How to protect your business against security threats using Office 365 Threat Intelligence
Why does your company need to increase security against new threats?
As technology advances, so do security threats becoming sophisticated attacks increasingly difficult to detect and capable of penetrating the company's perimeter firewalls. Even though many of our clients have solutions to protect the identity, the information and the dispositives, a new need is born to evolve security towards a more proactive model, centered on the ability to discover the attacker and stop his attacks, this is called smart security
But what is really smart security? Is the technology that based on powerful predictive analysis engines, is able to analyze large amounts of data from signals, evidence, contexts, indicators and processes and able to create a map that learns from itself and evolves in real time, reducing the time necessary to detect a security threat and thus facilitate decision-making regarding it.
The solution: The Office 365 smart security tool
Microsoft has an extensive repository of threat data and the techniques necessary to detect patterns that correspond to attack behavior; all this information supervised and also managed by an exclusive center of the company with the best experts in cyberdefense worldwide, is what feeds in real time the products and services of the company related to the safety of its customers.
Office 365 Threat Intelligence uses this collection of knowledge and intelligence to offer you a wide visibility of the most sophisticated threats, helping you to protect your networks, intercept and respond to security incidents through:
- Interactive tools that analyze and monitor systems for threats and suspicious content.
- Alerts and detailed information about the origin of the attacks to your company.
- Analysis of the prevalence and severity of threats.
- Suggestion of immediate corrective actions to respond to attacks and defend your company.
Threat Dashboard The main panel is an excellent resource for monitoring source signals, such as user activity, authentication, email, compromised computers and, in general, any suspicious activity.
Through the information that this view offers you can:
- Determine the nature of an attack: With detailed information about the malware and the family of origin.
- Determine the point of origin attack: Through a heat map that indicates the country of origin of the attack.
- Identify the users who have been compromised: With detailed information about the threat and with the possibility of tracking a specific user.
- Create alert policies: To control the suspicious activities of your company.
- Get a global vision: Of the threats and trends around the world.
Office 365 Threat Intelligence is now part of Office 365 Advanced Threat Protection providing an analysis of the main users, the frequency of malware and security recommendations related to your business.
Through the threat explorer view you get an in-depth analysis of the attacks directed at your organization helping you to apply the necessary corrective actions to defend your company.
From the browser you can see:
- A graph with the volume of attacks on your company over time: To analyze in depth the prevalence and danger of threats.
- A list of the main threats detected:
From this view you can click on a specific threat to see details about how it is impacting your organization, the affected users (recipients, sender addresses and IP addresses), along with a link to the malware family tab for details technicians, know what anomalous behaviors to look for and how to defend themselves in case of attack.
C electronic orreos suspects: To track campaigns phishing or malware targeted at users in your company. Also, from the incident list view, you can apply corrective actions, for example, delete malicious links or emails.
Obtain reports of suspicious content activities: Through these reports you can track activities that put your company's security at risk, for example, confidential files that they share outside your organization and risky activities of users, for example , suspicious session starts.
Attack Simulator Administrators can simulate different threat scenarios to identify the most vulnerable users and evaluate the security settings of the company's systems in case of a real attack.
This new capability of Microsoft's intelligent security tool offers companies the possibility to have their systems prepared for any security incident.
This new capacity helps companies to see clearly the campaigns and global attacks or your organization, as well as the possibility of exploring them to know them in detail and take remediation actions in case of need.
The panel offers four categories:
- Featured Campaigns or Noteworty Campaigns: This view monitors the big known attacks, such as the WannaCry ransomware attack or the Petya malware attack. Through this panel, the IT department can quickly review and evaluate threats and their impact.
- Campaign Trends: This view monitors e-mail threats that affect the company's Office 365 environment, showing user-level malware trends, identifying attack families, and providing advanced information to administrators about the threats that require the most Attention.
- Saved Queries and Tracked Queries: These views help administrators conduct deeper investigations, saving all searches in the Office 365 Threat Intelligence Explorer as queries to monitor and evaluate malware and phishing events. Likewise, saved queries can be converted into tracked queries for continuous monitoring quickly and easily.
Office 365 Threat Intelligence is now part of Office 365 Advanced Threat Protection , the combination of the two products forming part of Office 365 ATP plan 2 that is included in Microsoft 365 Enterprise E5 and Office 365 Enterprise E5 . You can also purchase the product as an independent service.
If you want to see the tool in action, we invite you to visualize the demo of the product:
In addition to Office 365 Threat Intelligence, Microsoft has more solutions based on intelligent security, such as Azure Active Directory premium 2 that offers conditional access based on risks, analyzing anomalous behaviors (for example, logging in from very distant locations). in a time).
If you are an Office 365 customer and you do not yet have your users' identity protected ( Azure Active Directory ), protection for confidential information ( AIP ) and advanced protection for company mail ( ATP ), we recommend you start with them. 😊
Want to know more about Office 365 Threat Intelligence and Office 365 ATP? Contact us!