How to protect your business from security threats using Office 365 Threat Intelligence
Why does your company need to increase security against new threats?
As technology advances, so do security threats turning into sophisticated attacks increasingly difficult to detect and capable of bypassing enterprise perimeter firewalls. Although many of our clients have solutions to protect the identity, the information and the devices, a new need is born to evolve security towards a more proactive model, focused on the ability to discover the attacker and stop his attacks, this is called smart security.
But what really is smart security? It is the technology that, based on powerful predictive analysis engines, is capable of analyzing large amounts of data from signals, evidence, contexts, indicators and processes and capable of creating a map that learns from itself and evolves in real time, reducing the time required to detect a security threat and thus facilitate decision-making regarding it.
The solution: the Office 365 smart security tool
Microsoft has an extensive repository of threat data and the techniques necessary to detect patterns that correspond to attack behaviors; All this information, supervised and managed by an exclusive company center with the best cyber defense experts worldwide, is what feeds the company's products and services related to the security of its customers in real time.
Office 365 Threat intelligence uses this collection of knowledge and intelligence to give you broad visibility into the most sophisticated threats, helping you protect your networks, intercept, and respond to security incidents through:
- Interactive tools that analyze and monitor systems for threats and suspicious content.
- Alerts and detailed information about the origin of the attacks on your company.
- Analysis of the prevalence and severity of threats.
- Suggestion of immediate corrective actions to respond to attacks and defend your company.
Threat dashboard The dashboard is an excellent resource for monitoring source signals such as user activity, authentications, email, compromised computers, and generally any suspicious activity.
Through the information that this view offers you, you can:
- Determine the nature of an attack: With detailed information on the malware and the family of origin.
- Determine the point of origin attack: Through a heat map that indicates the country of origin of the attack.
- Identify users who have been compromised: With detailed information on the threat and the ability to track a specific user.
- Create alert policies: To control suspicious activities in your company.
- Get a global view: Of threats and trends around the world.
Office 365 Threat intelligence is now part of Microsoft Defender for Office 365, formerly Office Advanced Threat Protection (ATP), providing an analysis of top users, malware frequency, and security recommendations related to your business.
Through the threat explorer view you get an in-depth analysis of the attacks directed at your organization helping you to apply the necessary corrective actions to defend your company.
From the browser you can view:
- A graph with the volume of attacks on your company over time: To analyze in depth the prevalence and danger of threats.
- A list of the main threats detected:
From this view you can click on a specific threat to see details on how it is impacting your organization, the affected users (recipients, sender addresses and IP addresses), along with a link to the malware family file for details. technicians, knowing what abnormal behaviors to look for and how to defend oneself in case of attack.
C orreos suspicious e: To track campaigns phishing or malware targeted at users in your company. Also, from the incident list view, you can take corrective actions, for example, remove malicious links or emails.
Obtain reports of suspicious content activities: Through these reports, you can track activities that put the security of your company at risk, for example, confidential files that are shared outside your organization and risky user activities, for example , suspicious logins.
Attack Simulator Administrators can simulate different threat scenarios to identify the most vulnerable users and assess the security configurations of company systems in the event of a real attack.
This new capacity of Microsoft's intelligent security tool offers companies the possibility of having their systems prepared for any security incident.
This new ability helps companies to clearly see global campaigns and attacks or your organization, as well as the possibility to explore them to know them in detail and take remediation actions if necessary.
The panel offers four categories:
- Featured Campaigns or Noteworty Campaigns: This view monitors large known attacks such as the WannaCry ransomware attack or the Petya malware attack. Through this dashboard, the IT department can quickly review and assess threats and their impact.
- Campaign Trends: This view monitors email threats affecting the company's Office 365 environment, showing user-level malware trends, identifying attack families, and providing advanced information to administrators on threats that require further Attention.
- Saved Queries and Tracked Queries: These views help administrators conduct deeper investigations, saving all searches performed in the Office 365 Threat Intelligence Explorer as queries so they can monitor and evaluate malware and phishing events. Additionally, saved queries can be converted to tracked queries for quick and easy ongoing tracking.
Office 365 Threat Intelligence is now part of Microsoft Defender for Office 365 , the combination of the two products make up Plan 2 of Defender for Office 365 that is included in Microsoft 365 Enterprise E5 and Office 365 Enterprise E5 . Likewise, you can purchase the product also as an independent service.
If you want to see the tool in action, we invite you to view the product demo:
In addition to Office 365 Threat intelligence, Microsoft has more solutions that are based on intelligent security, such as Azure Active Directory premium 2 that offers risk-based conditional access, analyzing anomalous behavior (For example, logging in from far away locations in a time).
If you are an Office 365 customer and you still do not have the identity of your users protected ( Azure Active Directory ), protection for confidential information ( AIP ) and advanced protection for company mail ( Defender for Office 365 ), we recommend that you start by them. 😊
Want to know more about Office 365 Threat Intelligence and Microsoft Defender for Office 365? Contact us!