Microsoft Office 365 Security Monitoring With Securonix
Secure Your Office 365 Implementation Against Data Leakage and Advanced Threats
The adoption of Microsoft Office 365 continues to grow at an exponential pace. While Office 365 enables businesses to be more efficient, it is also a high-value target for cyber criminals. The security controls organizations have in place for on-premises protection are not effective at protecting cloud applications. Some of the most common threats to Office 365 environments include phishing, password attacks, account takeover, and data leakage. These threats can be perpetrated by external attackers or malicious insiders with legit privileges.
Protect Your Sensitive Data
-
Detect threats as they emerge, giving security analysts time to mitigate.
-
Streamline the process of disabling access for compromised accounts.
-
Easily initiate actions to remediate any loss of information.
Streamlined Integration
Multi-point API integration allows you to collect relevant events from multiple data sources.
Context Enrichment
Events are enriched with additional context.
Threat Modeling
Detect suspicious behavior patterns which indicate an advanced threat.
Data Insights
Visualize activities and changes with customizable dashboards and reports.
Securonix Integration with Microsoft Office 365
Securonix has built-in API integration with Office 365 to collect data from SharePoint Online, OneDrive, Exchange Online, Azure AD, Outlook and Office 365 ATP.
Events collected include:
- SharePoint admin events
- File sharing and download activity
- Outlook email activity
- Exchange configuration events
- Azure AD authentication events
- OneDrive file operations
- Office 365 ATP threat alerts
Securonix Use Cases for Microsoft
Securonix collects data from Microsoft and enriches it with user and entity context. Enriched events are then analyzed for behavioral anomalies using various machine learning algorithms.
Common use cases include:
- Detect account compromise
- Identify phishing attempts
- Identify suspicious email patterns
- Spot unauthorized exchange permission changes
- Detect credential sharing
- Identify privileged account misuse
- Locate insider threats
- Identify suspicious login events
- Detect password attacks
- Detect advanced threats
- Detect suspicious file sharing, permission changes, downloads
Securonix Threat Modeling
Individual anomalies can be important, but finding patterns based on a series of anomalies is critical. Securonix uses behavior-based analytics to detect suspicious behaviors such as a rare login location or a spike in email forwards.
Direct API integration with Office 365, Azure AD, and other cloud sources provides the Securonix solution with the relevant event logs. Securonix correlates events with contextual information from other on-premises data feeds, such as Active Directory watchlists. Securonix threat modeling then automatically stitches together related anomalies over a period to detect and prioritize high risk threats.
In the scenario outlined to the right insiders, in this case contractors, used shared accounts and credentials to access the Office 365 infrastructure prior to their contract termination. They used these shared credentials to access Office 365 from multiple access points and exfiltrate sensitive data and project documents.
In this scenario, the Securonix threat model for Office 365 would detect and prioritize the threat based on the applicable indicators.
Securonix also has similar threat models to detect cyber threats such as phishing and account takeover.
Monitoring Office 365 Using Securonix
Securonix enables end-to-end monitoring and visualization of your Office 365 environment to prevent against advanced insider and cyber threats. Securonix provides you with dashboards to visualize your Office 365 environment, so you can monitor for events and violations. The dashboards are shareable and can be customized as needed.