Securonix for Microsoft Office 365

Secure Your Office 365 Implementation Against Data Leakage and Advanced Threats

The adoption of Microsoft Office 365 continues to grow at an exponential pace. While Office 365 enables businesses to be more efficient, it is also a high-value target for cyber criminals. The security controls organizations have in place for on-premise protection are not effective at protecting cloud applications. Some of the most common threats to Office 365 environments include phishing, password attacks, account takeover, and data leakage. These threats can be perpetrated by external attackers or malicious insiders with legit privileges.

office1A

Streamlined Integration

Direct API integration allows you to collect relevant events.

Context Enrichment

Data is enriched then analyzed to fulfill your specific use case.

Threat Modeling

Detect suspicious behavior patterns which indicate an advanced cyberattack.

Advanced Threat Monitoring

Seamlessly monitor and prevent advanced cyber threats.

Securonix Integration with Office 365

Securonix has built-in API integration with Office 365 to collect data from SharePoint Online, OneDrive, Exchange Online, and Azure AD.

Events collected include:

  • SharePoint admin events
  • File sharing and download activity
  • Outlook email activity
  • Exchange configuration events
  • Azure AD authentication events
API Integration Pre-requisites
Account DetailsEmail Address, Password
Account PrivilegesAdmin
Account TypeRead-Only
Connection ParametersTenant ID for Cloud
License Key
License Code
Client ID for Cloud
office1C

Securonix Use Cases for Office 365

Securonix collects data from Office 365 and enriches it with user and entity context. Enriched events are then analyzed for behavioral anomalies using various machine learning algorithms.

Common use cases include:

  • Detect suspicious file sharing, permission changes, downloads
  • Detect account compromise
  • Identify phishing attempts
  • Identify suspicious email patterns
  • Spot unauthorized exchange permission changes
  • Detect credential sharing
  • Identify privileged account misuse
  • Locate insider threats
  • Identify suspicious login events
  • Detect password attacks

Securonix Threat Modeling

Individual anomalies can be important, but finding patterns based on a series of anomalies is critical. Securonix uses behavior-based analytics to detect suspicious behaviors such as a rare login location or a spike in email forwards.

Direct API integration with Office 365, Azure AD, and other cloud sources provides the Securonix solution with the relevant event logs. Securonix correlates events with contextual information from other on-premises data feeds, such as Active Directory watchlists. Securonix threat modeling then automatically stitches together related anomalies over a period of time to detect and prioritize high risk threats.

Consider the scenario outlined to the right. Insiders, in this case contractors, used shared accounts and credentials to access the Office 365 infrastructure prior to their contract termination. They used these shared credentials to access Office 365 from multiple access points and exfiltrate sensitive data and project documents.

In this scenario, the Securonix threat model for Office 365 would detect and prioritize the threat based on the applicable indicators.

Securonix also has similar threat models to detect cyber threats such as phishing and account takeover.

office1D
office1E

Monitoring Office 365 Using Securonix

Securonix enables end-to-end monitoring and visualization of your Office 365 environment to prevent against advanced insider and cyber threats. Securonix provides you with dashboards to visualize your Office 365 environment, so you can monitor for events and violations. The dashboards are shareable and can be customized as needed.

With direct API integration and out-of-the-box use cases for SharePoint, Exchange, and Azure AD, organizations can rapidly deploy the Securonix solution and see immediate value. The SNYPR Cloud Platform enables organizations to have a full SaaS setup that can directly integrate with, and monitor, Office 365 and other cloud services.

Securonix Fusion Partner Program

Securonix Fusion Partners are committed to providing you with robust integrated solutions.