Securonix for Microsoft Office 365
Secure Your Office 365 Implementation Against Data Leakage and Advanced Threats
The adoption of Microsoft Office 365 continues to grow at an exponential pace. While Office 365 enables businesses to be more efficient, it is also a high-value target for cyber criminals. The security controls organizations have in place for on-premise protection are not effective at protecting cloud applications. Some of the most common threats to Office 365 environments include phishing, password attacks, account takeover, and data leakage. These threats can be perpetrated by external attackers or malicious insiders with legit privileges.
Streamlined Integration
Direct API integration allows you to collect relevant events.
Context Enrichment
Data is enriched then analyzed to fulfill your specific use case.
Threat Modeling
Detect suspicious behavior patterns which indicate an advanced cyberattack.
Advanced Threat Monitoring
Seamlessly monitor and prevent advanced cyber threats.
Securonix Integration with Office 365
Securonix has built-in API integration with Office 365 to collect data from SharePoint Online, OneDrive, Exchange Online, and Azure AD.
Events collected include:
- SharePoint admin events
- File sharing and download activity
- Outlook email activity
- Exchange configuration events
- Azure AD authentication events
| API Integration Pre-requisites | |
|---|---|
| Account Details | Email Address, Password |
| Account Privileges | Admin |
| Account Type | Read-Only |
| Connection Parameters | Tenant ID for Cloud |
| License Key | |
| License Code | |
| Client ID for Cloud | |
Securonix Use Cases for Office 365
Securonix collects data from Office 365 and enriches it with user and entity context. Enriched events are then analyzed for behavioral anomalies using various machine learning algorithms.
Common use cases include:
- Detect suspicious file sharing, permission changes, downloads
- Detect account compromise
- Identify phishing attempts
- Identify suspicious email patterns
- Spot unauthorized exchange permission changes
- Detect credential sharing
- Identify privileged account misuse
- Locate insider threats
- Identify suspicious login events
- Detect password attacks
Securonix Threat Modeling
Individual anomalies can be important, but finding patterns based on a series of anomalies is critical. Securonix uses behavior-based analytics to detect suspicious behaviors such as a rare login location or a spike in email forwards.
Direct API integration with Office 365, Azure AD, and other cloud sources provides the Securonix solution with the relevant event logs. Securonix correlates events with contextual information from other on-premises data feeds, such as Active Directory watchlists. Securonix threat modeling then automatically stitches together related anomalies over a period of time to detect and prioritize high risk threats.
Consider the scenario outlined to the right. Insiders, in this case contractors, used shared accounts and credentials to access the Office 365 infrastructure prior to their contract termination. They used these shared credentials to access Office 365 from multiple access points and exfiltrate sensitive data and project documents.
In this scenario, the Securonix threat model for Office 365 would detect and prioritize the threat based on the applicable indicators.
Securonix also has similar threat models to detect cyber threats such as phishing and account takeover.
Monitoring Office 365 Using Securonix
Securonix enables end-to-end monitoring and visualization of your Office 365 environment to prevent against advanced insider and cyber threats. Securonix provides you with dashboards to visualize your Office 365 environment, so you can monitor for events and violations. The dashboards are shareable and can be customized as needed.
With direct API integration and out-of-the-box use cases for SharePoint, Exchange, and Azure AD, organizations can rapidly deploy the Securonix solution and see immediate value. The SNYPR Cloud Platform enables organizations to have a full SaaS setup that can directly integrate with, and monitor, Office 365 and other cloud services.
