Securonix Threat Modeling
Individual anomalies can be important, but finding patterns based on a series of anomalies is critical. Securonix uses behavior-based analytics to detect suspicious behaviors such as a rare login location or a spike in email forwards.
Direct API integration with Office 365, Azure AD, and other cloud sources provides the Securonix solution with the relevant event logs. Securonix correlates events with contextual information from other on-premises data feeds, such as Active Directory watchlists. Securonix threat modeling then automatically stitches together related anomalies over a period to detect and prioritize high risk threats.
In the scenario outlined to the right insiders, in this case contractors, used shared accounts and credentials to access the Office 365 infrastructure prior to their contract termination. They used these shared credentials to access Office 365 from multiple access points and exfiltrate sensitive data and project documents.
In this scenario, the Securonix threat model for Office 365 would detect and prioritize the threat based on the applicable indicators.
Securonix also has similar threat models to detect cyber threats such as phishing and account takeover.