How to protect your business against security threats through Office 365 Threat Intelligence
Why does your company need to increase security against new threats?
As technology advances, so do security threats becoming sophisticated attacks increasingly difficult to detect and capable of crossing the company's perimeter firewalls. Despite the fact that many of our clients have solutions to protect the identity, the information and the dispositives, a new need is born to evolve security towards a more proactive model, focused on the ability to discover the attacker and stop his attacks, this is called smart security
But what is really smart security? It is the technology that based on powerful predictive analysis engines, is capable of analyzing large amounts of data from signals, evidence, contexts, indicators and processes and capable of creating a map that learns from itself and evolves in real time, reducing the time necessary to detect a security threat and thus facilitating the decision making regarding it.
The solution: The Office 365 smart security tool
Microsoft has an extensive repository of threat data and the techniques necessary to detect patterns that correspond to attack behavior; all this information supervised and managed by an exclusive center of the company with the best experts in cyber defense worldwide, is what feeds in real time the products and services of the company related to the safety of its customers.
Office 365 Threat Intelligence uses this collection of knowledge and intelligence to offer you a wide visibility of the most sophisticated threats, helping you to protect your networks, intercept and respond to security incidents through:
- Interactive tools that analyze and monitor systems for threats and suspicious content.
- Alerts and detailed information about the origin of the attacks against your company.
- Analysis of the prevalence and severity of threats.
- Suggestion of immediate corrective actions to respond to attacks and defend your company.
Threat Dashboard The main panel is an excellent resource for monitoring source signals, such as user activity, authentication, email, compromised computers and, in general, any suspicious activity.
Through the information that this view offers you can:
- Determine the nature of an attack: With detailed information about the malware and the family of origin.
- Determine the point of attack origin: Through a heat map that indicates the country of origin of the attack.
- Identify users who have been compromised: With detailed information about the threat and with the possibility of tracking a specific user.
- Create alert policies: To control the suspicious activities of your company.
- Get a global vision: Of the threats and trends throughout the world.
Office 365 Threat Intelligence also integrates with other Office 365 security features (such as Exchange Online Protection and Advanced Threat Protection ), which provides an analysis of key users, the frequency of malware and security recommendations related to your business.
Through the threat explorer view you get an in-depth analysis of the attacks directed to your organization helping you to apply the necessary corrective actions to defend your company.
From the browser you can see:
- A graph with the volume of attacks on your company over time: To analyze in depth the prevalence and danger of threats.
- A list of the main threats detected:
From this view you can click on a specific threat to see details about how it is impacting your organization, the affected users (recipients, sender addresses and IP addresses), along with a link to the malware family tab for details technicians, know what anomalous behaviors to look for and how to defend themselves in case of attack.
C electronic orreos suspects: To track campaigns phishing or malware targeted at users in your company. Also, from the incident list view, you can apply corrective actions, for example, delete malicious links or emails.
Obtain suspicious content activity reports: Through these reports you can track activities that put your company's security at risk, for example, confidential files that they share outside your organization and risky activities of users, for example , suspicious session starts.
Attack Simulator Administrators can simulate different threat scenarios to identify the most vulnerable users and evaluate the security settings of the company's systems in the event of a real attack.
This new capability of Microsoft's intelligent security tool offers companies the possibility to have their systems prepared for any security incident.
This new capacity helps companies to see clearly the campaigns and global attacks or your organization, as well as the possibility of exploring them to know them in detail and take remediation actions in case of need.
The panel offers four categories:
- Featured Campaigns or Noteworty Campaigns: This view monitors the big known attacks, such as the WannaCry ransomware attack or the Petya malware attack. Through this panel, the IT department can quickly review and evaluate threats and their impact.
- Campaign Trends: This view monitors e-mail threats that affect the company's Office 365 environment, exposing user-level malware trends, identifying attack families, and providing advanced information to administrators about the threats that require the most Attention.
- Saved Queries and Tracked Queries: These views help administrators conduct more in-depth investigations, saving all searches in the Office 365 Threat Intelligence Explorer as queries in order to monitor and evaluate malware and phishing events. In addition, saved queries can be converted into tracked queries for continuous monitoring in a quick and easy way.
Office 365 threat intelligence is included in the Office 365 Enterprise E5 plan and You can also acquire it as an independent service.
If you want to see the tool in action, we invite you to visualize the demo of the product:
In addition to Office 365 Threat Intelligence, Microsoft has more solutions based on intelligent security, such as Azure Active Directory premium 2 that offers conditional access based on risks, analyzing anomalous behaviors (for example, logging in from very distant locations). in a time).
If you are an Office 365 client and you do not yet have your protected user's identity ( Azure Active Directory ), confidential information protection ( AIP ) and advanced protection for company mail ( ATP ), we recommend you start with them. 😊
Want to know more about Office 365 Threat Intelligence? Contact us!