Data lifecycle in Microsoft 365Lire l'article
06 June 2019
In this age of cloud and collaboration, fighting the digital threat demands a high budget. Tools such as the Office 365 suite, combined with new user behaviours, put additional pressure on CISOs and security teams by forcing them to manage an impossible and ever increasing amount of data.
The strength of collaboration tools is simultaneously their security weakness. The paradox is such that exploiting the tools to their maximum encourages actions that can jeopardize security: broad access to files or mailboxes, configuration changes, creation of automatic rules (such as email transfer), updated permissions, and much more.
The risks for the company are real, often invisible and frequently complex for security teams, from
Share, synchronise, access, configure,... so many common place operations performed daily by hundreds and thousands of employees. How can your security tools or SIEM quickly identify the real threats?
It is critical to know where the vulnerabilities are located, in order to report the "right alerts". The level of risk is related to several factors:
To identify the right alerts in their SIEM, IDECSI allows security managers to manage Office 365 risks based on
The IDECSI platform acts as an Office 365 preprocessor to the SIEM, based on expert knowledge of Office 365 and its applications. IDECSI alerts as soon as suspicious or potentially dangerous behaviour is detected (new access, change of configuration, suspicious sharing, etc.). For highly accurate and personalised detection, IDECSI establishes a profile for the normal use of the protected resource, through an automated learning phase.
IDECSI's technology correlates all relevant factors to assess risk: the user’s normal behaviour, the action taken, its context (geolocation, schedule, connection protocol, etc.), and the application concerned (what could the impact be?).
Thanks to automatic learning and personalized protection, only genuine issues are alerted and reported to the security team – in real time.
MyDataSecurity dashboard is a component of the IDECSI platform, it acts as a Personal SIEM. Each user can view, through a mobile or web interface, the list of people who access their resources (inbox, libraries,...) or who have the rights to access them. If the alerting function is activated, the user will be able to receive notifications of suspicious behaviour, (as configured by the security team).
The user can indicate if the alert is a breach or instead corresponds to a new acceptable use case. In the case of a legitimate operation, the user’s profile is automatically updated. In the case of a breach, the information is immediately forwarded to the security team.
This reduces false positives, allows constructive communication with the user and efficient event management.
This approach allows security managers to monitor the entire Office 365 estate while optimising the management of daily events and risks.
IDECSI collects and analyses logs without ever having access to the email or document content. The platform provides the most relevant and reliable information, which can be directly qualified by the user, ensuring that the security team only processes events relating to real issues.
Subscribe to our newsletter and receive new contents every month
These articles may