Some companies are born with O365, some achieve the migration, and others have Microsoft 365 thrust upon them. Whichever category you’re in, the Microsoft 365 juggernaut cannot be ignored. The breadth of functionality, ease-of-access and integrated components make it a very convenient environment for companies to rely on.
But convenience has ever been the flipside of Microsoft 365 security – whether that’s locking your front door, or deploying multi-factor authentication. As Microsoft 365 is deployed, it brings with it a wealth of new, and existing, security challenges. Recent research found that 44% of organizations were victims of targeted email attacks launched via a compromised account1. There have been increasing reports of the ability to bypass single sign-on or MFA to brute force methods to steal corporate Microsoft Office 365 login credentials and log into enterprise systems [1].
Companies need efficient and cost-effective methods to detect such attacks. Unfortunately, many Office 365 migrations are undertaken without sufficient upfront analysis of the security implications. And once the migration is complete, there is relatively little willingness to invest further in something that has already cost a lot of time and money.
The normal model of detection – using SIEM or IDS technology supported by a sophisticated security team – cannot scale to Office 365 environment. Simply delivering the relevant logs for email into a SIEM can cost more than £1 million in licence fees alone. And the most galling point is that in 95% of breaches, it is the user who knows whether or not the anomalous behaviour is legitimate.
Technology which can detect unauthorised access to Office 365 in real-time, along with malicious configuration changes, and engage directly with the user to minimise time to detection and time to resolution. The platform has three key characteristics :
By treating logs as meaningful messages which can be analysed, the system can be much more efficient than searching for patterns in logs which are treated as unstructured data.
The only way to accurately identify breaches in a platform as broad as Microsoft 365 is to analyse behaviour for every single user or library individually, and have a unique profile for every user, library or other protected resource. No other approach can yield the necessary accuracy.
In the vast majority of cases, the user knows the answer – there is no need to engage a complex and expensive communication flow through technology and the security team only to say to the user “was this you?”. By providing accurate information, in user-centric language, with absolutely straightforward response options, users can easily, and cheaply, support breach detection and resolution.
By using MyDataSecurity approach, a company can massively expand its corporate defences, especially around Office 365, without increasing the size of the security team.
[1] https://info.digitalshadows.com/BECResearchReport_Reg-Homepage.html