and location.
Once suspicious behaviour is detected on Office 365 or anywhere on the network ecosystem, our security team will investigate the users and assets involved, and determine the impact of the attack. CYBERSHIELD has visual investigation capabilities, so we can combine asset and user data on a timeline to quickly investigate and contain the incident.
Wizard Cyber CYBERSHIELD
CYBERSHIELD is in part an intruder analytics solution that gives you the confidence that we can detect and investigate security incidents faster. The CYBERSHIELD solution has many features and benefits but in order to improve Office 365 cyber security and add real time monitoring MDR-NETWORK or MDR-COMPLETE would be required. Only CYBERSHIELD gives the quality alerts without the noise, enables our entire team to investigate an incident, and add user context. Unlike other solutions, CYBERSHIELD monitors activity not just on your network, but across endpoints, mobile devices and cloud no matter if they are on or off the network. CYBERSHIELD gives us instant visibility into user activity across your infrastructure.
CYBERSHIELD – How it works?
Wizard Cyber CYBERSHIELD uses the Office 365 Management Activity API to ingest the authentication data for users across the organisation. These logs are analysed and combined with network, endpoint, mobile, and attacker methodology, to detect intruders and risky internal behaviour. Incident alerts are automatically generated for further investigation by our Security Operations Centre. We can then look at all the data, request further information and isolate the user and/or asset within seconds and contain the threat.